Resolve "API to handle a Round"

ec62baa3 · Alexis POYEN · f4d5ae78 · ec62baa3 · ec62baa3 · ec62baa3
Commit ec62baa3 authored 4 years ago by Alexis POYEN
--- a/internal/models/desk.go
+++ b/internal/models/desk.go
@@ -55,14 +55,14 @@ func (d *DataHandler) handleDesk(w http.ResponseWriter, r *http.Request) {
 func (d *DataHandler) getDesk(w http.ResponseWriter, r *http.Request, id int) {
 	if id != 0 {
 		var o Desk
-		if err := d.db.First(&o, id).Error; err != nil {
+		if err := d.db.Preload("DeskRounds").First(&o, id).Error; err != nil {
 			http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
 			return
 		}
 		json.NewEncoder(w).Encode(o)
 	} else {
 		var o []Desk
-		d.db.Find(&o)
+		d.db.Preload("DeskRounds").Find(&o)
 		json.NewEncoder(w).Encode(o)
 	}
 }
@@ -89,7 +89,7 @@ func (d *DataHandler) postDesk(w http.ResponseWriter, r *http.Request) {

 func (d *DataHandler) putDesk(w http.ResponseWriter, r *http.Request, id int) {
 	var o Desk
-	if err := d.db.First(&o, id).Error; err != nil {
+	if err := d.db.Preload("DeskRounds").First(&o, id).Error; err != nil {
 		http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
 		return
 	}

--- a/internal/models/deskRound.go
+++ b/internal/models/deskRound.go
+package models
+
+func (d *DataHandler) createDeskRound(roundID uint, deskID uint) {
+	var o DeskRound
+	o.RoundID = roundID
+	o.DeskID = deskID
+	o.Completed = false
+	o.Validated = false
+
+	d.db.Create(&o)
+}
+
+func (d *DataHandler) deleteDeskRound(deskRound DeskRound) {
+
+	d.db.Delete(&deskRound)
+}
--- a/internal/models/models.go
+++ b/internal/models/models.go
@@ -82,6 +82,7 @@ type Desk struct {
 	Name        string
 	WitnessDesk bool
 	Subscribed  uint
+	DeskRounds  []DeskRound
 }

 // Party represent a political party or tendance
@@ -112,7 +113,7 @@ type Parameter struct {
 	CreatedAt         time.Time  `json:"-"`
 	UpdatedAt         time.Time  `json:"-"`
 	DeletedAt         *time.Time `json:"-"`
-	CountBalnkAndNull bool
+	CountBlankAndNull bool
 	ShowOnlyCompleted bool
 	ShowMap           bool
 }
@@ -125,9 +126,8 @@ type Round struct {
 	DeletedAt      *time.Time `json:"-"`
 	ElectionID     uint
 	Parameter      Parameter
-	Name           string
-	Date           time.Time
-	Tour           uint
+	Date           string
+	Round          uint
 	DeskRounds     []DeskRound
 	CandidateLists []CandidateList
 }
@@ -139,6 +139,7 @@ type DeskRound struct {
 	UpdatedAt      time.Time  `json:"-"`
 	DeletedAt      *time.Time `json:"-"`
 	RoundID        uint
+	DeskID         uint
 	Capturers      []Capturer `gorm:"many2many:capturer_deskrounds;"`
 	Completed      bool
 	DateCompletion time.Time
@@ -226,6 +227,8 @@ func (d *DataHandler) ProcessAPI(w http.ResponseWriter, r *http.Request) {
 		d.handleSection(w, r)
 	case "Desk":
 		d.handleDesk(w, r)
+	case "Round":
+		d.handleRound(w, r)
 	}

 }

--- a/internal/models/round.go
+++ b/internal/models/round.go
+package models
+
+import (
+	"encoding/json"
+	"net/http"
+	"strconv"
+	"strings"
+
+	"forge.grandlyon.com/apoyen/elections/internal/auth"
+)
+
+func (d *DataHandler) handleRound(w http.ResponseWriter, r *http.Request) {
+	id, _ := strconv.Atoi(strings.TrimPrefix(r.URL.Path, "/api/Round/"))
+	switch method := r.Method; method {
+	case "GET":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN", "CAPTURER", "VISUALIZER":
+			d.getRound(w, r, id)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+	case "POST":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN":
+			d.postRound(w, r)
+		case "CAPTURER", "VISUALIZER":
+			http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+
+	case "PUT":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN":
+			d.putRound(w, r, id)
+		case "CAPTURER", "VISUALIZER":
+			http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+	case "DELETE":
+		switch auth.GetLoggedUserTechnical(w, r).Role {
+		case "ADMIN":
+			d.deleteRound(w, r, id)
+		case "CAPTURER", "VISUALIZER":
+			http.Error(w, ErrorNotAuthorizeMethodOnRessource, http.StatusMethodNotAllowed)
+		default:
+			http.Error(w, ErrorRoleOfLoggedUser, http.StatusInternalServerError)
+		}
+	default:
+		http.Error(w, "method not allowed", 400)
+	}
+}
+
+func (d *DataHandler) getRound(w http.ResponseWriter, r *http.Request, id int) {
+	if id != 0 {
+		var o Round
+		if err := d.db.Preload("DeskRounds").Preload("CandidateLists").First(&o, id).Error; err != nil {
+			http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+			return
+		}
+		json.NewEncoder(w).Encode(o)
+	} else {
+		var o []Round
+		d.db.Preload("DeskRounds").Preload("CandidateLists").Find(&o)
+		json.NewEncoder(w).Encode(o)
+	}
+}
+
+func (d *DataHandler) postRound(w http.ResponseWriter, r *http.Request) {
+	var o Round
+	err := json.NewDecoder(r.Body).Decode(&o)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	d.db.Create(&o)
+	d.db.Last(&o)
+
+	var election Election
+	d.db.Preload("Areas").First(&election, o.ElectionID)
+	for _, area := range election.Areas {
+		d.db.Preload("Sections").First(&area, area.ID)
+		for _, section := range area.Sections {
+			d.db.Preload("Desks").First(&section, section.ID)
+			for _, desk := range section.Desks {
+				d.createDeskRound(o.ID, desk.ID)
+			}
+		}
+	}
+	json.NewEncoder(w).Encode(o)
+
+}
+
+func (d *DataHandler) putRound(w http.ResponseWriter, r *http.Request, id int) {
+	var o Round
+	if err := d.db.Preload("DeskRounds").Preload("CandidateLists").First(&o, id).Error; err != nil {
+		http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+		return
+	}
+
+	var round Round
+	err := json.NewDecoder(r.Body).Decode(&round)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	o.Date = round.Date
+	o.Round = round.Round
+	d.db.Save(&o)
+	json.NewEncoder(w).Encode(o)
+
+}
+
+func (d *DataHandler) deleteRound(w http.ResponseWriter, r *http.Request, id int) {
+	if id != 0 {
+		var o Round
+		if err := d.db.Preload("DeskRounds").Preload("CandidateLists").First(&o, id).Error; err != nil {
+			http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+			return
+		}
+
+		for _, deskRound := range o.DeskRounds {
+			d.deleteDeskRound(deskRound)
+		}
+
+		d.db.Delete(&o)
+	} else {
+		http.Error(w, ErrorIDIsMissing, http.StatusNotFound)
+	}
+}
--- a/internal/rootmux/admin_test.go
+++ b/internal/rootmux/admin_test.go
@@ -61,14 +61,25 @@ func AdminTests(t *testing.T) {
 		do("PUT", "/api/Section/1", xsrfHeader, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"5"}`, 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"5","Desks":[]}`)

 		// Create a Desk
-		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`)
+		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}`)
 		// Get the desk
-		do("GET", "/api/Desk/1", xsrfHeader, ``, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`)
+		do("GET", "/api/Desk/1", xsrfHeader, ``, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[]}`)
 		// Get all the desks
-		do("GET", "/api/Desk/", xsrfHeader, ``, 200, `[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}]`)
+		do("GET", "/api/Desk/", xsrfHeader, ``, 200, `[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[]}]`)
 		// Update a desk
-		do("PUT", "/api/Desk/1", xsrfHeader, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587}`, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587}`)
+		do("PUT", "/api/Desk/1", xsrfHeader, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587}`, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587,"DeskRounds":[]}`)

+		// Create a Round
+		do("POST", "/api/Round", xsrfHeader, `{"ElectionID":1,"Date":"2020-06-28","Round":1}`, 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":null,"CandidateLists":null}`)
+		// Get a Round
+		do("GET", "/api/Round/1", xsrfHeader, ``, 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}`)
+		// Get Rounds
+		do("GET", "/api/Round/", xsrfHeader, ``, 200, `[{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}]`)
+		// Update a Round
+		do("PUT", "/api/Round/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Date":"2020-07-28","Round":2}`, 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-07-28","Round":2,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}`)
+
+		// Delete a Round
+		do("DELETE", "/api/Round/1", xsrfHeader, ``, 200, ``)
 		// Delete a desk
 		do("DELETE", "/api/Desk/1", xsrfHeader, ``, 200, ``)
 		// Delete a section

--- a/internal/rootmux/capturer_test.go
+++ b/internal/rootmux/capturer_test.go
@@ -60,9 +60,9 @@ func CapturerTests(t *testing.T) {
 		// Create a section should fail with 405
 		do("POST", "/api/Section", xsrfHeader, `{"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
 		// Get a section
-		do("GET", "/api/Section/1", xsrfHeader, "", 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}]}`)
+		do("GET", "/api/Section/1", xsrfHeader, "", 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}`)
 		// Get all the sections
-		do("GET", "/api/Section/", xsrfHeader, "", 200, `[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}]}]`)
+		do("GET", "/api/Section/", xsrfHeader, "", 200, `[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}]`)
 		// Update a section should fail with 405
 		do("PUT", "/api/Section/1", xsrfHeader, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
 		// Delete a section should fail with 405
@@ -71,14 +71,24 @@ func CapturerTests(t *testing.T) {
 		// Create a desk should fail with 405
 		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 405, `You're not authorize to execute this method on this ressource.`)
 		// Get a desk
-		do("GET", "/api/Desk/1", xsrfHeader, "", 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`)
+		do("GET", "/api/Desk/1", xsrfHeader, "", 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}`)
 		// Get all the desks
-		do("GET", "/api/Desk/", xsrfHeader, "", 200, `[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}]`)
+		do("GET", "/api/Desk/", xsrfHeader, "", 200, `[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}]`)
 		// Update a desk should fail with 405
 		do("PUT", "/api/Desk/1", xsrfHeader, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587}`, 405, `You're not authorize to execute this method on this ressource.`)
 		// Delete a desk should fail with 405
 		do("DELETE", "/api/Desk/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

+		// Create a round should fail with 405
+		do("POST", "/api/Round", xsrfHeader, `{"ElectionID":1,"Date":"2020-06-28","Round":1}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Get a desk
+		do("GET", "/api/Round/1", xsrfHeader, "", 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}`)
+		// Get all the desks
+		do("GET", "/api/Round/", xsrfHeader, "", 200, `[{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}]`)
+		// Update a desk should fail with 405
+		do("PUT", "/api/Round/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Date":"2020-07-28","Round":2}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Delete a desk should fail with 405
+		do("DELETE", "/api/Round/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
 	}
 	// Do a in memory login with an known admin
 	do("POST", "/Login", noH, `{"login": "capturer","password": "password"}`, 200, "")

--- a/internal/rootmux/rootmux_test.go
+++ b/internal/rootmux/rootmux_test.go
@@ -53,8 +53,12 @@ func TestAll(t *testing.T) {
 	os.Setenv("AUTH_URL", oAuth2Server.URL+"/auth") // Set the server to access the correct OAuth2Endpoint
 	os.Setenv("USERINFO_URL", oAuth2Server.URL+"/admininfo")

-	resetData(t)
+	resetDataWithData(t)
 	appTests(t)
+	resetDataWithData(t)
+	deletionInCascadeTest(t)
+	resetDataWithData(t)
+	removeRoundRemoveDeskRoundsTest(t)
 	resetData(t)
 	AdminTests(t)
 	resetDataWithData(t)
@@ -90,12 +94,30 @@ func appTests(t *testing.T) {
 		// Add a capturer to an already bind UserID should fail
 		do("POST", "/api/Capturer", xsrfHeader, `{"UserID":2,"Name":"Capturer"}`, 500, `UserID is already bind to a Capturer`)

-		// Test deletion in cascade for generic election
-		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct"}`, 200, `{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":null,"Rounds":null}`)
-		do("POST", "/api/Area", xsrfHeader, `{"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 200, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":null}`)
-		do("POST", "/api/Section", xsrfHeader, `{"AreaID":1,"Name":"Section 1","MapID":"1"}`, 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}`)
-		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`)
+		// Verify that RoundDesks have been created on Round Creation
+		do("GET", "/api/Round/1", xsrfHeader, ``, 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}`)
+		do("GET", "/api/Desk/1", xsrfHeader, ``, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}`)
+
+	}
+	// Do an OAuth2 login with an known admin
+	do("GET", "/OAuth2Login", noH, "", 200, "<!DOCTYPE html>")
+	tests()
+	// Try to logout (must pass)
+	do("GET", "/Logout", noH, "", 200, "Logout OK")
+}
+
+func deletionInCascadeTest(t *testing.T) {
+
+	ts, do, _ := createTester(t)
+	defer ts.Close() // Close the tester
+	tests := func() {
+		// Get the XSRF Token
+		response := do("GET", "/api/common/WhoAmI", noH, "", 200, "")
+		token := auth.TokenData{}
+		json.Unmarshal([]byte(response), &token)
+		xsrfHeader := tester.Header{Key: "XSRF-TOKEN", Value: token.XSRFToken}

+		// Test deletion in cascade for generic election
 		do("DELETE", "/api/Election/1", xsrfHeader, ``, 200, ``)
 		do("GET", "/api/Area/1", xsrfHeader, ``, 404, `id is missing`)
 		do("GET", "/api/Section/1", xsrfHeader, ``, 404, `id is missing`)
@@ -107,7 +129,33 @@ func appTests(t *testing.T) {
 	tests()
 	// Try to logout (must pass)
 	do("GET", "/Logout", noH, "", 200, "Logout OK")
+}
+
+func removeRoundRemoveDeskRoundsTest(t *testing.T) {

+	ts, do, _ := createTester(t)
+	defer ts.Close() // Close the tester
+	tests := func() {
+		// Get the XSRF Token
+		response := do("GET", "/api/common/WhoAmI", noH, "", 200, "")
+		token := auth.TokenData{}
+		json.Unmarshal([]byte(response), &token)
+		xsrfHeader := tester.Header{Key: "XSRF-TOKEN", Value: token.XSRFToken}
+
+		// Remove a Round should remove all DeskRounds
+		// Verify DeskRounds creation
+		do("GET", "/api/Desk/1", xsrfHeader, ``, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}`)
+		// Delete a Round
+		do("DELETE", "/api/Round/1", xsrfHeader, ``, 200, ``)
+		// Verify DeskRounds doesnt exist anymore
+		do("GET", "/api/Desk/1", xsrfHeader, ``, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[]}`)
+
+	}
+	// Do an OAuth2 login with an known admin
+	do("GET", "/OAuth2Login", noH, "", 200, "<!DOCTYPE html>")
+	tests()
+	// Try to logout (must pass)
+	do("GET", "/Logout", noH, "", 200, "Logout OK")
 }

 func resetData(t *testing.T) {
@@ -158,8 +206,8 @@ func resetDataWithData(t *testing.T) {
 		do("POST", "/api/Election", xsrfHeader, `{"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct"}`, 200, `{"ID":1,"Name":"Grand Lyon 2020","BallotType":"metropolitan-direct","Areas":null,"Rounds":null}`)
 		do("POST", "/api/Area", xsrfHeader, `{"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 200, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":null}`)
 		do("POST", "/api/Section", xsrfHeader, `{"AreaID":1,"Name":"Section 1","MapID":"1"}`, 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}`)
-		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`)
-
+		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}`)
+		do("POST", "/api/Round", xsrfHeader, `{"ElectionID":1,"Date":"2020-06-28","Round":1}`, 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":null,"CandidateLists":null}`)
 	}
 	do("POST", "/Login", noH, `{"login": "admin","password": "password"}`, 200, "")
 	init()

--- a/internal/rootmux/visualizer_test.go
+++ b/internal/rootmux/visualizer_test.go
@@ -44,27 +44,38 @@ func VisualizerTests(t *testing.T) {
 		// Delete an election should fail with 405
 		do("DELETE", "/api/Election/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)

-		// Create an area should fail with 405
-		do("POST", "/api/Area", xsrfHeader, `{"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
-		// Get an area
-		do("GET", "/api/Area/1", xsrfHeader, "", 200, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}]}`)
-		// Get all the areas
-		do("GET", "/api/Area/", xsrfHeader, "", 200, `[{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1","Sections":[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":null}]}]`)
-		// Update an area should fail with 405
-		do("PUT", "/api/Area/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Name":"Area 1","SeatNumber":9,"MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
-		// Delete an area should fail with 405
-		do("DELETE", "/api/Area/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
-
 		// Create a section should fail with 405
 		do("POST", "/api/Section", xsrfHeader, `{"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
 		// Get a section
-		do("GET", "/api/Section/1", xsrfHeader, "", 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}]}`)
+		do("GET", "/api/Section/1", xsrfHeader, "", 200, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}`)
 		// Get all the sections
-		do("GET", "/api/Section/", xsrfHeader, "", 200, `[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}]}]`)
+		do("GET", "/api/Section/", xsrfHeader, "", 200, `[{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1","Desks":[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":null}]}]`)
 		// Update a section should fail with 405
 		do("PUT", "/api/Section/1", xsrfHeader, `{"ID":1,"AreaID":1,"Name":"Section 1","MapID":"1"}`, 405, `You're not authorize to execute this method on this ressource.`)
 		// Delete a section should fail with 405
 		do("DELETE", "/api/Section/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
+
+		// Create a desk should fail with 405
+		do("POST", "/api/Desk", xsrfHeader, `{"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Get a desk
+		do("GET", "/api/Desk/1", xsrfHeader, "", 200, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}`)
+		// Get all the desks
+		do("GET", "/api/Desk/", xsrfHeader, "", 200, `[{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":true,"Subscribed":9587,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}]}]`)
+		// Update a desk should fail with 405
+		do("PUT", "/api/Desk/1", xsrfHeader, `{"ID":1,"SectionID":1,"Name":"Desk 1","WitnessDesk":false,"Subscribed":3587}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Delete a desk should fail with 405
+		do("DELETE", "/api/Desk/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
+
+		// Create a round should fail with 405
+		do("POST", "/api/Round", xsrfHeader, `{"ElectionID":1,"Date":"2020-06-28","Round":1}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Get a desk
+		do("GET", "/api/Round/1", xsrfHeader, "", 200, `{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}`)
+		// Get all the desks
+		do("GET", "/api/Round/", xsrfHeader, "", 200, `[{"ID":1,"ElectionID":1,"Parameter":{"ID":0,"CountBlankAndNull":false,"ShowOnlyCompleted":false,"ShowMap":false},"Date":"2020-06-28","Round":1,"DeskRounds":[{"ID":1,"RoundID":1,"DeskID":1,"Capturers":null,"Completed":false,"DateCompletion":"0001-01-01T00:00:00Z","Validated":false,"Votes":null}],"CandidateLists":[]}]`)
+		// Update a desk should fail with 405
+		do("PUT", "/api/Round/1", xsrfHeader, `{"ID":1,"ElectionID":1,"Date":"2020-07-28","Round":2}`, 405, `You're not authorize to execute this method on this ressource.`)
+		// Delete a desk should fail with 405
+		do("DELETE", "/api/Round/1", xsrfHeader, ``, 405, `You're not authorize to execute this method on this ressource.`)
 	}
 	// Do a in memory login with an known admin
 	do("POST", "/Login", noH, `{"login": "visualizer","password": "password"}`, 200, "")