diff --git a/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap
new file mode 100644
index 00000000..f6b9047c
--- /dev/null
+++ b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap
@@ -0,0 +1,36 @@
+---
+source: web/src/endpoints/user/put_lock.rs
+expression: unlock_body
+snapshot_kind: text
+---
+
+
+
+
+ Bearbeiten
+
+
+
+
+
+
+nein
diff --git a/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap
new file mode 100644
index 00000000..b2aa11c7
--- /dev/null
+++ b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap
@@ -0,0 +1,36 @@
+---
+source: web/src/endpoints/user/put_lock.rs
+expression: lock_body
+snapshot_kind: text
+---
+
+
+
+
+ Bearbeiten
+
+
+
+
+
+
+ja
diff --git a/web/src/endpoints/user/put_lock.rs b/web/src/endpoints/user/put_lock.rs
index 92e60e7b..9d2118a0 100644
--- a/web/src/endpoints/user/put_lock.rs
+++ b/web/src/endpoints/user/put_lock.rs
@@ -84,45 +84,98 @@ async fn handle_lock_state_for_user(
Ok(HttpResponse::Ok().body(body))
}
-// TODO: Tests schreiben
-// #[cfg(test)]
-// mod tests {
-// use crate::utils::test_helper::{
-// assert_snapshot, read_body, test_put, DbTestContext, RequestConfig, StatusCode,
-// };
-// use brass_macros::db_test;
-//
-// #[db_test]
-// async fn user_can_toggle_subscription_for_himself(context: &DbTestContext) {
-// let app = context.app().await;
-//
-// let unsubscribe_config = RequestConfig::new("/users/1/unsubscribeNotifications");
-// let unsubscribe_response =
-// test_put::<_, _, String>(&context.db_pool, &app, &unsubscribe_config, None).await;
-//
-// assert_eq!(StatusCode::OK, unsubscribe_response.status());
-//
-// let unsubscribe_body = read_body(unsubscribe_response).await;
-// assert_snapshot!(unsubscribe_body);
-//
-// let subscribe_config = RequestConfig::new("/users/1/subscribeNotifications");
-// let subscribe_response =
-// test_put::<_, _, String>(&context.db_pool, &app, &subscribe_config, None).await;
-//
-// assert_eq!(StatusCode::OK, subscribe_response.status());
-//
-// let subscribe_body = read_body(subscribe_response).await;
-// assert_snapshot!(subscribe_body);
-// }
-//
-// #[db_test]
-// async fn user_cant_toggle_subscription_for_someone_else(context: &DbTestContext) {
-// let app = context.app().await;
-//
-// let unsubscribe_config = RequestConfig::new("/users/3/unsubscribeNotifications");
-// let unsubscribe_response =
-// test_put::<_, _, String>(&context.db_pool, &app, &unsubscribe_config, None).await;
-//
-// assert_eq!(StatusCode::UNAUTHORIZED, unsubscribe_response.status());
-// }
-// }
+#[cfg(test)]
+mod tests {
+ use crate::{
+ models::{Area, Function, Role, User},
+ utils::test_helper::{
+ assert_snapshot, read_body, test_put, DbTestContext, RequestConfig, StatusCode,
+ },
+ };
+ use brass_macros::db_test;
+ use fake::{Fake, Faker};
+
+ #[db_test]
+ async fn admin_can_lock_and_unlock_user(context: &DbTestContext) {
+ let app = context.app().await;
+ User::create(&context.db_pool, Faker.fake()).await.unwrap();
+
+ let lock_config = RequestConfig {
+ uri: "/users/1/lock".to_string(),
+ role: Role::Admin,
+ function: vec![Function::Posten],
+ user_area: 1,
+ };
+ let lock_response =
+ test_put::<_, _, String>(&context.db_pool, &app, &lock_config, None).await;
+
+ assert_eq!(StatusCode::OK, lock_response.status());
+
+ let lock_body = read_body(lock_response).await;
+ assert_snapshot!(lock_body);
+
+ let unlock_config = RequestConfig {
+ uri: "/users/1/unlock".to_string(),
+ role: Role::Admin,
+ function: vec![Function::Posten],
+ user_area: 1,
+ };
+ let unlock_response =
+ test_put::<_, _, String>(&context.db_pool, &app, &unlock_config, None).await;
+
+ assert_eq!(StatusCode::OK, unlock_response.status());
+
+ let unlock_body = read_body(unlock_response).await;
+ assert_snapshot!(unlock_body);
+ }
+
+ #[db_test]
+ async fn area_manager_cant_lock_outside_of_his_area(context: &DbTestContext) {
+ let app = context.app().await;
+ Area::create(&context.db_pool, "Bereich 2").await.unwrap();
+ User::create(&context.db_pool, Faker.fake()).await.unwrap();
+
+ let config = RequestConfig {
+ uri: "/users/1/lock".to_string(),
+ role: Role::AreaManager,
+ function: vec![Function::Posten],
+ user_area: 2,
+ };
+
+ let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+ assert_eq!(StatusCode::UNAUTHORIZED, response.status())
+ }
+
+ #[db_test]
+ async fn one_cant_lock_oneself(context: &DbTestContext) {
+ let app = context.app().await;
+
+ let config = RequestConfig {
+ uri: "/users/1/lock".to_string(),
+ role: Role::Admin,
+ function: vec![Function::Posten],
+ user_area: 1,
+ };
+
+ let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+ assert_eq!(StatusCode::BAD_REQUEST, response.status())
+ }
+
+ #[db_test]
+ async fn one_cant_lock_non_existing_user(context: &DbTestContext) {
+ let app = context.app().await;
+
+ let config = RequestConfig {
+ uri: "/users/30/lock".to_string(),
+ role: Role::Admin,
+ function: vec![Function::Posten],
+ user_area: 1,
+ };
+
+ let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+ assert_eq!(StatusCode::NOT_FOUND, response.status())
+ }
+}