From 67c869e3acbdcdcc4c80b439ad53fa21af0e70b7 Mon Sep 17 00:00:00 2001
From: Max Hohlfeld <maxhohlfeld@posteo.de>
Date: Sun, 27 Apr 2025 20:37:45 +0200
Subject: [PATCH] test: lock and unlock user

refs #21
---
 ...nner_admin_can_lock_and_unlock_user-2.snap |  36 +++++
 ..._inner_admin_can_lock_and_unlock_user.snap |  36 +++++
 web/src/endpoints/user/put_lock.rs            | 137 ++++++++++++------
 3 files changed, 167 insertions(+), 42 deletions(-)
 create mode 100644 web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap
 create mode 100644 web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap

diff --git a/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap
new file mode 100644
index 00000000..f6b9047c
--- /dev/null
+++ b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap
@@ -0,0 +1,36 @@
+---
+source: web/src/endpoints/user/put_lock.rs
+expression: unlock_body
+snapshot_kind: text
+---
+<button class="button is-link is-light" hx-put="/users/1/lock"
+  hx-target="closest div" hx-swap="innerHTML">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#lock" />
+  </svg>
+  <span>Sperren</span>
+</button>
+
+<a class="button is-primary is-light" hx-boost="true" href="/users/edit/1">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#edit" />
+  </svg>
+  <span>Bearbeiten</span>
+</a>
+
+<button id="user-1-delete" class="button is-danger is-light" disabled
+  hx-delete="/users/1" hx-target="closest tr" hx-swap="delete" hx-trigger="confirmed">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#x-circle" />
+  </svg>
+  <span>Löschen</span>
+</button>
+
+
+<button class="button is-warning is-light" hx-post="/users/1/resend-registration">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#send" />
+  </svg>
+  <span>Registrierungsmail erneut senden</span>
+</button>
+<div id="user-1-locked" hx-swap-oob="true">nein</div>
diff --git a/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap
new file mode 100644
index 00000000..b2aa11c7
--- /dev/null
+++ b/web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap
@@ -0,0 +1,36 @@
+---
+source: web/src/endpoints/user/put_lock.rs
+expression: lock_body
+snapshot_kind: text
+---
+<button class="button is-link is-light" hx-put="/users/1/unlock"
+  hx-target="closest div" hx-swap="innerHTML">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#unlock" />
+  </svg>
+  <span>Entsperren</span>
+</button>
+
+<a class="button is-primary is-light" hx-boost="true" href="/users/edit/1">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#edit" />
+  </svg>
+  <span>Bearbeiten</span>
+</a>
+
+<button id="user-1-delete" class="button is-danger is-light" 
+  hx-delete="/users/1" hx-target="closest tr" hx-swap="delete" hx-trigger="confirmed">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#x-circle" />
+  </svg>
+  <span>Löschen</span>
+</button>
+
+
+<button class="button is-warning is-light" hx-post="/users/1/resend-registration">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#send" />
+  </svg>
+  <span>Registrierungsmail erneut senden</span>
+</button>
+<div id="user-1-locked" hx-swap-oob="true">ja</div>
diff --git a/web/src/endpoints/user/put_lock.rs b/web/src/endpoints/user/put_lock.rs
index 92e60e7b..9d2118a0 100644
--- a/web/src/endpoints/user/put_lock.rs
+++ b/web/src/endpoints/user/put_lock.rs
@@ -84,45 +84,98 @@ async fn handle_lock_state_for_user(
     Ok(HttpResponse::Ok().body(body))
 }
 
-// TODO: Tests schreiben
-// #[cfg(test)]
-// mod tests {
-//     use crate::utils::test_helper::{
-//         assert_snapshot, read_body, test_put, DbTestContext, RequestConfig, StatusCode,
-//     };
-//     use brass_macros::db_test;
-//
-//     #[db_test]
-//     async fn user_can_toggle_subscription_for_himself(context: &DbTestContext) {
-//         let app = context.app().await;
-//
-//         let unsubscribe_config = RequestConfig::new("/users/1/unsubscribeNotifications");
-//         let unsubscribe_response =
-//             test_put::<_, _, String>(&context.db_pool, &app, &unsubscribe_config, None).await;
-//
-//         assert_eq!(StatusCode::OK, unsubscribe_response.status());
-//
-//         let unsubscribe_body = read_body(unsubscribe_response).await;
-//         assert_snapshot!(unsubscribe_body);
-//
-//         let subscribe_config = RequestConfig::new("/users/1/subscribeNotifications");
-//         let subscribe_response =
-//             test_put::<_, _, String>(&context.db_pool, &app, &subscribe_config, None).await;
-//
-//         assert_eq!(StatusCode::OK, subscribe_response.status());
-//
-//         let subscribe_body = read_body(subscribe_response).await;
-//         assert_snapshot!(subscribe_body);
-//     }
-//
-//     #[db_test]
-//     async fn user_cant_toggle_subscription_for_someone_else(context: &DbTestContext) {
-//         let app = context.app().await;
-//
-//         let unsubscribe_config = RequestConfig::new("/users/3/unsubscribeNotifications");
-//         let unsubscribe_response =
-//             test_put::<_, _, String>(&context.db_pool, &app, &unsubscribe_config, None).await;
-//
-//         assert_eq!(StatusCode::UNAUTHORIZED, unsubscribe_response.status());
-//     }
-// }
+#[cfg(test)]
+mod tests {
+    use crate::{
+        models::{Area, Function, Role, User},
+        utils::test_helper::{
+            assert_snapshot, read_body, test_put, DbTestContext, RequestConfig, StatusCode,
+        },
+    };
+    use brass_macros::db_test;
+    use fake::{Fake, Faker};
+
+    #[db_test]
+    async fn admin_can_lock_and_unlock_user(context: &DbTestContext) {
+        let app = context.app().await;
+        User::create(&context.db_pool, Faker.fake()).await.unwrap();
+
+        let lock_config = RequestConfig {
+            uri: "/users/1/lock".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+        let lock_response =
+            test_put::<_, _, String>(&context.db_pool, &app, &lock_config, None).await;
+
+        assert_eq!(StatusCode::OK, lock_response.status());
+
+        let lock_body = read_body(lock_response).await;
+        assert_snapshot!(lock_body);
+
+        let unlock_config = RequestConfig {
+            uri: "/users/1/unlock".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+        let unlock_response =
+            test_put::<_, _, String>(&context.db_pool, &app, &unlock_config, None).await;
+
+        assert_eq!(StatusCode::OK, unlock_response.status());
+
+        let unlock_body = read_body(unlock_response).await;
+        assert_snapshot!(unlock_body);
+    }
+
+    #[db_test]
+    async fn area_manager_cant_lock_outside_of_his_area(context: &DbTestContext) {
+        let app = context.app().await;
+        Area::create(&context.db_pool, "Bereich 2").await.unwrap();
+        User::create(&context.db_pool, Faker.fake()).await.unwrap();
+
+        let config = RequestConfig {
+            uri: "/users/1/lock".to_string(),
+            role: Role::AreaManager,
+            function: vec![Function::Posten],
+            user_area: 2,
+        };
+
+        let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+        assert_eq!(StatusCode::UNAUTHORIZED, response.status())
+    }
+
+    #[db_test]
+    async fn one_cant_lock_oneself(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig {
+            uri: "/users/1/lock".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+
+        let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+        assert_eq!(StatusCode::BAD_REQUEST, response.status())
+    }
+
+    #[db_test]
+    async fn one_cant_lock_non_existing_user(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig {
+            uri: "/users/30/lock".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+
+        let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+        assert_eq!(StatusCode::NOT_FOUND, response.status())
+    }
+}