test: lock and unlock user

refs #21

web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user-2.snap

@@ -0,0 +1,36 @@
+---
+source: web/src/endpoints/user/put_lock.rs
+expression: unlock_body
+snapshot_kind: text
+---
+<button class="button is-link is-light" hx-put="/users/1/lock"
+  hx-target="closest div" hx-swap="innerHTML">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#lock" />
+  </svg>
+  <span>Sperren</span>
+</button>
+
+<a class="button is-primary is-light" hx-boost="true" href="/users/edit/1">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#edit" />
+  </svg>
+  <span>Bearbeiten</span>
+</a>
+
+<button id="user-1-delete" class="button is-danger is-light" disabled
+  hx-delete="/users/1" hx-target="closest tr" hx-swap="delete" hx-trigger="confirmed">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#x-circle" />
+  </svg>
+  <span>Löschen</span>
+</button>
+
+
+<button class="button is-warning is-light" hx-post="/users/1/resend-registration">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#send" />
+  </svg>
+  <span>Registrierungsmail erneut senden</span>
+</button>
+<div id="user-1-locked" hx-swap-oob="true">nein</div>

web/snapshots/brass_web__endpoints__user__put_lock__tests__inner_admin_can_lock_and_unlock_user.snap

@@ -0,0 +1,36 @@
+---
+source: web/src/endpoints/user/put_lock.rs
+expression: lock_body
+snapshot_kind: text
+---
+<button class="button is-link is-light" hx-put="/users/1/unlock"
+  hx-target="closest div" hx-swap="innerHTML">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#unlock" />
+  </svg>
+  <span>Entsperren</span>
+</button>
+
+<a class="button is-primary is-light" hx-boost="true" href="/users/edit/1">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#edit" />
+  </svg>
+  <span>Bearbeiten</span>
+</a>
+
+<button id="user-1-delete" class="button is-danger is-light" 
+  hx-delete="/users/1" hx-target="closest tr" hx-swap="delete" hx-trigger="confirmed">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#x-circle" />
+  </svg>
+  <span>Löschen</span>
+</button>
+
+
+<button class="button is-warning is-light" hx-post="/users/1/resend-registration">
+  <svg class="icon">
+    <use href="/static/feather-sprite.svg#send" />
+  </svg>
+  <span>Registrierungsmail erneut senden</span>
+</button>
+<div id="user-1-locked" hx-swap-oob="true">ja</div>

web/src/endpoints/user/put_lock.rs

@@ -84,45 +84,98 @@ async fn handle_lock_state_for_user(
     Ok(HttpResponse::Ok().body(body))
 }
 
-// TODO: Tests schreiben
+#[cfg(test)]
-// #[cfg(test)]
+mod tests {
-// mod tests {
+    use crate::{
-//     use crate::utils::test_helper::{
+        models::{Area, Function, Role, User},
-//         assert_snapshot, read_body, test_put, DbTestContext, RequestConfig, StatusCode,
+        utils::test_helper::{
-//     };
+            assert_snapshot, read_body, test_put, DbTestContext, RequestConfig, StatusCode,
-//     use brass_macros::db_test;
+        },
-//
+    };
-//     #[db_test]
+    use brass_macros::db_test;
-//     async fn user_can_toggle_subscription_for_himself(context: &DbTestContext) {
+    use fake::{Fake, Faker};
-//         let app = context.app().await;
+
-//
+    #[db_test]
-//         let unsubscribe_config = RequestConfig::new("/users/1/unsubscribeNotifications");
+    async fn admin_can_lock_and_unlock_user(context: &DbTestContext) {
-//         let unsubscribe_response =
+        let app = context.app().await;
-//             test_put::<_, _, String>(&context.db_pool, &app, &unsubscribe_config, None).await;
+        User::create(&context.db_pool, Faker.fake()).await.unwrap();
-//
+
-//         assert_eq!(StatusCode::OK, unsubscribe_response.status());
+        let lock_config = RequestConfig {
-//
+            uri: "/users/1/lock".to_string(),
-//         let unsubscribe_body = read_body(unsubscribe_response).await;
+            role: Role::Admin,
-//         assert_snapshot!(unsubscribe_body);
+            function: vec![Function::Posten],
-//
+            user_area: 1,
-//         let subscribe_config = RequestConfig::new("/users/1/subscribeNotifications");
+        };
-//         let subscribe_response =
+        let lock_response =
-//             test_put::<_, _, String>(&context.db_pool, &app, &subscribe_config, None).await;
+            test_put::<_, _, String>(&context.db_pool, &app, &lock_config, None).await;
-//
+
-//         assert_eq!(StatusCode::OK, subscribe_response.status());
+        assert_eq!(StatusCode::OK, lock_response.status());
-//
+
-//         let subscribe_body = read_body(subscribe_response).await;
+        let lock_body = read_body(lock_response).await;
-//         assert_snapshot!(subscribe_body);
+        assert_snapshot!(lock_body);
-//     }
+
-//
+        let unlock_config = RequestConfig {
-//     #[db_test]
+            uri: "/users/1/unlock".to_string(),
-//     async fn user_cant_toggle_subscription_for_someone_else(context: &DbTestContext) {
+            role: Role::Admin,
-//         let app = context.app().await;
+            function: vec![Function::Posten],
-//
+            user_area: 1,
-//         let unsubscribe_config = RequestConfig::new("/users/3/unsubscribeNotifications");
+        };
-//         let unsubscribe_response =
+        let unlock_response =
-//             test_put::<_, _, String>(&context.db_pool, &app, &unsubscribe_config, None).await;
+            test_put::<_, _, String>(&context.db_pool, &app, &unlock_config, None).await;
-//
+
-//         assert_eq!(StatusCode::UNAUTHORIZED, unsubscribe_response.status());
+        assert_eq!(StatusCode::OK, unlock_response.status());
-//     }
+
-// }
+        let unlock_body = read_body(unlock_response).await;
+        assert_snapshot!(unlock_body);
+    }
+
+    #[db_test]
+    async fn area_manager_cant_lock_outside_of_his_area(context: &DbTestContext) {
+        let app = context.app().await;
+        Area::create(&context.db_pool, "Bereich 2").await.unwrap();
+        User::create(&context.db_pool, Faker.fake()).await.unwrap();
+
+        let config = RequestConfig {
+            uri: "/users/1/lock".to_string(),
+            role: Role::AreaManager,
+            function: vec![Function::Posten],
+            user_area: 2,
+        };
+
+        let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+        assert_eq!(StatusCode::UNAUTHORIZED, response.status())
+    }
+
+    #[db_test]
+    async fn one_cant_lock_oneself(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig {
+            uri: "/users/1/lock".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+
+        let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+        assert_eq!(StatusCode::BAD_REQUEST, response.status())
+    }
+
+    #[db_test]
+    async fn one_cant_lock_non_existing_user(context: &DbTestContext) {
+        let app = context.app().await;
+
+        let config = RequestConfig {
+            uri: "/users/30/lock".to_string(),
+            role: Role::Admin,
+            function: vec![Function::Posten],
+            user_area: 1,
+        };
+
+        let response = test_put::<_, _, String>(&context.db_pool, &app, &config, None).await;
+
+        assert_eq!(StatusCode::NOT_FOUND, response.status())
+    }
+}