Schwarztee/brass
1
0
Fork 0
Code Issues 19 Pull Requests Packages Projects 1 Releases Wiki Activity

feat: area manager can delete vehicle

Browse Source 
refs #21
This commit is contained in:
Max Hohlfeld 2025-04-28 21:17:44 +02:00
parent 4ff4ce0195
commit b2fccdfa29
1 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
web/src/endpoints/vehicle/delete.rs
View File

@ -13,7 +13,7 @@ pub async fn delete(
pool: web::Data<PgPool>, pool: web::Data<PgPool>,
path: web::Path<IdPath>, path: web::Path<IdPath>,
) -> Result<impl Responder, ApplicationError> { ) -> Result<impl Responder, ApplicationError> {
if user.role != Role::Admin { if user.role != Role::Admin && user.role != Role::AreaManager {
return Err(ApplicationError::Unauthorized); return Err(ApplicationError::Unauthorized);
} }
@ -25,3 +25,64 @@ pub async fn delete(
Ok(HttpResponse::Ok().finish()) Ok(HttpResponse::Ok().finish())
} }
#[cfg(test)]
mod tests {
use crate::{
models::{Function, Role, Vehicle},
utils::test_helper::{test_delete, DbTestContext, RequestConfig, StatusCode},
};
use brass_macros::db_test;
#[db_test]
async fn deletes_vehicle_when_user_is_admin_and_vehicle_exists(context: &DbTestContext) {
works_for_role(context, Role::Admin).await;
}
#[db_test]
async fn deletes_vehicle_when_user_is_area_manager_and_vehicle_exists(context: &DbTestContext) {
works_for_role(context, Role::AreaManager).await;
}
async fn works_for_role(context: &DbTestContext, role: Role) {
Vehicle::create(&context.db_pool, "11.49.1", "FF Leipzig Ost")
.await
.unwrap();
assert!(Vehicle::read(&context.db_pool, 1).await.unwrap().is_some());
let app = context.app().await;
let config = RequestConfig {
uri: "/vehicles/1".to_string(),
role,
function: vec![Function::Posten],
user_area: 1,
};
let response = test_delete(&context.db_pool, app, &config).await;
assert_eq!(StatusCode::OK, response.status());
assert!(Vehicle::read(&context.db_pool, 1).await.unwrap().is_none());
}
#[db_test]
async fn returns_unauthorized_when_user_is_staff(context: &DbTestContext) {
let app = context.app().await;
let response = test_delete(&context.db_pool, app, &RequestConfig::new("/vehicles/1")).await;
assert_eq!(StatusCode::UNAUTHORIZED, response.status());
}
#[db_test]
async fn returns_not_found_when_vehicle_does_not_exist(context: &DbTestContext) {
let app = context.app().await;
let config = RequestConfig {
uri: "/vehicles/1".to_string(),
role: Role::Admin,
function: vec![Function::Posten],
user_area: 1,
};
let response = test_delete(&context.db_pool, app, &config).await;
assert_eq!(StatusCode::NOT_FOUND, response.status());
}
}