use actix_web::{web, HttpResponse, Responder}; use sqlx::PgPool; use crate::{ endpoints::{clothing::ReadClothingPartialTemplate, IdPath}, utils::{ApplicationError, TemplateResponse}, }; use brass_db::models::{Clothing, Role, User}; #[actix_web::get("/clothing/{id}")] pub async fn get( user: web::ReqData, pool: web::Data, path: web::Path, ) -> Result { if user.role != Role::Admin { return Err(ApplicationError::Unauthorized); } let Some(clothing) = Clothing::read(pool.get_ref(), path.id).await? else { return Ok(HttpResponse::NotFound().finish()); }; let template = ReadClothingPartialTemplate { c: clothing }; Ok(template.to_response()?) } #[cfg(test)] mod tests { use crate::utils::test_helper::{ assert_snapshot, read_body, test_get, DbTestContext, RequestConfig, StatusCode, }; use brass_db::models::{Clothing, Role}; use brass_macros::db_test; #[db_test] async fn user_cant_view_single_entity(context: &DbTestContext) { Clothing::create(&context.db_pool, "Tuchuniform") .await .unwrap(); let app = context.app().await; let config = RequestConfig::new("/clothing/1"); let response = test_get(&context.db_pool, &app, &config).await; assert_eq!(StatusCode::UNAUTHORIZED, response.status()); } #[db_test] async fn area_manager_cant_view_single_entity(context: &DbTestContext) { Clothing::create(&context.db_pool, "Tuchuniform") .await .unwrap(); let app = context.app().await; let config = RequestConfig::new("/clothing/1").with_role(Role::AreaManager); let response = test_get(&context.db_pool, &app, &config).await; assert_eq!(StatusCode::UNAUTHORIZED, response.status()); } #[db_test] async fn produces_template_fine_when_user_is_admin(context: &DbTestContext) { let app = context.app().await; Clothing::create(&context.db_pool, "Schutzkleidung Form 1") .await .unwrap(); let config = RequestConfig::new("/clothing/1").with_role(Role::Admin); let response = test_get(&context.db_pool, &app, &config).await; assert_eq!(StatusCode::OK, response.status()); let body = read_body(response).await; assert_snapshot!(body); } }