use actix_web::{http::header::LOCATION, web, HttpResponse, Responder}; use sqlx::PgPool; use crate::{ endpoints::{vehicle::VehicleForm, IdPath}, utils::ApplicationError, }; use brass_db::models::{Role, User, Vehicle}; #[actix_web::post("/vehicles/{id}")] pub async fn post( user: web::ReqData, pool: web::Data, path: web::Path, form: web::Form, ) -> Result { if user.role != Role::Admin && user.role != Role::AreaManager { return Err(ApplicationError::Unauthorized); } let Some(vehicle) = Vehicle::read(pool.get_ref(), path.id).await? else { return Ok(HttpResponse::NotFound().finish()); }; if vehicle.radio_call_name != form.radio_call_name || vehicle.station != form.station { Vehicle::update( pool.get_ref(), path.id, &form.radio_call_name, &form.station, ) .await?; } Ok(HttpResponse::Found() .insert_header((LOCATION, "/vehicles")) .insert_header(("HX-LOCATION", "/vehicles")) .finish()) } #[cfg(test)] mod tests { use actix_http::StatusCode; use brass_db::models::{Role, Vehicle}; use brass_macros::db_test; use crate::{ endpoints::vehicle::VehicleForm, utils::test_helper::{create_test_login_user, test_post, DbTestContext, RequestConfig}, }; #[db_test] async fn updates_vehicle_when_user_is_admin_and_vehicle_exists(context: &DbTestContext) { works_for_role(context, Role::Admin).await; } #[db_test] async fn updates_vehicle_when_user_is_area_manager_and_vehicle_exists(context: &DbTestContext) { works_for_role(context, Role::AreaManager).await; } async fn works_for_role(context: &DbTestContext, role: Role) { Vehicle::create(&context.db_pool, "11.49.1", "FF Leipzig Ost") .await .unwrap(); let app = context.app().await; let config = RequestConfig::new("/vehicles/1").with_role(role); create_test_login_user(&context.db_pool, &config).await; let request = VehicleForm { station: "FF Leipzig Ost".to_string(), radio_call_name: "11.49.2".to_string(), }; let response = test_post(app, &config, Some(request)).await; assert_eq!(StatusCode::FOUND, response.status()); let updated_vehicle = Vehicle::read(&context.db_pool, 1).await.unwrap().unwrap(); assert_eq!("11.49.2".to_string(), updated_vehicle.radio_call_name); } #[db_test] async fn returns_unauthorized_when_user_is_staff(context: &DbTestContext) { let app = context.app().await; let config = RequestConfig::new("/vehicles/1"); create_test_login_user(&context.db_pool, &config).await; let request = VehicleForm { station: "FF Leipzig Ost".to_string(), radio_call_name: "11.49.2".to_string(), }; let response = test_post(app, &config, Some(request)).await; assert_eq!(StatusCode::UNAUTHORIZED, response.status()); } #[db_test] async fn returns_not_found_when_vehicle_does_not_exist(context: &DbTestContext) { let app = context.app().await; let config = RequestConfig::new("/vehicles/1").with_role(Role::Admin); create_test_login_user(&context.db_pool, &config).await; let request = VehicleForm { station: "FF Leipzig Ost".to_string(), radio_call_name: "11.49.2".to_string(), }; let response = test_post(app, &config, Some(request)).await; assert_eq!(StatusCode::NOT_FOUND, response.status()); } }