brass/web/src/endpoints/vehicle/post_edit.rs

use actix_web::{http::header::LOCATION, web, HttpResponse, Responder};
use sqlx::PgPool;

use crate::{
    endpoints::{vehicle::VehicleForm, IdPath},
    utils::ApplicationError,
};
use brass_db::models::{Role, User, Vehicle};

#[actix_web::post("/vehicles/{id}")]
pub async fn post(
    user: web::ReqData<User>,
    pool: web::Data<PgPool>,
    path: web::Path<IdPath>,
    form: web::Form<VehicleForm>,
) -> Result<impl Responder, ApplicationError> {
    if user.role != Role::Admin && user.role != Role::AreaManager {
        return Err(ApplicationError::Unauthorized);
    }

    let Some(vehicle) = Vehicle::read(pool.get_ref(), path.id).await? else {
        return Ok(HttpResponse::NotFound().finish());
    };

    if vehicle.radio_call_name != form.radio_call_name || vehicle.station != form.station {
        Vehicle::update(
            pool.get_ref(),
            path.id,
            &form.radio_call_name,
            &form.station,
        )
        .await?;
    }

    Ok(HttpResponse::Found()
        .insert_header((LOCATION, "/vehicles"))
        .insert_header(("HX-LOCATION", "/vehicles"))
        .finish())
}

#[cfg(test)]
mod tests {
    use actix_http::StatusCode;
    use brass_db::models::{Role, Vehicle};
    use brass_macros::db_test;

    use crate::{
        endpoints::vehicle::VehicleForm,
        utils::test_helper::{create_test_login_user, test_post, DbTestContext, RequestConfig},
    };

    #[db_test]
    async fn updates_vehicle_when_user_is_admin_and_vehicle_exists(context: &DbTestContext) {
        works_for_role(context, Role::Admin).await;
    }

    #[db_test]
    async fn updates_vehicle_when_user_is_area_manager_and_vehicle_exists(context: &DbTestContext) {
        works_for_role(context, Role::AreaManager).await;
    }

    async fn works_for_role(context: &DbTestContext, role: Role) {
        Vehicle::create(&context.db_pool, "11.49.1", "FF Leipzig Ost")
            .await
            .unwrap();

        let app = context.app().await;

        let config = RequestConfig::new("/vehicles/1").with_role(role);
        create_test_login_user(&context.db_pool, &config).await;

        let request = VehicleForm {
            station: "FF Leipzig Ost".to_string(),
            radio_call_name: "11.49.2".to_string(),
        };

        let response = test_post(app, &config, Some(request)).await;

        assert_eq!(StatusCode::FOUND, response.status());

        let updated_vehicle = Vehicle::read(&context.db_pool, 1).await.unwrap().unwrap();

        assert_eq!("11.49.2".to_string(), updated_vehicle.radio_call_name);
    }

    #[db_test]
    async fn returns_unauthorized_when_user_is_staff(context: &DbTestContext) {
        let app = context.app().await;

        let config = RequestConfig::new("/vehicles/1");
        create_test_login_user(&context.db_pool, &config).await;

        let request = VehicleForm {
            station: "FF Leipzig Ost".to_string(),
            radio_call_name: "11.49.2".to_string(),
        };

        let response = test_post(app, &config, Some(request)).await;

        assert_eq!(StatusCode::UNAUTHORIZED, response.status());
    }

    #[db_test]
    async fn returns_not_found_when_vehicle_does_not_exist(context: &DbTestContext) {
        let app = context.app().await;

        let config = RequestConfig::new("/vehicles/1").with_role(Role::Admin);
        create_test_login_user(&context.db_pool, &config).await;

        let request = VehicleForm {
            station: "FF Leipzig Ost".to_string(),
            radio_call_name: "11.49.2".to_string(),
        };

        let response = test_post(app, &config, Some(request)).await;

        assert_eq!(StatusCode::NOT_FOUND, response.status());
    }
}