mirror of https://github.com/buster-so/buster.git
149 lines
4.5 KiB
Rust
149 lines
4.5 KiB
Rust
use anyhow::Result;
|
|
use axum::http::StatusCode;
|
|
use database::enums::AssetPermissionRole;
|
|
use serde_json::json;
|
|
use uuid::Uuid;
|
|
|
|
use crate::common::{
|
|
fixtures::{collections, users},
|
|
http::client::TestClient,
|
|
};
|
|
|
|
/// Test successful sharing of a collection that belongs to the user
|
|
#[tokio::test]
|
|
async fn test_create_collection_sharing_success() -> Result<()> {
|
|
// Setup
|
|
let user = users::create_test_user().await?;
|
|
let collection = collections::create_test_collection_for_user(&user.id).await?;
|
|
|
|
// Create test client with user auth
|
|
let client = TestClient::new_with_auth(&user.id);
|
|
|
|
// Share the collection with a different user
|
|
let other_user = users::create_test_user().await?;
|
|
let response = client
|
|
.post(&format!("/collections/{}/sharing", collection.id))
|
|
.json(&json!([
|
|
{
|
|
"email": other_user.email,
|
|
"role": AssetPermissionRole::Viewer
|
|
}
|
|
]))
|
|
.send()
|
|
.await?;
|
|
|
|
// Verify response
|
|
assert_eq!(response.status(), StatusCode::OK);
|
|
let response_text = response.text().await?;
|
|
assert!(response_text.contains("Sharing permissions created successfully"));
|
|
|
|
// Cleanup: Delete test data
|
|
users::delete_test_user(&user.id).await?;
|
|
users::delete_test_user(&other_user.id).await?;
|
|
collections::delete_test_collection(&collection.id).await?;
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// Test attempting to share a collection that doesn't exist
|
|
#[tokio::test]
|
|
async fn test_create_collection_sharing_collection_not_found() -> Result<()> {
|
|
// Setup
|
|
let user = users::create_test_user().await?;
|
|
let non_existent_id = Uuid::new_v4();
|
|
|
|
// Create test client with user auth
|
|
let client = TestClient::new_with_auth(&user.id);
|
|
|
|
// Attempt to share a non-existent collection
|
|
let response = client
|
|
.post(&format!("/collections/{}/sharing", non_existent_id))
|
|
.json(&json!([
|
|
{
|
|
"email": "test@example.com",
|
|
"role": AssetPermissionRole::Viewer
|
|
}
|
|
]))
|
|
.send()
|
|
.await?;
|
|
|
|
// Verify response
|
|
assert_eq!(response.status(), StatusCode::NOT_FOUND);
|
|
let response_text = response.text().await?;
|
|
assert!(response_text.contains("Collection not found"));
|
|
|
|
// Cleanup
|
|
users::delete_test_user(&user.id).await?;
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// Test attempting to share a collection without proper permissions
|
|
#[tokio::test]
|
|
async fn test_create_collection_sharing_insufficient_permissions() -> Result<()> {
|
|
// Setup
|
|
let owner = users::create_test_user().await?;
|
|
let collection = collections::create_test_collection_for_user(&owner.id).await?;
|
|
let unprivileged_user = users::create_test_user().await?;
|
|
|
|
// Create test client with unprivileged user auth
|
|
let client = TestClient::new_with_auth(&unprivileged_user.id);
|
|
|
|
// Attempt to share as unprivileged user
|
|
let response = client
|
|
.post(&format!("/collections/{}/sharing", collection.id))
|
|
.json(&json!([
|
|
{
|
|
"email": "test@example.com",
|
|
"role": AssetPermissionRole::Viewer
|
|
}
|
|
]))
|
|
.send()
|
|
.await?;
|
|
|
|
// Verify response
|
|
assert_eq!(response.status(), StatusCode::FORBIDDEN);
|
|
let response_text = response.text().await?;
|
|
assert!(response_text.contains("Insufficient permissions"));
|
|
|
|
// Cleanup
|
|
users::delete_test_user(&owner.id).await?;
|
|
users::delete_test_user(&unprivileged_user.id).await?;
|
|
collections::delete_test_collection(&collection.id).await?;
|
|
|
|
Ok(())
|
|
}
|
|
|
|
/// Test attempting to share with an invalid email
|
|
#[tokio::test]
|
|
async fn test_create_collection_sharing_invalid_email() -> Result<()> {
|
|
// Setup
|
|
let user = users::create_test_user().await?;
|
|
let collection = collections::create_test_collection_for_user(&user.id).await?;
|
|
|
|
// Create test client with user auth
|
|
let client = TestClient::new_with_auth(&user.id);
|
|
|
|
// Attempt to share with invalid email
|
|
let response = client
|
|
.post(&format!("/collections/{}/sharing", collection.id))
|
|
.json(&json!([
|
|
{
|
|
"email": "not-a-valid-email",
|
|
"role": AssetPermissionRole::Viewer
|
|
}
|
|
]))
|
|
.send()
|
|
.await?;
|
|
|
|
// Verify response
|
|
assert_eq!(response.status(), StatusCode::BAD_REQUEST);
|
|
let response_text = response.text().await?;
|
|
assert!(response_text.contains("Invalid email"));
|
|
|
|
// Cleanup
|
|
users::delete_test_user(&user.id).await?;
|
|
collections::delete_test_collection(&collection.id).await?;
|
|
|
|
Ok(())
|
|
} |