From e4c8222833dd87f409bf28189b72ce33c67b66be Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 1 Feb 2019 09:42:31 +0100 Subject: [PATCH 1/2] Add group resolver tests --- lib/mobilizon_web/resolvers/group.ex | 2 +- .../resolvers/group_resolver_test.exs | 91 +++++++++++++++++++ 2 files changed, 92 insertions(+), 1 deletion(-) diff --git a/lib/mobilizon_web/resolvers/group.ex b/lib/mobilizon_web/resolvers/group.ex index 8a045c590..b063691ae 100644 --- a/lib/mobilizon_web/resolvers/group.ex +++ b/lib/mobilizon_web/resolvers/group.ex @@ -98,7 +98,7 @@ defmodule MobilizonWeb.Resolvers.Group do {:error, "Actor id is not a member of this group"} {:is_admin, false} -> - {:error, "User is not an administrator of the selected group"} + {:error, "Actor id is not an administrator of the selected group"} end end diff --git a/test/mobilizon_web/resolvers/group_resolver_test.exs b/test/mobilizon_web/resolvers/group_resolver_test.exs index 6c5557d9f..0a41270d4 100644 --- a/test/mobilizon_web/resolvers/group_resolver_test.exs +++ b/test/mobilizon_web/resolvers/group_resolver_test.exs @@ -143,5 +143,96 @@ defmodule MobilizonWeb.Resolvers.GroupResolverTest do assert hd(json_response(res, 200)["errors"])["message"] =~ "not found" end + + test "delete_group/3 should check user authentication", %{conn: conn, actor: actor} do + group = insert(:group) + insert(:member, parent: group, actor: actor, role: 2) + + mutation = """ + mutation { + deleteGroup( + actor_id: #{actor.id}, + group_id: #{group.id} + ) { + id + } + } + """ + + res = + conn + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "logged-in" + end + + test "delete_group/3 should checks the actor is owned by the user", %{conn: conn, user: user, actor: actor} do + group = insert(:group) + insert(:member, parent: group, actor: actor, role: 2) + + mutation = """ + mutation { + deleteGroup( + actor_id: 159, + group_id: #{group.id} + ) { + id + } + } + """ + + res = + conn + |> auth_conn(user) + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "not owned" + end + + test "delete_group/3 should checks the actor is a member of this group", %{conn: conn, user: user, actor: actor} do + group = insert(:group) + + mutation = """ + mutation { + deleteGroup( + actor_id: #{actor.id}, + group_id: #{group.id} + ) { + id + } + } + """ + + res = + conn + |> auth_conn(user) + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "not a member" + end + + test "delete_group/3 should checks the actor is an administrator of this group", %{conn: conn, user: user, actor: actor} do + group = insert(:group) + insert(:member, parent: group, actor: actor, role: 1) + + mutation = """ + mutation { + deleteGroup( + actor_id: #{actor.id}, + group_id: #{group.id} + ) { + id + } + } + """ + + res = + conn + |> auth_conn(user) + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "not an administrator" + end + end end From 7bbd143984789d452bfb55b98ed8ac17506bc36d Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 1 Feb 2019 09:52:36 +0100 Subject: [PATCH 2/2] Add event resolver tests --- .../resolvers/event_resolver_test.exs | 74 +++++++++++++++++++ .../resolvers/group_resolver_test.exs | 19 ++++- .../resolvers/user_resolver_test.exs | 3 +- 3 files changed, 90 insertions(+), 6 deletions(-) diff --git a/test/mobilizon_web/resolvers/event_resolver_test.exs b/test/mobilizon_web/resolvers/event_resolver_test.exs index 13181ff23..24702cbd5 100644 --- a/test/mobilizon_web/resolvers/event_resolver_test.exs +++ b/test/mobilizon_web/resolvers/event_resolver_test.exs @@ -333,5 +333,79 @@ defmodule MobilizonWeb.Resolvers.EventResolverTest do assert hd(json_response(res, 200)["errors"])["message"] =~ "not found" end + + test "delete_event/3 should check the user is authenticated", %{conn: conn, actor: actor} do + event = insert(:event, organizer_actor: actor) + + mutation = """ + mutation { + deleteEvent( + actor_id: #{actor.id}, + event_id: #{event.id} + ) { + id + } + } + """ + + res = + conn + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "logged-in" + end + + test "delete_event/3 should check the actor id is owned by the user", %{ + conn: conn, + user: user, + actor: actor + } do + event = insert(:event, organizer_actor: actor) + + mutation = """ + mutation { + deleteEvent( + actor_id: 1042, + event_id: #{event.id} + ) { + id + } + } + """ + + res = + conn + |> auth_conn(user) + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "not owned" + end + + test "delete_event/3 should check the event can be deleted by the user", %{ + conn: conn, + user: user, + actor: actor + } do + actor2 = insert(:actor) + event = insert(:event, organizer_actor: actor2) + + mutation = """ + mutation { + deleteEvent( + actor_id: #{actor.id}, + event_id: #{event.id} + ) { + id + } + } + """ + + res = + conn + |> auth_conn(user) + |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) + + assert hd(json_response(res, 200)["errors"])["message"] =~ "cannot delete" + end end end diff --git a/test/mobilizon_web/resolvers/group_resolver_test.exs b/test/mobilizon_web/resolvers/group_resolver_test.exs index 0a41270d4..24469aa8a 100644 --- a/test/mobilizon_web/resolvers/group_resolver_test.exs +++ b/test/mobilizon_web/resolvers/group_resolver_test.exs @@ -166,7 +166,11 @@ defmodule MobilizonWeb.Resolvers.GroupResolverTest do assert hd(json_response(res, 200)["errors"])["message"] =~ "logged-in" end - test "delete_group/3 should checks the actor is owned by the user", %{conn: conn, user: user, actor: actor} do + test "delete_group/3 should check the actor is owned by the user", %{ + conn: conn, + user: user, + actor: actor + } do group = insert(:group) insert(:member, parent: group, actor: actor, role: 2) @@ -189,7 +193,11 @@ defmodule MobilizonWeb.Resolvers.GroupResolverTest do assert hd(json_response(res, 200)["errors"])["message"] =~ "not owned" end - test "delete_group/3 should checks the actor is a member of this group", %{conn: conn, user: user, actor: actor} do + test "delete_group/3 should check the actor is a member of this group", %{ + conn: conn, + user: user, + actor: actor + } do group = insert(:group) mutation = """ @@ -211,7 +219,11 @@ defmodule MobilizonWeb.Resolvers.GroupResolverTest do assert hd(json_response(res, 200)["errors"])["message"] =~ "not a member" end - test "delete_group/3 should checks the actor is an administrator of this group", %{conn: conn, user: user, actor: actor} do + test "delete_group/3 should check the actor is an administrator of this group", %{ + conn: conn, + user: user, + actor: actor + } do group = insert(:group) insert(:member, parent: group, actor: actor, role: 1) @@ -233,6 +245,5 @@ defmodule MobilizonWeb.Resolvers.GroupResolverTest do assert hd(json_response(res, 200)["errors"])["message"] =~ "not an administrator" end - end end diff --git a/test/mobilizon_web/resolvers/user_resolver_test.exs b/test/mobilizon_web/resolvers/user_resolver_test.exs index 9381296bb..96c1f4cbd 100644 --- a/test/mobilizon_web/resolvers/user_resolver_test.exs +++ b/test/mobilizon_web/resolvers/user_resolver_test.exs @@ -165,8 +165,7 @@ defmodule MobilizonWeb.Resolvers.UserResolverTest do context.conn |> post("/api", AbsintheHelpers.mutation_skeleton(mutation)) - assert hd(json_response(res, 200)["errors"])["message"] == - "User with email not found" + assert hd(json_response(res, 200)["errors"])["message"] == "User with email not found" end test "register_person/3 can't be called with an existing profile", context do