chore: k1ch / add tests for PUT:/roles/{role_key}/permissions

DMGT-TECH · Nov 8, 2024 · 1d755f4 · 1d755f4
1 parent d7f3cf5
commit 1d755f4
Showing 1 changed file with 86 additions and 0 deletions.
diff --git a/server/test/endpoint_admin_roles_permissions.test.js b/server/test/endpoint_admin_roles_permissions.test.js
@@ -96,4 +96,90 @@ describe('Admin Roles Permissions', () => {
       assert.equal(response.status, 404)
     })
   })
+
+  describe('PUT:/roles/{role_key}/permissions', () => {
+    let validRoleKey
+    let validPermissionKeys
+    let invalidPermissionKey
+    const invalidRoleKey = 0
+
+    const putRolesPermissions = async (requestPayload, header = requestHeaders, roleKey = validRoleKey) => {
+      return await fetch(`${url}/roles/${roleKey}/permissions`, {
+        method: 'PUT',
+        headers: header,
+        body: JSON.stringify(requestPayload)
+      })
+    }
+
+    before(async () => {
+      const { key: roleKey, clientkey: clientKey } = await usherDb('roles').select('key', 'clientkey').first()
+      validRoleKey = roleKey
+
+      const permissions = await usherDb('permissions').select('key').where({ clientkey: clientKey }).limit(2)
+      validPermissionKeys = permissions.map((p) => p.key)
+
+      invalidPermissionKey = (await usherDb('permissions')
+        .select('key')
+        .whereNot({ clientkey: clientKey })
+        .first()).key
+    })
+
+    it('should return 204, empty response body, and Location header to get all the role permissions', async () => {
+      const response = await putRolesPermissions(validPermissionKeys)
+      assert.equal(response.status, 204)
+      assert.equal(response.headers.get('Location'), response.url)
+      const responseBody = await response.text()
+      assert.equal(responseBody, '')
+    })
+
+    it('should return 204, should be able to handle duplicate keys in the body', async () => {
+      const response = await putRolesPermissions([...validPermissionKeys, ...validPermissionKeys])
+      assert.equal(response.status, 204)
+    })
+
+    it('should return 204, ignore to create role permissions that already exist', async () => {
+      await putRolesPermissions(validPermissionKeys)
+      const response = await putRolesPermissions(validPermissionKeys)
+      assert.equal(response.status, 204)
+    })
+
+    it('should return 400, a permission does not belong to the same client as the role', async () => {
+      const response = await putRolesPermissions([...validPermissionKeys, invalidPermissionKey])
+      assert.equal(response.status, 400)
+    })
+
+    it('should return 400, for three different invalid request payloads', async () => {
+      const [emptyBodyResponse, invalidBodyResponse, invalidPermissionResponse] = await Promise.all(
+        [
+          putRolesPermissions(),
+          putRolesPermissions({}),
+          putRolesPermissions([invalidPermissionKey]),
+        ]
+      )
+      assert.ok([
+        emptyBodyResponse.status,
+        invalidBodyResponse.status,
+        invalidPermissionResponse.status].every((status) => status === 400))
+    })
+
+    it('should return 401, unauthorized token', async () => {
+      const userAccessToken = await getTestUser1IdPToken()
+      const response = await putRolesPermissions(
+        validPermissionKeys,
+        {
+          ...requestHeaders,
+          Authorization: `Bearer ${userAccessToken}`
+        })
+      assert.equal(response.status, 401)
+    })
+
+    it('should return 404, fail to create role permissions for an invalid role', async () => {
+      const response = await putRolesPermissions(validPermissionKeys, requestHeaders, invalidRoleKey)
+      assert.equal(response.status, 404)
+    })
+
+    afterEach(async () => {
+      await usherDb('rolepermissions').where({ rolekey: validRoleKey }).del()
+    })
+  })
 })