hostsharing/hs.hsadmin.ng
6
0
Fork 0
Code Pull Requests 3 Activity

introduce-booking-module #41

Merged
hsh-michaelhoennig merged 21 commits from introduce-booking-module into master 2024-04-16 11:21:35 +02:00
Conversation 0 Commits 21 Files Changed 33 +1 -22
1 changed files with 1 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e46813bf9c - Show all commits

23
src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java
View File

@ -6,9 +6,7 @@ import io.restassured.http.ContentType;
import net.hostsharing.hsadminng.HsadminNgApplication; import net.hostsharing.hsadminng.HsadminNgApplication;
import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository; import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
import net.hostsharing.hsadminng.hs.office.test.ContextBasedTestWithCleanup; import net.hostsharing.hsadminng.hs.office.test.ContextBasedTestWithCleanup;
import net.hostsharing.test.Accepts;
import net.hostsharing.test.JpaAttempt; import net.hostsharing.test.JpaAttempt;
import org.json.JSONException;
import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -53,7 +51,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
class ListBookingItems { class ListBookingItems {
@Test @Test
void globalAdmin_canViewAllBookingItemsOfArbitraryDebitor() throws JSONException { void globalAdmin_canViewAllBookingItemsOfArbitraryDebitor() {
// given // given
context("superuser-alex@hostsharing.net"); context("superuser-alex@hostsharing.net");
@ -358,25 +356,6 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
} }
@Test @Test
void bankAccountAdminUser_canNotDeleteRelatedBookingItem() {
context.define("superuser-alex@hostsharing.net");
final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111);
RestAssured // @formatter:off
.given()
.header("current-user", "bankaccount-admin@FirstGmbH.example.com")
.port(port)
.when()
.delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
.then().log().body().assertThat()
.statusCode(403); // @formatter:on
// then the given bookingItem is still there
assertThat(bookingItemRepo.findByUuid(givenBookingItem.getUuid())).isNotEmpty();
}
@Test
@Accepts({ "BookingItem:X(Access Control)" })
void normalUser_canNotDeleteUnrelatedBookingItem() { void normalUser_canNotDeleteUnrelatedBookingItem() {
context.define("superuser-alex@hostsharing.net"); context.define("superuser-alex@hostsharing.net");
final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111); final var givenBookingItem = givenSomeTemporaryBookingItemForDebitorNumber(1000111);