diff --git a/database/database_test.go b/database/database_test.go index e5bf223..2d34636 100644 --- a/database/database_test.go +++ b/database/database_test.go @@ -367,7 +367,7 @@ func TestAddAdminAndUsers(t *testing.T) { DropTables(db) MigrateModels(db) - assert.NoError(t, DBAddAdminAndUser(db)) + assert.NoError(t, DBAddAdminAndUserAndGuest(db)) } func TestAddData(t *testing.T) { diff --git a/database/testdata.go b/database/testdata.go index e35f4f8..43442f9 100644 --- a/database/testdata.go +++ b/database/testdata.go @@ -16,12 +16,14 @@ import ( var StrPassword0 = "xyz789" var StrPasswordA = "abc123" var StrPasswordB = "bcd234" +var StrPasswordC = "guestpw" // Hash passwords with bcrypt algorithm var bcryptCost = 10 var pw0, _ = bcrypt.GenerateFromPassword([]byte(StrPassword0), bcryptCost) var pwA, _ = bcrypt.GenerateFromPassword([]byte(StrPasswordA), bcryptCost) var pwB, _ = bcrypt.GenerateFromPassword([]byte(StrPasswordB), bcryptCost) +var pwC, _ = bcrypt.GenerateFromPassword([]byte(StrPasswordC), bcryptCost) var User0 = User{Username: "User_0", Password: string(pw0), Role: "Admin", Mail: "User_0@example.com"} @@ -29,6 +31,8 @@ var UserA = User{Username: "User_A", Password: string(pwA), Role: "User", Mail: "User_A@example.com"} var UserB = User{Username: "User_B", Password: string(pwB), Role: "User", Mail: "User_B@example.com"} +var UserC = User{Username: "User_C", Password: string(pwC), + Role: "Guest", Mail: "User_C@example.com"} // Simulators @@ -205,19 +209,22 @@ func DBAddAdminUser(db *gorm.DB) error { return err } -func DBAddAdminAndUser(db *gorm.DB) error { +func DBAddAdminAndUserAndGuest(db *gorm.DB) error { db.AutoMigrate(&User{}) //create a copy of global test data user0 := User0 userA := UserA userB := UserB - // add admin user to DB + userC := UserC + // add admin user to DB err := db.Create(&user0).Error // add normal users to DB err = db.Create(&userA).Error err = db.Create(&userB).Error + // add guest user to DB + err = db.Create(&userC).Error return err } diff --git a/helper/test_utilities.go b/helper/test_utilities.go index 7331cfd..669da8a 100644 --- a/helper/test_utilities.go +++ b/helper/test_utilities.go @@ -22,6 +22,7 @@ type KeyModels map[string]interface{} var StrPassword0 = "xyz789" var StrPasswordA = "abc123" var StrPasswordB = "bcd234" +var StrPasswordC = "guestpw" type Credentials struct { Username string @@ -43,6 +44,11 @@ var UserBCredentials = Credentials{ Password: StrPasswordB, } +var GuestCredentials = Credentials{ + Username: "User_C", + Password: StrPasswordC, +} + // ############################################################################ // #################### Functions used for testing ############################ // ############################################################################ diff --git a/routes/dashboard/dashboard_test.go b/routes/dashboard/dashboard_test.go index 3b21b69..6847c40 100644 --- a/routes/dashboard/dashboard_test.go +++ b/routes/dashboard/dashboard_test.go @@ -70,7 +70,7 @@ func TestMain(m *testing.M) { func TestAddDashboard(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -156,7 +156,7 @@ func TestAddDashboard(t *testing.T) { func TestUpdateDashboard(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -220,7 +220,7 @@ func TestUpdateDashboard(t *testing.T) { func TestDeleteDashboard(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -293,7 +293,7 @@ func TestDeleteDashboard(t *testing.T) { func TestGetAllDashboardsOfScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, diff --git a/routes/file/file_endpoints.go b/routes/file/file_endpoints.go index 4b0e235..b698e47 100644 --- a/routes/file/file_endpoints.go +++ b/routes/file/file_endpoints.go @@ -119,12 +119,12 @@ func addFile(c *gin.Context) { // Check access var ok bool if objectType == "model" { - ok, _ = simulationmodel.CheckPermissions(c, database.Create, "body", objectID) + ok, _ = simulationmodel.CheckPermissions(c, database.Update, "body", objectID) if !ok { return } } else { - ok, _ = widget.CheckPermissions(c, database.Create, objectID) + ok, _ = widget.CheckPermissions(c, database.Update, objectID) if !ok { return } @@ -139,8 +139,7 @@ func addFile(c *gin.Context) { var newFile File err = newFile.register(file_header, objectType, uint(objectID)) - if err != nil { - helper.DBError(c, err) + if helper.DBError(c, err) { return } @@ -173,12 +172,9 @@ func getFile(c *gin.Context) { } err := f.download(c) - if err != nil { - helper.DBError(c, err) + if helper.DBError(c, err) { return } - - c.JSON(http.StatusOK, gin.H{"file": f.File}) } // updateFile godoc @@ -209,21 +205,14 @@ func updateFile(c *gin.Context) { } // Extract file from PUT request form - err := c.Request.ParseForm() + fileHeader, err := c.FormFile("file") if err != nil { helper.BadRequestError(c, fmt.Sprintf("Get form error: %s", err.Error())) return } - file_header, err := c.FormFile("file") - if err != nil { - helper.BadRequestError(c, fmt.Sprintf("Get form error: %s", err.Error())) - return - } - - err = f.update(file_header) - if err != nil { - helper.DBError(c, err) + err = f.update(fileHeader) + if helper.DBError(c, err) { return } @@ -251,8 +240,7 @@ func deleteFile(c *gin.Context) { } err := f.delete() - if err != nil { - helper.DBError(c, err) + if helper.DBError(c, err) { return } diff --git a/routes/file/file_methods.go b/routes/file/file_methods.go index 7ac82ee..513300f 100644 --- a/routes/file/file_methods.go +++ b/routes/file/file_methods.go @@ -18,15 +18,6 @@ type File struct { database.File } -func (f *File) byPath(path string) error { - db := database.GetDB() - err := db.Where("Path = ?", path).Find(f).Error - if err != nil { - return err - } - return err -} - func (f *File) byID(id uint) error { db := database.GetDB() err := db.Find(f, id).Error diff --git a/routes/file/file_middleware.go b/routes/file/file_middleware.go index f98c651..d53994f 100644 --- a/routes/file/file_middleware.go +++ b/routes/file/file_middleware.go @@ -15,7 +15,7 @@ func checkPermissions(c *gin.Context, operation database.CRUD) (bool, File) { err := database.ValidateRole(c, database.ModelFile, operation) if err != nil { - helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error())) + helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of file failed): %v", err.Error())) return false, f } diff --git a/routes/file/file_test.go b/routes/file/file_test.go index 2f2c891..c6df833 100644 --- a/routes/file/file_test.go +++ b/routes/file/file_test.go @@ -5,10 +5,12 @@ import ( "fmt" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/database" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/helper" + "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/dashboard" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/scenario" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/simulationmodel" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/simulator" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/user" + "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/widget" "github.com/gin-gonic/gin" "github.com/jinzhu/gorm" "github.com/jinzhu/gorm/dialects/postgres" @@ -46,7 +48,28 @@ type ScenarioRequest struct { StartParameters postgres.Jsonb `json:"startParameters,omitempty"` } -func addScenarioAndSimulatorAndSimulationModel() (scenarioID uint, simulatorID uint, simulationModelID uint) { +type DashboardRequest struct { + Name string `json:"name,omitempty"` + Grid int `json:"grid,omitempty"` + ScenarioID uint `json:"scenarioID,omitempty"` +} + +type WidgetRequest struct { + Name string `json:"name,omitempty"` + Type string `json:"type,omitempty"` + Width uint `json:"width,omitempty"` + Height uint `json:"height,omitempty"` + MinWidth uint `json:"minWidth,omitempty"` + MinHeight uint `json:"minHeight,omitempty"` + X int `json:"x,omitempty"` + Y int `json:"y,omitempty"` + Z int `json:"z,omitempty"` + DashboardID uint `json:"dashboardID,omitempty"` + IsLocked bool `json:"isLocked,omitempty"` + CustomProperties postgres.Jsonb `json:"customProperties,omitempty"` +} + +func addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget() (scenarioID uint, simulatorID uint, simulationModelID uint, dashboardID uint, widgetID uint) { // authenticate as admin token, _ := helper.AuthenticateForTest(router, @@ -82,7 +105,7 @@ func addScenarioAndSimulatorAndSimulationModel() (scenarioID uint, simulatorID u // Read newScenario's ID from the response newScenarioID, _ := helper.GetResponseID(resp) - // test POST models/ $newSimulationModel + // POST new simulation model newSimulationModel := SimulationModelRequest{ Name: database.SimulationModelA.Name, ScenarioID: uint(newScenarioID), @@ -95,7 +118,44 @@ func addScenarioAndSimulatorAndSimulationModel() (scenarioID uint, simulatorID u // Read newSimulationModel's ID from the response newSimulationModelID, _ := helper.GetResponseID(resp) - return uint(newScenarioID), uint(newSimulatorID), uint(newSimulationModelID) + // POST new dashboard + newDashboard := DashboardRequest{ + Name: database.DashboardA.Name, + Grid: database.DashboardA.Grid, + ScenarioID: uint(newScenarioID), + } + _, resp, _ = helper.TestEndpoint(router, token, + "/api/dashboards", "POST", helper.KeyModels{"dashboard": newDashboard}) + + // Read newDashboard's ID from the response + newDashboardID, _ := helper.GetResponseID(resp) + + // POST new widget + newWidget := WidgetRequest{ + Name: database.WidgetA.Name, + Type: database.WidgetA.Type, + Width: database.WidgetA.Width, + Height: database.WidgetA.Height, + MinWidth: database.WidgetA.MinWidth, + MinHeight: database.WidgetA.MinHeight, + X: database.WidgetA.X, + Y: database.WidgetA.Y, + Z: database.WidgetA.Z, + IsLocked: database.WidgetA.IsLocked, + CustomProperties: database.WidgetA.CustomProperties, + DashboardID: uint(newDashboardID), + } + _, resp, _ = helper.TestEndpoint(router, token, + "/api/widgets", "POST", helper.KeyModels{"widget": newWidget}) + + // Read newWidget's ID from the response + newWidgetID, _ := helper.GetResponseID(resp) + + // add the guest user to the new scenario + _, resp, _ = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/scenarios/%v/user?username=User_C", newScenarioID), "PUT", nil) + + return uint(newScenarioID), uint(newSimulatorID), uint(newSimulationModelID), uint(newDashboardID), uint(newWidgetID) } func TestMain(m *testing.M) { @@ -109,7 +169,7 @@ func TestMain(m *testing.M) { user.RegisterAuthenticate(api.Group("/authenticate")) api.Use(user.Authentication(true)) // simulationmodel endpoints required here to first add a simulation to the DB - // that can be associated with a new signal model + // that can be associated with a new file simulationmodel.RegisterSimulationModelEndpoints(api.Group("/models")) // scenario endpoints required here to first add a scenario to the DB // that can be associated with a new simulation model @@ -117,6 +177,13 @@ func TestMain(m *testing.M) { // simulator endpoints required here to first add a simulator to the DB // that can be associated with a new simulation model simulator.RegisterSimulatorEndpoints(api.Group("/simulators")) + // dashboard endpoints required here to first add a dashboard to the DB + // that can be associated with a new widget + dashboard.RegisterDashboardEndpoints(api.Group("/dashboards")) + // widget endpoints required here to first add a widget to the DB + // that can be associated with a new file + widget.RegisterWidgetEndpoints(api.Group("/widgets")) + RegisterFileEndpoints(api.Group("/files")) os.Exit(m.Run()) @@ -125,18 +192,59 @@ func TestMain(m *testing.M) { func TestAddFile(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing - // by adding a scenario and a simulator to the DB // using the respective endpoints of the API - _, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel() + _, _, simulationModelID, _, widgetID := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget() - // authenticate as normal user + // authenticate as userB who has no access to the elements in the DB token, err := helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserBCredentials) + assert.NoError(t, err) + + emptyBuf := &bytes.Buffer{} + + // try to POST to a simulation model to which UserB has no access + // should return a 422 unprocessable entity error + code, resp, err := helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "POST", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // try to POST to a widget to which UserB has no access + // should return a 422 unprocessable entity error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "POST", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // authenticate as normal userA + token, err = helper.AuthenticateForTest(router, "/api/authenticate", "POST", helper.UserACredentials) assert.NoError(t, err) + // try to POST to an invalid object type + // should return a bad request error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=wrongtype", widgetID), "POST", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) + + // try to POST without an object ID + // should return a bad request error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectType=model"), "POST", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) + + // try to POST an invalid file + // should return a bad request + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "POST", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) + // create a testfile.txt in local folder c1 := []byte("This is my testfile\n") err = ioutil.WriteFile("testfile.txt", c1, 0644) @@ -171,16 +279,29 @@ func TestAddFile(t *testing.T) { router.ServeHTTP(w, req) assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body) - fmt.Println(w.Body) + //fmt.Println(w.Body) newFileID, err := helper.GetResponseID(w.Body) assert.NoError(t, err) // Get the new file - code, resp, err := helper.TestEndpoint(router, token, + code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/files/%v", newFileID), "GET", nil) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) + assert.Equalf(t, string(c1), resp.String(), "Response body: \n%v\n", resp) + + // authenticate as userB who has no access to the elements in the DB + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserBCredentials) + assert.NoError(t, err) + + // try to get a file to which user has no access + // should return unprocessable entity + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID), "GET", nil) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) } @@ -188,12 +309,11 @@ func TestUpdateFile(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing - // by adding a scenario and a simulator to the DB // using the respective endpoints of the API - _, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel() + _, _, simulationModelID, _, _ := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget() // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -233,12 +353,49 @@ func TestUpdateFile(t *testing.T) { router.ServeHTTP(w, req) assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body) - fmt.Println(w.Body) + //fmt.Println(w.Body) newFileID, err := helper.GetResponseID(w.Body) assert.NoError(t, err) + // authenticate as userB who has no access to the elements in the DB + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserBCredentials) + assert.NoError(t, err) + + emptyBuf := &bytes.Buffer{} + + // try to PUT to a file to which UserB has no access + // should return a 422 unprocessable entity error + code, resp, err := helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID), "PUT", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // authenticate as guest user C + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.GuestCredentials) + assert.NoError(t, err) + + // try to PUT as guest + // should return an unprocessable entity error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID), "PUT", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + // Prepare update + // authenticate as normal user + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserACredentials) + assert.NoError(t, err) + + // try to PUT with empty body + // should return bad request + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID), "PUT", emptyBuf) + assert.NoError(t, err) + assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) // create a testfile_updated.txt in local folder c2 := []byte("This is my updated testfile\n") @@ -270,31 +427,30 @@ func TestUpdateFile(t *testing.T) { req.Header.Set("Content-Type", contentType) req.Header.Add("Authorization", "Bearer "+token) router.ServeHTTP(w_updated, req) - assert.Equalf(t, 200, w_updated.Code, "Response body: \n%v\n", w_updated.Body) - fmt.Println(w_updated.Body) + //fmt.Println(w_updated.Body) + //assert.Equal(t, c2, w_updated.Header().Get("file")) newFileIDUpdated, err := helper.GetResponseID(w_updated.Body) assert.Equal(t, newFileID, newFileIDUpdated) // Get the updated file - code, resp, err := helper.TestEndpoint(router, token, + code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/files/%v", newFileIDUpdated), "GET", nil) assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) - + assert.Equalf(t, string(c2), resp.String(), "Response body: \n%v\n", resp) } func TestDeleteFile(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing - // by adding a scenario and a simulator to the DB // using the respective endpoints of the API - _, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel() + _, _, simulationModelID, _, widgetID := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget() // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -306,21 +462,19 @@ func TestDeleteFile(t *testing.T) { err = ioutil.WriteFile("testfile.txt", c1, 0644) assert.NoError(t, err) - // test POST files - bodyBuf := &bytes.Buffer{} - bodyWriter := multipart.NewWriter(bodyBuf) - fileWriter, err := bodyWriter.CreateFormFile("file", "testuploadfile.txt") - assert.NoError(t, err, "writing to buffer") - // open file handle fh, err := os.Open("testfile.txt") assert.NoError(t, err, "opening file") defer fh.Close() + // test POST files + bodyBuf := &bytes.Buffer{} + bodyWriter := multipart.NewWriter(bodyBuf) + fileWriter, err := bodyWriter.CreateFormFile("file", "testuploadfile.txt") + assert.NoError(t, err, "writing to buffer") // io copy _, err = io.Copy(fileWriter, fh) assert.NoError(t, err, "IO copy") - contentType := bodyWriter.FormDataContentType() bodyWriter.Close() //req, err := http.NewRequest("POST", "/api/files?objectID=1&objectType=widget", bodyBuf) @@ -329,26 +483,107 @@ func TestDeleteFile(t *testing.T) { w := httptest.NewRecorder() req, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBuf) assert.NoError(t, err, "create request") - req.Header.Set("Content-Type", contentType) req.Header.Add("Authorization", "Bearer "+token) router.ServeHTTP(w, req) - assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body) - //fmt.Println(w.Body) newFileID, err := helper.GetResponseID(w.Body) assert.NoError(t, err) + // add a second file to a widget, this time to a widget + bodyBuf2 := &bytes.Buffer{} + bodyWriter2 := multipart.NewWriter(bodyBuf2) + fileWriter2, err := bodyWriter2.CreateFormFile("file", "testuploadfile.txt") + assert.NoError(t, err, "writing to buffer") + // io copy + _, err = io.Copy(fileWriter2, fh) + assert.NoError(t, err, "IO copy") + contentType2 := bodyWriter2.FormDataContentType() + bodyWriter2.Close() + + // Create the request + w2 := httptest.NewRecorder() + req2, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), bodyBuf2) + assert.NoError(t, err, "create request") + req2.Header.Set("Content-Type", contentType2) + req2.Header.Add("Authorization", "Bearer "+token) + router.ServeHTTP(w2, req2) + assert.Equalf(t, 200, w2.Code, "Response body: \n%v\n", w2.Body) + + newFileID2, err := helper.GetResponseID(w2.Body) + assert.NoError(t, err) + + // authenticate as userB who has no access to the elements in the DB + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserBCredentials) + assert.NoError(t, err) + + // try to DELETE file of simulation model to which userB has no access + // should return an unprocessable entity error + code, resp, err := helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID), "DELETE", nil) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // try to DELETE file of widget to which userB has no access + // should return an unprocessable entity error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID2), "DELETE", nil) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // authenticate as normal user + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserACredentials) + assert.NoError(t, err) + // Count the number of all files returned for simulation model initialNumber, err := helper.LengthOfResponse(router, token, fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil) assert.NoError(t, err) - // Delete the added file - code, resp, err := helper.TestEndpoint(router, token, + // try to DELETE non-existing fileID + // should return not found + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/5"), "DELETE", nil) + assert.NoError(t, err) + assert.Equalf(t, 404, code, "Response body: \n%v\n", resp) + + // authenticate as guest user C + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.GuestCredentials) + assert.NoError(t, err) + + // try to DELETE file of simulation model as guest + // should return an unprocessable entity error + code, resp, err = helper.TestEndpoint(router, token, fmt.Sprintf("/api/files/%v", newFileID), "DELETE", nil) assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // try to DELETE file of widget as guest + // should return an unprocessable entity error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID2), "DELETE", nil) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // authenticate as normal user + token, err = helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserACredentials) + assert.NoError(t, err) + + // Delete the added file 1 + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID), "DELETE", nil) + assert.NoError(t, err) + assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) + + // Delete the added file 2 + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files/%v", newFileID2), "DELETE", nil) + assert.NoError(t, err) assert.Equalf(t, 200, code, "Response body: \n%v\n", resp) // Again count the number of all the files returned for simulation model @@ -363,90 +598,156 @@ func TestGetAllFilesOfSimulationModel(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing - // by adding a scenario and a simulator to the DB // using the respective endpoints of the API - _, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel() + _, _, simulationModelID, _, widgetID := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget() - // authenticate as normal user + // authenticate as userB who has no access to the elements in the DB token, err := helper.AuthenticateForTest(router, + "/api/authenticate", "POST", helper.UserBCredentials) + assert.NoError(t, err) + + // try to get all files for simulation model to which userB has not access + // should return unprocessable entity error + code, resp, err := helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // try to get all files for widget to which userB has not access + // should return unprocessable entity error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "GET", nil) + assert.NoError(t, err) + assert.Equalf(t, 422, code, "Response body: \n%v\n", resp) + + // authenticate as normal userA + token, err = helper.AuthenticateForTest(router, "/api/authenticate", "POST", helper.UserACredentials) assert.NoError(t, err) + //try to get all files for unsupported object type; should return a bad request error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=wrongtype", simulationModelID), "GET", nil) + assert.NoError(t, err) + assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) + + //try to get all files with missing object ID; should return a bad request error + code, resp, err = helper.TestEndpoint(router, token, + fmt.Sprintf("/api/files?objectType=model"), "GET", nil) + assert.NoError(t, err) + assert.Equalf(t, 400, code, "Response body: \n%v\n", resp) + // Count the number of all files returned for simulation model - initialNumber, err := helper.LengthOfResponse(router, token, + initialNumberModel, err := helper.LengthOfResponse(router, token, fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil) assert.NoError(t, err) + // Count the number of all files returned for widget + initialNumberWidget, err := helper.LengthOfResponse(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "GET", nil) + assert.NoError(t, err) + // create a testfile.txt in local folder c1 := []byte("This is my testfile\n") err = ioutil.WriteFile("testfile.txt", c1, 0644) assert.NoError(t, err) - // test POST files - bodyBuf := &bytes.Buffer{} - bodyWriter := multipart.NewWriter(bodyBuf) - fileWriter, err := bodyWriter.CreateFormFile("file", "testuploadfile.txt") - assert.NoError(t, err, "writing to buffer") - // open file handle fh, err := os.Open("testfile.txt") assert.NoError(t, err, "opening file") defer fh.Close() + // test POST a file to simulation model and widget + bodyBufModel1 := &bytes.Buffer{} + bodyBufWidget1 := &bytes.Buffer{} + bodyWriterModel1 := multipart.NewWriter(bodyBufModel1) + bodyWriterWidget1 := multipart.NewWriter(bodyBufWidget1) + fileWriterModel1, err := bodyWriterModel1.CreateFormFile("file", "testuploadfile.txt") + assert.NoError(t, err, "writing to buffer") + fileWriterWidget1, err := bodyWriterWidget1.CreateFormFile("file", "testuploadfile.txt") + assert.NoError(t, err, "writing to buffer") // io copy - _, err = io.Copy(fileWriter, fh) + _, err = io.Copy(fileWriterModel1, fh) assert.NoError(t, err, "IO copy") + _, err = io.Copy(fileWriterWidget1, fh) + assert.NoError(t, err, "IO copy") + contentTypeModel1 := bodyWriterModel1.FormDataContentType() + contentTypeWidget1 := bodyWriterWidget1.FormDataContentType() + bodyWriterModel1.Close() + bodyWriterWidget1.Close() - contentType := bodyWriter.FormDataContentType() - bodyWriter.Close() - //req, err := http.NewRequest("POST", "/api/files?objectID=1&objectType=widget", bodyBuf) - - // Create the request + // Create the request for simulation model w := httptest.NewRecorder() - req, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBuf) + req, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBufModel1) assert.NoError(t, err, "create request") - - req.Header.Set("Content-Type", contentType) + req.Header.Set("Content-Type", contentTypeModel1) req.Header.Add("Authorization", "Bearer "+token) router.ServeHTTP(w, req) assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body) - //fmt.Println(w.Body) - // POST a second file + // Create the request for widget + w2 := httptest.NewRecorder() + req2, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), bodyBufWidget1) + assert.NoError(t, err, "create request") + req2.Header.Set("Content-Type", contentTypeWidget1) + req2.Header.Add("Authorization", "Bearer "+token) + router.ServeHTTP(w2, req2) + assert.Equalf(t, 200, w2.Code, "Response body: \n%v\n", w2.Body) - bodyBuf2 := &bytes.Buffer{} - bodyWriter2 := multipart.NewWriter(bodyBuf2) - fileWriter2, err := bodyWriter2.CreateFormFile("file", "testuploadfile2.txt") - assert.NoError(t, err, "writing to buffer") + // POST a second file to simulation model and widget - // open file handle + // open a second file handle fh2, err := os.Open("testfile.txt") assert.NoError(t, err, "opening file") defer fh2.Close() + bodyBufModel2 := &bytes.Buffer{} + bodyBufWidget2 := &bytes.Buffer{} + bodyWriterModel2 := multipart.NewWriter(bodyBufModel2) + bodyWriterWidget2 := multipart.NewWriter(bodyBufWidget2) + fileWriterModel2, err := bodyWriterModel2.CreateFormFile("file", "testuploadfile2.txt") + assert.NoError(t, err, "writing to buffer") + fileWriterWidget2, err := bodyWriterWidget2.CreateFormFile("file", "testuploadfile2.txt") + assert.NoError(t, err, "writing to buffer") + // io copy - _, err = io.Copy(fileWriter2, fh2) + _, err = io.Copy(fileWriterModel2, fh2) assert.NoError(t, err, "IO copy") + _, err = io.Copy(fileWriterWidget2, fh2) + assert.NoError(t, err, "IO copy") + contentTypeModel2 := bodyWriterModel2.FormDataContentType() + contentTypeWidget2 := bodyWriterWidget2.FormDataContentType() + bodyWriterModel2.Close() + bodyWriterWidget2.Close() - contentType = bodyWriter2.FormDataContentType() - bodyWriter2.Close() - - w2 := httptest.NewRecorder() - req, err = http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBuf2) + w3 := httptest.NewRecorder() + req3, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBufModel2) assert.NoError(t, err, "create request") + req3.Header.Set("Content-Type", contentTypeModel2) + req3.Header.Add("Authorization", "Bearer "+token) + router.ServeHTTP(w3, req3) + assert.Equalf(t, 200, w3.Code, "Response body: \n%v\n", w3.Body) - req.Header.Set("Content-Type", contentType) - req.Header.Add("Authorization", "Bearer "+token) - router.ServeHTTP(w2, req) - assert.Equalf(t, 200, w2.Code, "Response body: \n%v\n", w2.Body) + w4 := httptest.NewRecorder() + req4, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), bodyBufWidget2) + assert.NoError(t, err, "create request") + req4.Header.Set("Content-Type", contentTypeWidget2) + req4.Header.Add("Authorization", "Bearer "+token) + router.ServeHTTP(w4, req4) + assert.Equalf(t, 200, w4.Code, "Response body: \n%v\n", w4.Body) // Again count the number of all the files returned for simulation model - finalNumber, err := helper.LengthOfResponse(router, token, + finalNumberModel, err := helper.LengthOfResponse(router, token, fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil) assert.NoError(t, err) + assert.Equal(t, initialNumberModel+2, finalNumberModel) - assert.Equal(t, initialNumber+2, finalNumber) + // Again count the number of all the files returned for widget + finalNumberWidget, err := helper.LengthOfResponse(router, token, + fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "GET", nil) + assert.NoError(t, err) + assert.Equal(t, initialNumberWidget+2, finalNumberWidget) } diff --git a/routes/scenario/scenario_middleware.go b/routes/scenario/scenario_middleware.go index 13cc1e2..074604a 100644 --- a/routes/scenario/scenario_middleware.go +++ b/routes/scenario/scenario_middleware.go @@ -14,7 +14,7 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, screnarioIDSource err := database.ValidateRole(c, database.ModelScenario, operation) if err != nil { - helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err)) + helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of scenario failed): %v", err)) return false, so } diff --git a/routes/scenario/scenario_test.go b/routes/scenario/scenario_test.go index 2939dd5..fee8845 100644 --- a/routes/scenario/scenario_test.go +++ b/routes/scenario/scenario_test.go @@ -42,7 +42,7 @@ func TestAddScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -94,7 +94,7 @@ func TestUpdateScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -157,7 +157,7 @@ func TestGetAllScenariosAsAdmin(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -218,7 +218,7 @@ func TestGetAllScenariosAsUser(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal userB token, err := helper.AuthenticateForTest(router, @@ -275,7 +275,7 @@ func TestDeleteScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -324,7 +324,7 @@ func TestAddUserToScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -379,7 +379,7 @@ func TestGetAllUsersOfScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -424,7 +424,7 @@ func TestRemoveUserFromScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, diff --git a/routes/signal/signal_middleware.go b/routes/signal/signal_middleware.go index 672e26d..0cec06e 100644 --- a/routes/signal/signal_middleware.go +++ b/routes/signal/signal_middleware.go @@ -15,7 +15,7 @@ func checkPermissions(c *gin.Context, operation database.CRUD) (bool, Signal) { err := database.ValidateRole(c, database.ModelSignal, operation) if err != nil { - helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error())) + helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of signal failed): %v", err.Error())) return false, sig } diff --git a/routes/signal/signal_test.go b/routes/signal/signal_test.go index f3ed322..d7e34d7 100644 --- a/routes/signal/signal_test.go +++ b/routes/signal/signal_test.go @@ -127,7 +127,7 @@ func TestMain(m *testing.M) { func TestAddSignal(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB @@ -185,7 +185,7 @@ func TestAddSignal(t *testing.T) { func TestUpdateSignal(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB @@ -249,7 +249,7 @@ func TestUpdateSignal(t *testing.T) { func TestDeleteSignal(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB @@ -317,7 +317,7 @@ func TestDeleteSignal(t *testing.T) { func TestGetAllInputSignalsOfSimulationModel(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB diff --git a/routes/simulationmodel/simulationmodel_middleware.go b/routes/simulationmodel/simulationmodel_middleware.go index ada13bb..d6b016a 100644 --- a/routes/simulationmodel/simulationmodel_middleware.go +++ b/routes/simulationmodel/simulationmodel_middleware.go @@ -15,7 +15,7 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, modelIDSource str err := database.ValidateRole(c, database.ModelSimulationModel, operation) if err != nil { - helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error())) + helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of simulation model failed): %v", err.Error())) return false, m } diff --git a/routes/simulationmodel/simulationmodel_test.go b/routes/simulationmodel/simulationmodel_test.go index fd037d1..74c329f 100644 --- a/routes/simulationmodel/simulationmodel_test.go +++ b/routes/simulationmodel/simulationmodel_test.go @@ -102,7 +102,7 @@ func TestMain(m *testing.M) { func TestAddSimulationModel(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB @@ -161,7 +161,7 @@ func TestUpdateSimulationModel(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB @@ -223,7 +223,7 @@ func TestUpdateSimulationModel(t *testing.T) { func TestDeleteSimulationModel(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB @@ -277,7 +277,7 @@ func TestDeleteSimulationModel(t *testing.T) { func TestGetAllSimulationModelsOfScenario(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // prepare the content of the DB for testing // by adding a scenario and a simulator to the DB diff --git a/routes/simulator/simulator_middleware.go b/routes/simulator/simulator_middleware.go index 0c02b46..7189a10 100644 --- a/routes/simulator/simulator_middleware.go +++ b/routes/simulator/simulator_middleware.go @@ -1,6 +1,7 @@ package simulator import ( + "fmt" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/database" "git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/helper" "github.com/gin-gonic/gin" @@ -12,7 +13,7 @@ func checkPermissions(c *gin.Context, modeltype database.ModelName, operation da err := database.ValidateRole(c, modeltype, operation) if err != nil { - helper.UnprocessableEntityError(c, err.Error()) + helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of simulator failed): %v", err.Error())) return false, s } diff --git a/routes/simulator/simulator_test.go b/routes/simulator/simulator_test.go index 965b37c..1368963 100644 --- a/routes/simulator/simulator_test.go +++ b/routes/simulator/simulator_test.go @@ -44,7 +44,7 @@ func TestMain(m *testing.M) { func TestAddSimulatorAsAdmin(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -87,7 +87,7 @@ func TestAddSimulatorAsAdmin(t *testing.T) { func TestAddSimulatorAsUser(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as user token, err := helper.AuthenticateForTest(router, @@ -114,7 +114,7 @@ func TestAddSimulatorAsUser(t *testing.T) { func TestUpdateSimulatorAsAdmin(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -169,7 +169,7 @@ func TestUpdateSimulatorAsAdmin(t *testing.T) { func TestUpdateSimulatorAsUser(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -211,7 +211,7 @@ func TestUpdateSimulatorAsUser(t *testing.T) { func TestDeleteSimulatorAsAdmin(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -261,7 +261,7 @@ func TestDeleteSimulatorAsAdmin(t *testing.T) { func TestDeleteSimulatorAsUser(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -302,7 +302,7 @@ func TestDeleteSimulatorAsUser(t *testing.T) { func TestGetAllSimulators(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -363,7 +363,7 @@ func TestGetAllSimulators(t *testing.T) { func TestGetSimulationModelsOfSimulator(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, diff --git a/routes/user/user_test.go b/routes/user/user_test.go index bf8bf8f..4e084f0 100644 --- a/routes/user/user_test.go +++ b/routes/user/user_test.go @@ -42,7 +42,7 @@ func TestAddGetUser(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -90,7 +90,7 @@ func TestUsersNotAllowedActions(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -150,7 +150,7 @@ func TestGetAllUsers(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -186,7 +186,7 @@ func TestModifyAddedUserAsUser(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -297,7 +297,7 @@ func TestInvalidUserUpdate(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -348,7 +348,7 @@ func TestModifyAddedUserAsAdmin(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, @@ -430,7 +430,7 @@ func TestDeleteUser(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as admin token, err := helper.AuthenticateForTest(router, diff --git a/routes/widget/widget_middleware.go b/routes/widget/widget_middleware.go index 7d3cb3e..93f5daf 100644 --- a/routes/widget/widget_middleware.go +++ b/routes/widget/widget_middleware.go @@ -15,7 +15,7 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, widgetIDBody int) var err error err = database.ValidateRole(c, database.ModelWidget, operation) if err != nil { - helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error())) + helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of widget failed): %v", err.Error())) return false, w } diff --git a/routes/widget/widget_test.go b/routes/widget/widget_test.go index 766c2fc..75b8fbf 100644 --- a/routes/widget/widget_test.go +++ b/routes/widget/widget_test.go @@ -98,7 +98,7 @@ func TestMain(m *testing.M) { func TestAddWidget(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -160,7 +160,7 @@ func TestAddWidget(t *testing.T) { func TestUpdateWidget(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -233,7 +233,7 @@ func TestUpdateWidget(t *testing.T) { func TestDeleteWidget(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router, @@ -292,7 +292,7 @@ func TestDeleteWidget(t *testing.T) { func TestGetAllWidgetsOfDashboard(t *testing.T) { database.DropTables(db) database.MigrateModels(db) - assert.NoError(t, database.DBAddAdminAndUser(db)) + assert.NoError(t, database.DBAddAdminAndUserAndGuest(db)) // authenticate as normal user token, err := helper.AuthenticateForTest(router,