Revision of (file) testing

- create a guest user and modify function that adds users to the DB for testing
- improve code coverage of file endpoint tests and remove some obsolete code from file package
- add more error info if role validation fails in all endpoints
- change response of GET files to only return the file data and nothing else
- fix some bugs in file endpoints that became visible by the tests

database/database_test.go

@@ -367,7 +367,7 @@ func TestAddAdminAndUsers(t *testing.T) {
 	DropTables(db)
 	MigrateModels(db)
 
-	assert.NoError(t, DBAddAdminAndUser(db))
+	assert.NoError(t, DBAddAdminAndUserAndGuest(db))
 }
 
 func TestAddData(t *testing.T) {

database/testdata.go

@@ -16,12 +16,14 @@ import (
 var StrPassword0 = "xyz789"
 var StrPasswordA = "abc123"
 var StrPasswordB = "bcd234"
+var StrPasswordC = "guestpw"
 
 // Hash passwords with bcrypt algorithm
 var bcryptCost = 10
 var pw0, _ = bcrypt.GenerateFromPassword([]byte(StrPassword0), bcryptCost)
 var pwA, _ = bcrypt.GenerateFromPassword([]byte(StrPasswordA), bcryptCost)
 var pwB, _ = bcrypt.GenerateFromPassword([]byte(StrPasswordB), bcryptCost)
+var pwC, _ = bcrypt.GenerateFromPassword([]byte(StrPasswordC), bcryptCost)
 
 var User0 = User{Username: "User_0", Password: string(pw0),
 	Role: "Admin", Mail: "User_0@example.com"}
@@ -29,6 +31,8 @@ var UserA = User{Username: "User_A", Password: string(pwA),
 	Role: "User", Mail: "User_A@example.com"}
 var UserB = User{Username: "User_B", Password: string(pwB),
 	Role: "User", Mail: "User_B@example.com"}
+var UserC = User{Username: "User_C", Password: string(pwC),
+	Role: "Guest", Mail: "User_C@example.com"}
 
 // Simulators
 
@@ -205,19 +209,22 @@ func DBAddAdminUser(db *gorm.DB) error {
 	return err
 }
 
-func DBAddAdminAndUser(db *gorm.DB) error {
+func DBAddAdminAndUserAndGuest(db *gorm.DB) error {
 	db.AutoMigrate(&User{})
 
 	//create a copy of global test data
 	user0 := User0
 	userA := UserA
 	userB := UserB
-	// add admin user to DB
+	userC := UserC
 
+	// add admin user to DB
 	err := db.Create(&user0).Error
 	// add normal users to DB
 	err = db.Create(&userA).Error
 	err = db.Create(&userB).Error
+	// add guest user to DB
+	err = db.Create(&userC).Error
 	return err
 }
 

helper/test_utilities.go

@@ -22,6 +22,7 @@ type KeyModels map[string]interface{}
 var StrPassword0 = "xyz789"
 var StrPasswordA = "abc123"
 var StrPasswordB = "bcd234"
+var StrPasswordC = "guestpw"
 
 type Credentials struct {
 	Username string
@@ -43,6 +44,11 @@ var UserBCredentials = Credentials{
 	Password: StrPasswordB,
 }
 
+var GuestCredentials = Credentials{
+	Username: "User_C",
+	Password: StrPasswordC,
+}
+
 // ############################################################################
 // #################### Functions used for testing ############################
 // ############################################################################

routes/dashboard/dashboard_test.go

@@ -70,7 +70,7 @@ func TestMain(m *testing.M) {
 func TestAddDashboard(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -156,7 +156,7 @@ func TestAddDashboard(t *testing.T) {
 func TestUpdateDashboard(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -220,7 +220,7 @@ func TestUpdateDashboard(t *testing.T) {
 func TestDeleteDashboard(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -293,7 +293,7 @@ func TestDeleteDashboard(t *testing.T) {
 func TestGetAllDashboardsOfScenario(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,

routes/file/file_endpoints.go

@@ -119,12 +119,12 @@ func addFile(c *gin.Context) {
 	// Check access
 	var ok bool
 	if objectType == "model" {
-		ok, _ = simulationmodel.CheckPermissions(c, database.Create, "body", objectID)
+		ok, _ = simulationmodel.CheckPermissions(c, database.Update, "body", objectID)
 		if !ok {
 			return
 		}
 	} else {
-		ok, _ = widget.CheckPermissions(c, database.Create, objectID)
+		ok, _ = widget.CheckPermissions(c, database.Update, objectID)
 		if !ok {
 			return
 		}
@@ -139,8 +139,7 @@ func addFile(c *gin.Context) {
 
 	var newFile File
 	err = newFile.register(file_header, objectType, uint(objectID))
-	if err != nil {
+	if helper.DBError(c, err) {
-		helper.DBError(c, err)
 		return
 	}
 
@@ -173,12 +172,9 @@ func getFile(c *gin.Context) {
 	}
 
 	err := f.download(c)
-	if err != nil {
+	if helper.DBError(c, err) {
-		helper.DBError(c, err)
 		return
 	}
-
-	c.JSON(http.StatusOK, gin.H{"file": f.File})
 }
 
 // updateFile godoc
@@ -209,21 +205,14 @@ func updateFile(c *gin.Context) {
 	}
 
 	// Extract file from PUT request form
-	err := c.Request.ParseForm()
+	fileHeader, err := c.FormFile("file")
 	if err != nil {
 		helper.BadRequestError(c, fmt.Sprintf("Get form error: %s", err.Error()))
 		return
 	}
 
-	file_header, err := c.FormFile("file")
+	err = f.update(fileHeader)
-	if err != nil {
+	if helper.DBError(c, err) {
-		helper.BadRequestError(c, fmt.Sprintf("Get form error: %s", err.Error()))
-		return
-	}
-
-	err = f.update(file_header)
-	if err != nil {
-		helper.DBError(c, err)
 		return
 	}
 
@@ -251,8 +240,7 @@ func deleteFile(c *gin.Context) {
 	}
 
 	err := f.delete()
-	if err != nil {
+	if helper.DBError(c, err) {
-		helper.DBError(c, err)
 		return
 	}
 

routes/file/file_methods.go

@@ -18,15 +18,6 @@ type File struct {
 	database.File
 }
 
-func (f *File) byPath(path string) error {
-	db := database.GetDB()
-	err := db.Where("Path = ?", path).Find(f).Error
-	if err != nil {
-		return err
-	}
-	return err
-}
-
 func (f *File) byID(id uint) error {
 	db := database.GetDB()
 	err := db.Find(f, id).Error

routes/file/file_middleware.go

@@ -15,7 +15,7 @@ func checkPermissions(c *gin.Context, operation database.CRUD) (bool, File) {
 
 	err := database.ValidateRole(c, database.ModelFile, operation)
 	if err != nil {
-		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error()))
+		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of file failed): %v", err.Error()))
 		return false, f
 	}
 

routes/file/file_test.go

@@ -5,10 +5,12 @@ import (
 	"fmt"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/database"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/helper"
+	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/dashboard"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/scenario"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/simulationmodel"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/simulator"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/user"
+	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/routes/widget"
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"
 	"github.com/jinzhu/gorm/dialects/postgres"
@@ -46,7 +48,28 @@ type ScenarioRequest struct {
 	StartParameters postgres.Jsonb `json:"startParameters,omitempty"`
 }
 
-func addScenarioAndSimulatorAndSimulationModel() (scenarioID uint, simulatorID uint, simulationModelID uint) {
+type DashboardRequest struct {
+	Name       string `json:"name,omitempty"`
+	Grid       int    `json:"grid,omitempty"`
+	ScenarioID uint   `json:"scenarioID,omitempty"`
+}
+
+type WidgetRequest struct {
+	Name             string         `json:"name,omitempty"`
+	Type             string         `json:"type,omitempty"`
+	Width            uint           `json:"width,omitempty"`
+	Height           uint           `json:"height,omitempty"`
+	MinWidth         uint           `json:"minWidth,omitempty"`
+	MinHeight        uint           `json:"minHeight,omitempty"`
+	X                int            `json:"x,omitempty"`
+	Y                int            `json:"y,omitempty"`
+	Z                int            `json:"z,omitempty"`
+	DashboardID      uint           `json:"dashboardID,omitempty"`
+	IsLocked         bool           `json:"isLocked,omitempty"`
+	CustomProperties postgres.Jsonb `json:"customProperties,omitempty"`
+}
+
+func addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget() (scenarioID uint, simulatorID uint, simulationModelID uint, dashboardID uint, widgetID uint) {
 
 	// authenticate as admin
 	token, _ := helper.AuthenticateForTest(router,
@@ -82,7 +105,7 @@ func addScenarioAndSimulatorAndSimulationModel() (scenarioID uint, simulatorID u
 	// Read newScenario's ID from the response
 	newScenarioID, _ := helper.GetResponseID(resp)
 
-	// test POST models/ $newSimulationModel
+	// POST new simulation model
 	newSimulationModel := SimulationModelRequest{
 		Name:            database.SimulationModelA.Name,
 		ScenarioID:      uint(newScenarioID),
@@ -95,7 +118,44 @@ func addScenarioAndSimulatorAndSimulationModel() (scenarioID uint, simulatorID u
 	// Read newSimulationModel's ID from the response
 	newSimulationModelID, _ := helper.GetResponseID(resp)
 
-	return uint(newScenarioID), uint(newSimulatorID), uint(newSimulationModelID)
+	// POST new dashboard
+	newDashboard := DashboardRequest{
+		Name:       database.DashboardA.Name,
+		Grid:       database.DashboardA.Grid,
+		ScenarioID: uint(newScenarioID),
+	}
+	_, resp, _ = helper.TestEndpoint(router, token,
+		"/api/dashboards", "POST", helper.KeyModels{"dashboard": newDashboard})
+
+	// Read newDashboard's ID from the response
+	newDashboardID, _ := helper.GetResponseID(resp)
+
+	// POST new widget
+	newWidget := WidgetRequest{
+		Name:             database.WidgetA.Name,
+		Type:             database.WidgetA.Type,
+		Width:            database.WidgetA.Width,
+		Height:           database.WidgetA.Height,
+		MinWidth:         database.WidgetA.MinWidth,
+		MinHeight:        database.WidgetA.MinHeight,
+		X:                database.WidgetA.X,
+		Y:                database.WidgetA.Y,
+		Z:                database.WidgetA.Z,
+		IsLocked:         database.WidgetA.IsLocked,
+		CustomProperties: database.WidgetA.CustomProperties,
+		DashboardID:      uint(newDashboardID),
+	}
+	_, resp, _ = helper.TestEndpoint(router, token,
+		"/api/widgets", "POST", helper.KeyModels{"widget": newWidget})
+
+	// Read newWidget's ID from the response
+	newWidgetID, _ := helper.GetResponseID(resp)
+
+	// add the guest user to the new scenario
+	_, resp, _ = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/scenarios/%v/user?username=User_C", newScenarioID), "PUT", nil)
+
+	return uint(newScenarioID), uint(newSimulatorID), uint(newSimulationModelID), uint(newDashboardID), uint(newWidgetID)
 }
 
 func TestMain(m *testing.M) {
@@ -109,7 +169,7 @@ func TestMain(m *testing.M) {
 	user.RegisterAuthenticate(api.Group("/authenticate"))
 	api.Use(user.Authentication(true))
 	// simulationmodel endpoints required here to first add a simulation to the DB
-	// that can be associated with a new signal model
+	// that can be associated with a new file
 	simulationmodel.RegisterSimulationModelEndpoints(api.Group("/models"))
 	// scenario endpoints required here to first add a scenario to the DB
 	// that can be associated with a new simulation model
@@ -117,6 +177,13 @@ func TestMain(m *testing.M) {
 	// simulator endpoints required here to first add a simulator to the DB
 	// that can be associated with a new simulation model
 	simulator.RegisterSimulatorEndpoints(api.Group("/simulators"))
+	// dashboard endpoints required here to first add a dashboard to the DB
+	// that can be associated with a new widget
+	dashboard.RegisterDashboardEndpoints(api.Group("/dashboards"))
+	// widget endpoints required here to first add a widget to the DB
+	// that can be associated with a new file
+	widget.RegisterWidgetEndpoints(api.Group("/widgets"))
+
 	RegisterFileEndpoints(api.Group("/files"))
 
 	os.Exit(m.Run())
@@ -125,18 +192,59 @@ func TestMain(m *testing.M) {
 func TestAddFile(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
-	// by adding a scenario and a simulator to the DB
 	// using the respective endpoints of the API
-	_, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel()
+	_, _, simulationModelID, _, widgetID := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget()
 
-	// authenticate as normal user
+	// authenticate as userB who has no access to the elements in the DB
 	token, err := helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserBCredentials)
+	assert.NoError(t, err)
+
+	emptyBuf := &bytes.Buffer{}
+
+	// try to POST to a simulation model to which UserB has no access
+	// should return a 422 unprocessable entity error
+	code, resp, err := helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "POST", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// try to POST to a widget to which UserB has no access
+	// should return a 422 unprocessable entity error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "POST", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// authenticate as normal userA
+	token, err = helper.AuthenticateForTest(router,
 		"/api/authenticate", "POST", helper.UserACredentials)
 	assert.NoError(t, err)
 
+	// try to POST to an invalid object type
+	// should return a bad request error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=wrongtype", widgetID), "POST", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 400, code, "Response body: \n%v\n", resp)
+
+	// try to POST without an object ID
+	// should return a bad request error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectType=model"), "POST", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 400, code, "Response body: \n%v\n", resp)
+
+	// try to POST an invalid file
+	// should return a bad request
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "POST", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 400, code, "Response body: \n%v\n", resp)
+
 	// create a testfile.txt in local folder
 	c1 := []byte("This is my testfile\n")
 	err = ioutil.WriteFile("testfile.txt", c1, 0644)
@@ -171,16 +279,29 @@ func TestAddFile(t *testing.T) {
 	router.ServeHTTP(w, req)
 
 	assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body)
-	fmt.Println(w.Body)
+	//fmt.Println(w.Body)
 
 	newFileID, err := helper.GetResponseID(w.Body)
 	assert.NoError(t, err)
 
 	// Get the new file
-	code, resp, err := helper.TestEndpoint(router, token,
+	code, resp, err = helper.TestEndpoint(router, token,
 		fmt.Sprintf("/api/files/%v", newFileID), "GET", nil)
 	assert.NoError(t, err)
 	assert.Equalf(t, 200, code, "Response body: \n%v\n", resp)
+	assert.Equalf(t, string(c1), resp.String(), "Response body: \n%v\n", resp)
+
+	// authenticate as userB who has no access to the elements in the DB
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserBCredentials)
+	assert.NoError(t, err)
+
+	// try to get a file to which user has no access
+	// should return unprocessable entity
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID), "GET", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
 
 }
 
@@ -188,12 +309,11 @@ func TestUpdateFile(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
-	// by adding a scenario and a simulator to the DB
 	// using the respective endpoints of the API
-	_, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel()
+	_, _, simulationModelID, _, _ := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget()
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -233,12 +353,49 @@ func TestUpdateFile(t *testing.T) {
 	router.ServeHTTP(w, req)
 
 	assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body)
-	fmt.Println(w.Body)
+	//fmt.Println(w.Body)
 
 	newFileID, err := helper.GetResponseID(w.Body)
 	assert.NoError(t, err)
 
+	// authenticate as userB who has no access to the elements in the DB
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserBCredentials)
+	assert.NoError(t, err)
+
+	emptyBuf := &bytes.Buffer{}
+
+	// try to PUT to a file to which UserB has no access
+	// should return a 422 unprocessable entity error
+	code, resp, err := helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID), "PUT", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// authenticate as guest user C
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.GuestCredentials)
+	assert.NoError(t, err)
+
+	// try to PUT as guest
+	// should return an unprocessable entity error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID), "PUT", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
 	// Prepare update
+	// authenticate as normal user
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserACredentials)
+	assert.NoError(t, err)
+
+	// try to PUT with empty body
+	// should return bad request
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID), "PUT", emptyBuf)
+	assert.NoError(t, err)
+	assert.Equalf(t, 400, code, "Response body: \n%v\n", resp)
 
 	// create a testfile_updated.txt in local folder
 	c2 := []byte("This is my updated testfile\n")
@@ -270,31 +427,30 @@ func TestUpdateFile(t *testing.T) {
 	req.Header.Set("Content-Type", contentType)
 	req.Header.Add("Authorization", "Bearer "+token)
 	router.ServeHTTP(w_updated, req)
-
 	assert.Equalf(t, 200, w_updated.Code, "Response body: \n%v\n", w_updated.Body)
-	fmt.Println(w_updated.Body)
+	//fmt.Println(w_updated.Body)
+	//assert.Equal(t, c2, w_updated.Header().Get("file"))
 
 	newFileIDUpdated, err := helper.GetResponseID(w_updated.Body)
 
 	assert.Equal(t, newFileID, newFileIDUpdated)
 
 	// Get the updated file
-	code, resp, err := helper.TestEndpoint(router, token,
+	code, resp, err = helper.TestEndpoint(router, token,
 		fmt.Sprintf("/api/files/%v", newFileIDUpdated), "GET", nil)
 	assert.NoError(t, err)
 	assert.Equalf(t, 200, code, "Response body: \n%v\n", resp)
-
+	assert.Equalf(t, string(c2), resp.String(), "Response body: \n%v\n", resp)
 }
 
 func TestDeleteFile(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
-	// by adding a scenario and a simulator to the DB
 	// using the respective endpoints of the API
-	_, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel()
+	_, _, simulationModelID, _, widgetID := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget()
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -306,21 +462,19 @@ func TestDeleteFile(t *testing.T) {
 	err = ioutil.WriteFile("testfile.txt", c1, 0644)
 	assert.NoError(t, err)
 
-	// test POST files
-	bodyBuf := &bytes.Buffer{}
-	bodyWriter := multipart.NewWriter(bodyBuf)
-	fileWriter, err := bodyWriter.CreateFormFile("file", "testuploadfile.txt")
-	assert.NoError(t, err, "writing to buffer")
-
 	// open file handle
 	fh, err := os.Open("testfile.txt")
 	assert.NoError(t, err, "opening file")
 	defer fh.Close()
 
+	// test POST files
+	bodyBuf := &bytes.Buffer{}
+	bodyWriter := multipart.NewWriter(bodyBuf)
+	fileWriter, err := bodyWriter.CreateFormFile("file", "testuploadfile.txt")
+	assert.NoError(t, err, "writing to buffer")
 	// io copy
 	_, err = io.Copy(fileWriter, fh)
 	assert.NoError(t, err, "IO copy")
-
 	contentType := bodyWriter.FormDataContentType()
 	bodyWriter.Close()
 	//req, err := http.NewRequest("POST", "/api/files?objectID=1&objectType=widget", bodyBuf)
@@ -329,26 +483,107 @@ func TestDeleteFile(t *testing.T) {
 	w := httptest.NewRecorder()
 	req, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBuf)
 	assert.NoError(t, err, "create request")
-
 	req.Header.Set("Content-Type", contentType)
 	req.Header.Add("Authorization", "Bearer "+token)
 	router.ServeHTTP(w, req)
-
 	assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body)
-	//fmt.Println(w.Body)
 
 	newFileID, err := helper.GetResponseID(w.Body)
 	assert.NoError(t, err)
 
+	// add a second file to a widget, this time to a widget
+	bodyBuf2 := &bytes.Buffer{}
+	bodyWriter2 := multipart.NewWriter(bodyBuf2)
+	fileWriter2, err := bodyWriter2.CreateFormFile("file", "testuploadfile.txt")
+	assert.NoError(t, err, "writing to buffer")
+	// io copy
+	_, err = io.Copy(fileWriter2, fh)
+	assert.NoError(t, err, "IO copy")
+	contentType2 := bodyWriter2.FormDataContentType()
+	bodyWriter2.Close()
+
+	// Create the request
+	w2 := httptest.NewRecorder()
+	req2, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), bodyBuf2)
+	assert.NoError(t, err, "create request")
+	req2.Header.Set("Content-Type", contentType2)
+	req2.Header.Add("Authorization", "Bearer "+token)
+	router.ServeHTTP(w2, req2)
+	assert.Equalf(t, 200, w2.Code, "Response body: \n%v\n", w2.Body)
+
+	newFileID2, err := helper.GetResponseID(w2.Body)
+	assert.NoError(t, err)
+
+	// authenticate as userB who has no access to the elements in the DB
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserBCredentials)
+	assert.NoError(t, err)
+
+	// try to DELETE file of simulation model to which userB has no access
+	// should return an unprocessable entity error
+	code, resp, err := helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID), "DELETE", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// try to DELETE file of widget to which userB has no access
+	// should return an unprocessable entity error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID2), "DELETE", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// authenticate as normal user
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserACredentials)
+	assert.NoError(t, err)
+
 	// Count the number of all files returned for simulation model
 	initialNumber, err := helper.LengthOfResponse(router, token,
 		fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil)
 	assert.NoError(t, err)
 
-	// Delete the added file
+	// try to DELETE non-existing fileID
-	code, resp, err := helper.TestEndpoint(router, token,
+	// should return not found
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/5"), "DELETE", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 404, code, "Response body: \n%v\n", resp)
+
+	// authenticate as guest user C
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.GuestCredentials)
+	assert.NoError(t, err)
+
+	// try to DELETE file of simulation model as guest
+	// should return an unprocessable entity error
+	code, resp, err = helper.TestEndpoint(router, token,
 		fmt.Sprintf("/api/files/%v", newFileID), "DELETE", nil)
 	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// try to DELETE file of widget as guest
+	// should return an unprocessable entity error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID2), "DELETE", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// authenticate as normal user
+	token, err = helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserACredentials)
+	assert.NoError(t, err)
+
+	// Delete the added file 1
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID), "DELETE", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 200, code, "Response body: \n%v\n", resp)
+
+	// Delete the added file 2
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files/%v", newFileID2), "DELETE", nil)
+	assert.NoError(t, err)
 	assert.Equalf(t, 200, code, "Response body: \n%v\n", resp)
 
 	// Again count the number of all the files returned for simulation model
@@ -363,90 +598,156 @@ func TestGetAllFilesOfSimulationModel(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
-	// by adding a scenario and a simulator to the DB
 	// using the respective endpoints of the API
-	_, _, simulationModelID := addScenarioAndSimulatorAndSimulationModel()
+	_, _, simulationModelID, _, widgetID := addScenarioAndSimulatorAndSimulationModelAndDashboardAndWidget()
 
-	// authenticate as normal user
+	// authenticate as userB who has no access to the elements in the DB
 	token, err := helper.AuthenticateForTest(router,
+		"/api/authenticate", "POST", helper.UserBCredentials)
+	assert.NoError(t, err)
+
+	// try to get all files for simulation model to which userB has not access
+	// should return unprocessable entity error
+	code, resp, err := helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// try to get all files for widget to which userB has not access
+	// should return unprocessable entity error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "GET", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 422, code, "Response body: \n%v\n", resp)
+
+	// authenticate as normal userA
+	token, err = helper.AuthenticateForTest(router,
 		"/api/authenticate", "POST", helper.UserACredentials)
 	assert.NoError(t, err)
 
+	//try to get all files for unsupported object type; should return a bad request error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=wrongtype", simulationModelID), "GET", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 400, code, "Response body: \n%v\n", resp)
+
+	//try to get all files with missing object ID; should return a bad request error
+	code, resp, err = helper.TestEndpoint(router, token,
+		fmt.Sprintf("/api/files?objectType=model"), "GET", nil)
+	assert.NoError(t, err)
+	assert.Equalf(t, 400, code, "Response body: \n%v\n", resp)
+
 	// Count the number of all files returned for simulation model
-	initialNumber, err := helper.LengthOfResponse(router, token,
+	initialNumberModel, err := helper.LengthOfResponse(router, token,
 		fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil)
 	assert.NoError(t, err)
 
+	// Count the number of all files returned for widget
+	initialNumberWidget, err := helper.LengthOfResponse(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "GET", nil)
+	assert.NoError(t, err)
+
 	// create a testfile.txt in local folder
 	c1 := []byte("This is my testfile\n")
 	err = ioutil.WriteFile("testfile.txt", c1, 0644)
 	assert.NoError(t, err)
 
-	// test POST files
-	bodyBuf := &bytes.Buffer{}
-	bodyWriter := multipart.NewWriter(bodyBuf)
-	fileWriter, err := bodyWriter.CreateFormFile("file", "testuploadfile.txt")
-	assert.NoError(t, err, "writing to buffer")
-
 	// open file handle
 	fh, err := os.Open("testfile.txt")
 	assert.NoError(t, err, "opening file")
 	defer fh.Close()
 
+	// test POST a file to simulation model and widget
+	bodyBufModel1 := &bytes.Buffer{}
+	bodyBufWidget1 := &bytes.Buffer{}
+	bodyWriterModel1 := multipart.NewWriter(bodyBufModel1)
+	bodyWriterWidget1 := multipart.NewWriter(bodyBufWidget1)
+	fileWriterModel1, err := bodyWriterModel1.CreateFormFile("file", "testuploadfile.txt")
+	assert.NoError(t, err, "writing to buffer")
+	fileWriterWidget1, err := bodyWriterWidget1.CreateFormFile("file", "testuploadfile.txt")
+	assert.NoError(t, err, "writing to buffer")
 	// io copy
-	_, err = io.Copy(fileWriter, fh)
+	_, err = io.Copy(fileWriterModel1, fh)
 	assert.NoError(t, err, "IO copy")
+	_, err = io.Copy(fileWriterWidget1, fh)
+	assert.NoError(t, err, "IO copy")
+	contentTypeModel1 := bodyWriterModel1.FormDataContentType()
+	contentTypeWidget1 := bodyWriterWidget1.FormDataContentType()
+	bodyWriterModel1.Close()
+	bodyWriterWidget1.Close()
 
-	contentType := bodyWriter.FormDataContentType()
+	// Create the request for simulation model
-	bodyWriter.Close()
-	//req, err := http.NewRequest("POST", "/api/files?objectID=1&objectType=widget", bodyBuf)
-
-	// Create the request
 	w := httptest.NewRecorder()
-	req, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBuf)
+	req, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBufModel1)
 	assert.NoError(t, err, "create request")
-
+	req.Header.Set("Content-Type", contentTypeModel1)
-	req.Header.Set("Content-Type", contentType)
 	req.Header.Add("Authorization", "Bearer "+token)
 	router.ServeHTTP(w, req)
 	assert.Equalf(t, 200, w.Code, "Response body: \n%v\n", w.Body)
-	//fmt.Println(w.Body)
 
-	// POST a second file
+	// Create the request for widget
+	w2 := httptest.NewRecorder()
+	req2, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), bodyBufWidget1)
+	assert.NoError(t, err, "create request")
+	req2.Header.Set("Content-Type", contentTypeWidget1)
+	req2.Header.Add("Authorization", "Bearer "+token)
+	router.ServeHTTP(w2, req2)
+	assert.Equalf(t, 200, w2.Code, "Response body: \n%v\n", w2.Body)
 
-	bodyBuf2 := &bytes.Buffer{}
+	// POST a second file to simulation model and widget
-	bodyWriter2 := multipart.NewWriter(bodyBuf2)
-	fileWriter2, err := bodyWriter2.CreateFormFile("file", "testuploadfile2.txt")
-	assert.NoError(t, err, "writing to buffer")
 
-	// open file handle
+	// open a second file handle
 	fh2, err := os.Open("testfile.txt")
 	assert.NoError(t, err, "opening file")
 	defer fh2.Close()
 
+	bodyBufModel2 := &bytes.Buffer{}
+	bodyBufWidget2 := &bytes.Buffer{}
+	bodyWriterModel2 := multipart.NewWriter(bodyBufModel2)
+	bodyWriterWidget2 := multipart.NewWriter(bodyBufWidget2)
+	fileWriterModel2, err := bodyWriterModel2.CreateFormFile("file", "testuploadfile2.txt")
+	assert.NoError(t, err, "writing to buffer")
+	fileWriterWidget2, err := bodyWriterWidget2.CreateFormFile("file", "testuploadfile2.txt")
+	assert.NoError(t, err, "writing to buffer")
+
 	// io copy
-	_, err = io.Copy(fileWriter2, fh2)
+	_, err = io.Copy(fileWriterModel2, fh2)
 	assert.NoError(t, err, "IO copy")
+	_, err = io.Copy(fileWriterWidget2, fh2)
+	assert.NoError(t, err, "IO copy")
+	contentTypeModel2 := bodyWriterModel2.FormDataContentType()
+	contentTypeWidget2 := bodyWriterWidget2.FormDataContentType()
+	bodyWriterModel2.Close()
+	bodyWriterWidget2.Close()
 
-	contentType = bodyWriter2.FormDataContentType()
+	w3 := httptest.NewRecorder()
-	bodyWriter2.Close()
+	req3, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBufModel2)
-
-	w2 := httptest.NewRecorder()
-	req, err = http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), bodyBuf2)
 	assert.NoError(t, err, "create request")
+	req3.Header.Set("Content-Type", contentTypeModel2)
+	req3.Header.Add("Authorization", "Bearer "+token)
+	router.ServeHTTP(w3, req3)
+	assert.Equalf(t, 200, w3.Code, "Response body: \n%v\n", w3.Body)
 
-	req.Header.Set("Content-Type", contentType)
+	w4 := httptest.NewRecorder()
-	req.Header.Add("Authorization", "Bearer "+token)
+	req4, err := http.NewRequest("POST", fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), bodyBufWidget2)
-	router.ServeHTTP(w2, req)
+	assert.NoError(t, err, "create request")
-	assert.Equalf(t, 200, w2.Code, "Response body: \n%v\n", w2.Body)
+	req4.Header.Set("Content-Type", contentTypeWidget2)
+	req4.Header.Add("Authorization", "Bearer "+token)
+	router.ServeHTTP(w4, req4)
+	assert.Equalf(t, 200, w4.Code, "Response body: \n%v\n", w4.Body)
 
 	// Again count the number of all the files returned for simulation model
-	finalNumber, err := helper.LengthOfResponse(router, token,
+	finalNumberModel, err := helper.LengthOfResponse(router, token,
 		fmt.Sprintf("/api/files?objectID=%v&objectType=model", simulationModelID), "GET", nil)
 	assert.NoError(t, err)
+	assert.Equal(t, initialNumberModel+2, finalNumberModel)
 
-	assert.Equal(t, initialNumber+2, finalNumber)
+	// Again count the number of all the files returned for widget
+	finalNumberWidget, err := helper.LengthOfResponse(router, token,
+		fmt.Sprintf("/api/files?objectID=%v&objectType=widget", widgetID), "GET", nil)
+	assert.NoError(t, err)
+	assert.Equal(t, initialNumberWidget+2, finalNumberWidget)
 }

routes/scenario/scenario_middleware.go

@@ -14,7 +14,7 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, screnarioIDSource
 
 	err := database.ValidateRole(c, database.ModelScenario, operation)
 	if err != nil {
-		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err))
+		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of scenario failed): %v", err))
 		return false, so
 	}
 

routes/scenario/scenario_test.go

@@ -42,7 +42,7 @@ func TestAddScenario(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -94,7 +94,7 @@ func TestUpdateScenario(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -157,7 +157,7 @@ func TestGetAllScenariosAsAdmin(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -218,7 +218,7 @@ func TestGetAllScenariosAsUser(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal userB
 	token, err := helper.AuthenticateForTest(router,
@@ -275,7 +275,7 @@ func TestDeleteScenario(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -324,7 +324,7 @@ func TestAddUserToScenario(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -379,7 +379,7 @@ func TestGetAllUsersOfScenario(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -424,7 +424,7 @@ func TestRemoveUserFromScenario(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,

routes/signal/signal_middleware.go

@@ -15,7 +15,7 @@ func checkPermissions(c *gin.Context, operation database.CRUD) (bool, Signal) {
 
 	err := database.ValidateRole(c, database.ModelSignal, operation)
 	if err != nil {
-		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error()))
+		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of signal failed): %v", err.Error()))
 		return false, sig
 	}
 

routes/signal/signal_test.go

@@ -127,7 +127,7 @@ func TestMain(m *testing.M) {
 func TestAddSignal(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB
@@ -185,7 +185,7 @@ func TestAddSignal(t *testing.T) {
 func TestUpdateSignal(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB
@@ -249,7 +249,7 @@ func TestUpdateSignal(t *testing.T) {
 func TestDeleteSignal(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB
@@ -317,7 +317,7 @@ func TestDeleteSignal(t *testing.T) {
 func TestGetAllInputSignalsOfSimulationModel(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB

routes/simulationmodel/simulationmodel_middleware.go

@@ -15,7 +15,7 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, modelIDSource str
 
 	err := database.ValidateRole(c, database.ModelSimulationModel, operation)
 	if err != nil {
-		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error()))
+		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of simulation model failed): %v", err.Error()))
 		return false, m
 	}
 

routes/simulationmodel/simulationmodel_test.go

@@ -102,7 +102,7 @@ func TestMain(m *testing.M) {
 func TestAddSimulationModel(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB
@@ -161,7 +161,7 @@ func TestUpdateSimulationModel(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB
@@ -223,7 +223,7 @@ func TestUpdateSimulationModel(t *testing.T) {
 func TestDeleteSimulationModel(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB
@@ -277,7 +277,7 @@ func TestDeleteSimulationModel(t *testing.T) {
 func TestGetAllSimulationModelsOfScenario(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// prepare the content of the DB for testing
 	// by adding a scenario and a simulator to the DB

routes/simulator/simulator_middleware.go

@@ -1,6 +1,7 @@
 package simulator
 
 import (
+	"fmt"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/database"
 	"git.rwth-aachen.de/acs/public/villas/villasweb-backend-go/helper"
 	"github.com/gin-gonic/gin"
@@ -12,7 +13,7 @@ func checkPermissions(c *gin.Context, modeltype database.ModelName, operation da
 
 	err := database.ValidateRole(c, modeltype, operation)
 	if err != nil {
-		helper.UnprocessableEntityError(c, err.Error())
+		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of simulator failed): %v", err.Error()))
 		return false, s
 	}
 

routes/simulator/simulator_test.go

@@ -44,7 +44,7 @@ func TestMain(m *testing.M) {
 func TestAddSimulatorAsAdmin(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -87,7 +87,7 @@ func TestAddSimulatorAsAdmin(t *testing.T) {
 func TestAddSimulatorAsUser(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as user
 	token, err := helper.AuthenticateForTest(router,
@@ -114,7 +114,7 @@ func TestAddSimulatorAsUser(t *testing.T) {
 func TestUpdateSimulatorAsAdmin(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -169,7 +169,7 @@ func TestUpdateSimulatorAsAdmin(t *testing.T) {
 func TestUpdateSimulatorAsUser(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -211,7 +211,7 @@ func TestUpdateSimulatorAsUser(t *testing.T) {
 func TestDeleteSimulatorAsAdmin(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -261,7 +261,7 @@ func TestDeleteSimulatorAsAdmin(t *testing.T) {
 func TestDeleteSimulatorAsUser(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -302,7 +302,7 @@ func TestDeleteSimulatorAsUser(t *testing.T) {
 func TestGetAllSimulators(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -363,7 +363,7 @@ func TestGetAllSimulators(t *testing.T) {
 func TestGetSimulationModelsOfSimulator(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,

routes/user/user_test.go

@@ -42,7 +42,7 @@ func TestAddGetUser(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -90,7 +90,7 @@ func TestUsersNotAllowedActions(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -150,7 +150,7 @@ func TestGetAllUsers(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -186,7 +186,7 @@ func TestModifyAddedUserAsUser(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -297,7 +297,7 @@ func TestInvalidUserUpdate(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -348,7 +348,7 @@ func TestModifyAddedUserAsAdmin(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,
@@ -430,7 +430,7 @@ func TestDeleteUser(t *testing.T) {
 
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as admin
 	token, err := helper.AuthenticateForTest(router,

routes/widget/widget_middleware.go

@@ -15,7 +15,7 @@ func CheckPermissions(c *gin.Context, operation database.CRUD, widgetIDBody int)
 	var err error
 	err = database.ValidateRole(c, database.ModelWidget, operation)
 	if err != nil {
-		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation failed): %v", err.Error()))
+		helper.UnprocessableEntityError(c, fmt.Sprintf("Access denied (role validation of widget failed): %v", err.Error()))
 		return false, w
 	}
 

routes/widget/widget_test.go

@@ -98,7 +98,7 @@ func TestMain(m *testing.M) {
 func TestAddWidget(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -160,7 +160,7 @@ func TestAddWidget(t *testing.T) {
 func TestUpdateWidget(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -233,7 +233,7 @@ func TestUpdateWidget(t *testing.T) {
 func TestDeleteWidget(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,
@@ -292,7 +292,7 @@ func TestDeleteWidget(t *testing.T) {
 func TestGetAllWidgetsOfDashboard(t *testing.T) {
 	database.DropTables(db)
 	database.MigrateModels(db)
-	assert.NoError(t, database.DBAddAdminAndUser(db))
+	assert.NoError(t, database.DBAddAdminAndUserAndGuest(db))
 
 	// authenticate as normal user
 	token, err := helper.AuthenticateForTest(router,