bec880886b
- Priority 1: Test NewSendEmailTask + NewSendPushTask (5 tests) - Priority 2: Test customHTTPErrorHandler — all 15+ branches (21 tests) - Priority 3: Extract Enqueuer interface + payload builders in worker pkg (5 tests) - Priority 4: Extract ClassifyFile/ComputeRelPath in migrate-encrypt (6 tests) - Priority 5: Define Handler interfaces, refactor to accept them, mock-based tests (14 tests) - Fix .gitignore: /worker instead of worker to stop ignoring internal/worker/ Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
459 lines
18 KiB
Go
459 lines
18 KiB
Go
package handlers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/treytartt/honeydue-api/internal/models"
|
|
"github.com/treytartt/honeydue-api/internal/repositories"
|
|
"github.com/treytartt/honeydue-api/internal/services"
|
|
"github.com/treytartt/honeydue-api/internal/testutil"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
func setupDocumentHandler(t *testing.T) (*DocumentHandler, *echo.Echo, *gorm.DB) {
|
|
db := testutil.SetupTestDB(t)
|
|
documentRepo := repositories.NewDocumentRepository(db)
|
|
residenceRepo := repositories.NewResidenceRepository(db)
|
|
documentService := services.NewDocumentService(documentRepo, residenceRepo)
|
|
handler := NewDocumentHandler(documentService, nil) // nil storage for JSON-only tests
|
|
e := testutil.SetupTestRouter()
|
|
return handler, e, db
|
|
}
|
|
|
|
func TestDocumentHandler_ListDocuments(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
activeDoc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc")
|
|
inactiveDoc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Old Doc")
|
|
require.NoError(t, db.Model(&inactiveDoc).Update("is_active", false).Error)
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.GET("/", handler.ListDocuments)
|
|
|
|
t.Run("successful list", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", "/api/documents/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response []map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Len(t, response, 1)
|
|
assert.Equal(t, activeDoc.Title, response[0]["title"])
|
|
})
|
|
|
|
t.Run("can list inactive documents when requested", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", "/api/documents/?is_active=false", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response []map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Len(t, response, 1)
|
|
assert.Equal(t, inactiveDoc.Title, response[0]["title"])
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_CreateDocument(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.POST("/", handler.CreateDocument)
|
|
|
|
t.Run("successful creation via JSON", func(t *testing.T) {
|
|
body := map[string]interface{}{
|
|
"title": "Warranty Doc",
|
|
"residence_id": residence.ID,
|
|
}
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusCreated)
|
|
|
|
var response map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, "Warranty Doc", response["title"])
|
|
})
|
|
|
|
t.Run("creation without residence access", func(t *testing.T) {
|
|
otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "password")
|
|
otherResidence := testutil.CreateTestResidence(t, db, otherUser.ID, "Other House")
|
|
|
|
body := map[string]interface{}{
|
|
"title": "Unauthorized Doc",
|
|
"residence_id": otherResidence.ID,
|
|
}
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusForbidden)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_GetDocument(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.GET("/:id/", handler.GetDocument)
|
|
|
|
t.Run("successful get", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, "Test Doc", response["title"])
|
|
})
|
|
|
|
t.Run("document not found", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", "/api/documents/99999/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusNotFound)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_DeleteDocumentImage(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc")
|
|
|
|
// Create a document image directly
|
|
img := &models.DocumentImage{
|
|
DocumentID: doc.ID,
|
|
ImageURL: "https://example.com/img.jpg",
|
|
Caption: "Test image",
|
|
}
|
|
require.NoError(t, db.Create(img).Error)
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.DELETE("/:id/images/:imageId/", handler.DeleteDocumentImage)
|
|
|
|
t.Run("successful delete", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/images/%d/", doc.ID, img.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, "Test Doc", response["title"])
|
|
|
|
// Verify image is deleted
|
|
images := response["images"].([]interface{})
|
|
assert.Len(t, images, 0)
|
|
})
|
|
|
|
t.Run("image not found", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/images/99999/", doc.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("document not found", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "DELETE", "/api/documents/99999/images/1/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("access denied", func(t *testing.T) {
|
|
otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "password")
|
|
otherResidence := testutil.CreateTestResidence(t, db, otherUser.ID, "Other House")
|
|
otherDoc := testutil.CreateTestDocument(t, db, otherResidence.ID, otherUser.ID, "Other Doc")
|
|
|
|
otherImg := &models.DocumentImage{
|
|
DocumentID: otherDoc.ID,
|
|
ImageURL: "https://example.com/other.jpg",
|
|
}
|
|
require.NoError(t, db.Create(otherImg).Error)
|
|
|
|
w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/images/%d/", otherDoc.ID, otherImg.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusForbidden)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_UploadDocumentImage_NoStorage(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.POST("/:id/images/", handler.UploadDocumentImage)
|
|
|
|
t.Run("document not found", func(t *testing.T) {
|
|
// Send a plain request (no multipart) - will fail at parse
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/99999/images/", nil, "test-token")
|
|
// Should get 400 because no multipart form
|
|
assert.True(t, w.Code == http.StatusBadRequest || w.Code == http.StatusNotFound,
|
|
"expected 400 or 404, got %d", w.Code)
|
|
})
|
|
|
|
_ = doc // used to set up test data
|
|
}
|
|
|
|
func TestDocumentHandler_DeleteDocument(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "password")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.DELETE("/:id/", handler.DeleteDocument)
|
|
|
|
t.Run("successful delete", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
})
|
|
|
|
t.Run("document not found after delete", func(t *testing.T) {
|
|
// Already soft-deleted above
|
|
w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusNotFound)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_UpdateDocument(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Original Title")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.PUT("/:id/", handler.UpdateDocument)
|
|
|
|
t.Run("successful update", func(t *testing.T) {
|
|
newTitle := "Updated Title"
|
|
req := map[string]interface{}{
|
|
"title": newTitle,
|
|
}
|
|
w := testutil.MakeRequest(e, "PUT", fmt.Sprintf("/api/documents/%d/", doc.ID), req, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, "Updated Title", response["title"])
|
|
})
|
|
|
|
t.Run("invalid id returns 400", func(t *testing.T) {
|
|
req := map[string]interface{}{"title": "Updated"}
|
|
w := testutil.MakeRequest(e, "PUT", "/api/documents/invalid/", req, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
|
|
t.Run("not found returns 404", func(t *testing.T) {
|
|
req := map[string]interface{}{"title": "Updated"}
|
|
w := testutil.MakeRequest(e, "PUT", "/api/documents/99999/", req, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("access denied for other user", func(t *testing.T) {
|
|
otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "Password123")
|
|
|
|
e2 := testutil.SetupTestRouter()
|
|
otherGroup := e2.Group("/api/documents")
|
|
otherGroup.Use(testutil.MockAuthMiddleware(otherUser))
|
|
otherGroup.PUT("/:id/", handler.UpdateDocument)
|
|
|
|
req := map[string]interface{}{"title": "Hacked"}
|
|
w := testutil.MakeRequest(e2, "PUT", fmt.Sprintf("/api/documents/%d/", doc.ID), req, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusForbidden)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_ListDocuments_Filters(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Active Doc")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.GET("/", handler.ListDocuments)
|
|
|
|
t.Run("filter by residence", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", fmt.Sprintf("/api/documents/?residence=%d", residence.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response []map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Len(t, response, 1)
|
|
})
|
|
|
|
t.Run("filter by search", func(t *testing.T) {
|
|
t.Skip("ILIKE is not supported in SQLite; search filter requires PostgreSQL")
|
|
})
|
|
|
|
t.Run("expiring_soon out of range returns 400", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", "/api/documents/?expiring_soon=5000", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_ListWarranties(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
|
|
// Create a warranty document
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Warranty Doc")
|
|
require.NoError(t, db.Model(doc).Update("document_type", "warranty").Error)
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.GET("/warranties/", handler.ListWarranties)
|
|
|
|
t.Run("successful list warranties", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", "/api/documents/warranties/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_ActivateDeactivateDocument(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Toggle Doc")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.POST("/:id/deactivate/", handler.DeactivateDocument)
|
|
authGroup.POST("/:id/activate/", handler.ActivateDocument)
|
|
|
|
t.Run("deactivate document", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "POST", fmt.Sprintf("/api/documents/%d/deactivate/", doc.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, false, response["is_active"])
|
|
})
|
|
|
|
t.Run("activate document", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "POST", fmt.Sprintf("/api/documents/%d/activate/", doc.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusOK)
|
|
|
|
var response map[string]interface{}
|
|
err := json.Unmarshal(w.Body.Bytes(), &response)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, true, response["is_active"])
|
|
})
|
|
|
|
t.Run("activate invalid id returns 400", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/invalid/activate/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
|
|
t.Run("deactivate invalid id returns 400", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/invalid/deactivate/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
|
|
t.Run("activate not found returns 404", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/99999/activate/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusNotFound)
|
|
})
|
|
|
|
t.Run("deactivate not found returns 404", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/99999/deactivate/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusNotFound)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_CreateDocument_ValidationErrors(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.POST("/", handler.CreateDocument)
|
|
|
|
t.Run("missing title returns 400", func(t *testing.T) {
|
|
body := map[string]interface{}{
|
|
"residence_id": residence.ID,
|
|
}
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
|
|
t.Run("missing residence_id returns 400", func(t *testing.T) {
|
|
body := map[string]interface{}{
|
|
"title": "Test Doc",
|
|
}
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
|
|
t.Run("invalid document_type returns 400", func(t *testing.T) {
|
|
body := map[string]interface{}{
|
|
"title": "Test Doc",
|
|
"residence_id": residence.ID,
|
|
"document_type": "invalid_type",
|
|
}
|
|
w := testutil.MakeRequest(e, "POST", "/api/documents/", body, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_GetDocument_InvalidID(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.GET("/:id/", handler.GetDocument)
|
|
|
|
t.Run("invalid id returns 400", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "GET", "/api/documents/invalid/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_DeleteDocument_InvalidID(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(user))
|
|
authGroup.DELETE("/:id/", handler.DeleteDocument)
|
|
|
|
t.Run("invalid id returns 400", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "DELETE", "/api/documents/invalid/", nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusBadRequest)
|
|
})
|
|
}
|
|
|
|
func TestDocumentHandler_DeleteDocument_AccessDenied(t *testing.T) {
|
|
handler, e, db := setupDocumentHandler(t)
|
|
user := testutil.CreateTestUser(t, db, "owner", "owner@test.com", "Password123")
|
|
otherUser := testutil.CreateTestUser(t, db, "other", "other@test.com", "Password123")
|
|
residence := testutil.CreateTestResidence(t, db, user.ID, "Test House")
|
|
doc := testutil.CreateTestDocument(t, db, residence.ID, user.ID, "Test Doc")
|
|
|
|
authGroup := e.Group("/api/documents")
|
|
authGroup.Use(testutil.MockAuthMiddleware(otherUser))
|
|
authGroup.DELETE("/:id/", handler.DeleteDocument)
|
|
|
|
t.Run("access denied for other user", func(t *testing.T) {
|
|
w := testutil.MakeRequest(e, "DELETE", fmt.Sprintf("/api/documents/%d/", doc.ID), nil, "test-token")
|
|
testutil.AssertStatusCode(t, w, http.StatusForbidden)
|
|
})
|
|
}
|