add cypress coverage for user text pages

loginAsSecondUser helper backs new specs that cover the
/texts list (own-only scoping, create form, link to
/texts/{id}) and /texts/{id} detail (own access, 403 on
another user's text, owner can add a child node).

cypress/e2e/userText.cy.js

@@ -0,0 +1,57 @@
+describe('The user text detail page', () => {
+    beforeEach(() => {
+        cy.exec('npm run db:seed')
+    })
+    afterEach(() => {
+        cy.exec('npm run db:wipe')
+    })
+
+    it('renders own text with heading', () => {
+        cy.loginAsUser()
+        cy.intercept('GET', '/api/texts/0').as('getText')
+        cy.visit('/texts/0')
+        cy.wait('@getText')
+        cy.get('h1').should('contain', 'Tanach')
+    })
+
+    it('returns 403 when accessing another user text', () => {
+        cy.loginAsSecondUser()
+        cy.request({
+            url: '/api/texts/0',
+            failOnStatusCode: false,
+        }).then((response) => {
+            expect(response.status).to.eq(403)
+        })
+    })
+
+    it('owner can add a child node', () => {
+        cy.loginAsUser()
+        cy.intercept('GET', '/api/nodes/0').as('getNodes')
+        cy.visit('/texts/0')
+        cy.wait('@getNodes')
+
+        cy.get('#text-detail li').first().within(() => {
+            cy.get('button.add-child').click()
+            cy.get('input.child-title').type('My new child')
+            cy.get('button.save-child').click()
+        })
+
+        cy.contains('My new child')
+    })
+
+    it('non-owner gets 403 when posting a node to that text', () => {
+        cy.loginAsSecondUser()
+        cy.request({
+            method: 'POST',
+            url: '/api/nodes',
+            body: {
+                textId: 0,
+                title: 'Hijack',
+                parentNodeId: 0,
+            },
+            failOnStatusCode: false,
+        }).then((response) => {
+            expect(response.status).to.eq(403)
+        })
+    })
+})

cypress/e2e/userTexts.cy.js

@@ -0,0 +1,53 @@
+describe('The user texts page', () => {
+    beforeEach(() => {
+        cy.exec('npm run db:seed')
+        cy.loginAsUser()
+    })
+    afterEach(() => {
+        cy.exec('npm run db:wipe')
+    })
+
+    it('shows my texts page with heading and form', () => {
+        cy.visit('/texts')
+        cy.get('h1').should('contain', 'My Texts')
+        cy.get('#newTextName').should('exist')
+        cy.get('#submit').should('exist')
+    })
+
+    it('lists the seeded text owned by the user', () => {
+        cy.intercept('GET', '/api/texts').as('getTexts')
+        cy.visit('/texts')
+        cy.wait('@getTexts')
+        cy.get('#texts-list').should('contain', 'Tanach')
+    })
+
+    it('creates a new text', () => {
+        cy.visit('/texts')
+        cy.get('#newTextName').type('My Notes')
+        cy.get('#submit').click()
+        cy.contains('My Notes')
+    })
+
+    it('newly created text links to /texts/{id}', () => {
+        cy.visit('/texts')
+        cy.get('#newTextName').type('Linked Text')
+        cy.get('#submit').click()
+        cy.get('a')
+            .contains('Linked Text')
+            .should('have.attr', 'href')
+            .and('match', /^\/texts\/\d+$/)
+    })
+
+    it('does not show texts owned by other users', () => {
+        cy.loginAsSecondUser()
+        cy.visit('/texts')
+        cy.get('#texts-list').should('not.contain', 'Tanach')
+    })
+
+    it('navigates to user text detail on click', () => {
+        cy.visit('/texts')
+        cy.get('a').contains('Tanach').click()
+        cy.url().should('match', /\/texts\/0$/)
+        cy.get('#back').should('have.attr', 'href', '/texts')
+    })
+})

cypress/support/commands.js

@@ -13,3 +13,7 @@ Cypress.Commands.add('loginAsAdmin', () => {
 Cypress.Commands.add('loginAsUser', () => {
     cy.login('user@example.com', 'password1')
 })
+
+Cypress.Commands.add('loginAsSecondUser', () => {
+    cy.login('user2@example.com', 'password2')
+})