diff --git a/cypress/e2e/userText.cy.js b/cypress/e2e/userText.cy.js index f26cc61..2318f07 100644 --- a/cypress/e2e/userText.cy.js +++ b/cypress/e2e/userText.cy.js @@ -55,4 +55,23 @@ describe('The user text detail page', () => { expect(response.status).to.eq(403) }) }) + + it('non-owner sees forbidden message when viewing another user text', () => { + cy.loginAsSecondUser() + cy.intercept('GET', '/api/texts/0').as('getText') + cy.visit('/texts/0') + cy.wait('@getText') + cy.get('#text-detail').should( + 'contain', + "You don't have permission to view this text" + ) + }) + + it('user sees not found for non-existent text', () => { + cy.loginAsUser() + cy.intercept('GET', '/api/texts/999').as('getText') + cy.visit('/texts/999') + cy.wait('@getText') + cy.get('#text-detail').should('contain', 'Text not found') + }) }) diff --git a/public/js/text.js b/public/js/text.js index 90221d2..2b021d0 100644 --- a/public/js/text.js +++ b/public/js/text.js @@ -4,8 +4,24 @@ document.addEventListener('DOMContentLoaded', () => { const textId = window.location.pathname.split('/').pop(); fetch('/api/texts/' + textId, { credentials: 'same-origin' }) - .then(res => res.json()) - .then(text => { + .then(function (res) { + if (!res.ok) { + if (res.status === 403) { + const message = document.createElement('p'); + message.textContent = + "You don't have permission to view this text"; + document.getElementById('text-detail').appendChild(message); + } else if (res.status === 404) { + const message = document.createElement('p'); + message.textContent = 'Text not found'; + document.getElementById('text-detail').appendChild(message); + } + return; + } + return res.json(); + }) + .then(function (text) { + if (!text) return; const h1 = document.createElement('h1'); h1.textContent = text.name; document.getElementById('text-detail').appendChild(h1);