describe('The user text detail page', () => { beforeEach(() => { cy.exec('npm run db:seed') }) afterEach(() => { cy.exec('npm run db:wipe') }) it('renders own text with heading', () => { cy.loginAsUser() cy.intercept('GET', '/api/texts/0').as('getText') cy.visit('/texts/0') cy.wait('@getText') cy.get('h1').should('contain', 'Tanach') }) it('returns 403 when accessing another user text', () => { cy.loginAsSecondUser() cy.request({ url: '/api/texts/0', failOnStatusCode: false, }).then((response) => { expect(response.status).to.eq(403) }) }) it('owner can add a child node', () => { cy.loginAsUser() cy.intercept('GET', '/api/nodes/0').as('getNodes') cy.visit('/texts/0') cy.wait('@getNodes') cy.get('#text-detail > ul > li').first().activateNode() .children('button.add-child').click() cy.get('#text-detail > ul > li').first() .children('input.child-title').type('My new child') cy.get('#text-detail > ul > li').first() .children('button.save-child').click() cy.contains('My new child') }) it('non-owner gets 403 when posting a node to that text', () => { cy.loginAsSecondUser() cy.request({ method: 'POST', url: '/api/nodes', body: { textId: 0, title: 'Hijack', parentNodeId: 0, }, failOnStatusCode: false, }).then((response) => { expect(response.status).to.eq(403) }) }) it('non-owner sees forbidden message when viewing another user text', () => { cy.loginAsSecondUser() cy.intercept('GET', '/api/texts/0').as('getText') cy.visit('/texts/0') cy.wait('@getText') cy.get('#text-detail').should( 'contain', "You don't have permission to view this text" ) }) it('user sees not found for non-existent text', () => { cy.loginAsUser() cy.intercept('GET', '/api/texts/999').as('getText') cy.visit('/texts/999') cy.wait('@getText') cy.get('#text-detail').should('contain', 'Text not found') }) })