Yisroel Baum
71e5fb8fda
loginAsSecondUser helper backs new specs that cover the
/texts list (own-only scoping, create form, link to
/texts/{id}) and /texts/{id} detail (own access, 403 on
another user's text, owner can add a child node).
57 lines
1.6 KiB
JavaScript
57 lines
1.6 KiB
JavaScript
describe('The user text detail page', () => {
|
|
beforeEach(() => {
|
|
cy.exec('npm run db:seed')
|
|
})
|
|
afterEach(() => {
|
|
cy.exec('npm run db:wipe')
|
|
})
|
|
|
|
it('renders own text with heading', () => {
|
|
cy.loginAsUser()
|
|
cy.intercept('GET', '/api/texts/0').as('getText')
|
|
cy.visit('/texts/0')
|
|
cy.wait('@getText')
|
|
cy.get('h1').should('contain', 'Tanach')
|
|
})
|
|
|
|
it('returns 403 when accessing another user text', () => {
|
|
cy.loginAsSecondUser()
|
|
cy.request({
|
|
url: '/api/texts/0',
|
|
failOnStatusCode: false,
|
|
}).then((response) => {
|
|
expect(response.status).to.eq(403)
|
|
})
|
|
})
|
|
|
|
it('owner can add a child node', () => {
|
|
cy.loginAsUser()
|
|
cy.intercept('GET', '/api/nodes/0').as('getNodes')
|
|
cy.visit('/texts/0')
|
|
cy.wait('@getNodes')
|
|
|
|
cy.get('#text-detail li').first().within(() => {
|
|
cy.get('button.add-child').click()
|
|
cy.get('input.child-title').type('My new child')
|
|
cy.get('button.save-child').click()
|
|
})
|
|
|
|
cy.contains('My new child')
|
|
})
|
|
|
|
it('non-owner gets 403 when posting a node to that text', () => {
|
|
cy.loginAsSecondUser()
|
|
cy.request({
|
|
method: 'POST',
|
|
url: '/api/nodes',
|
|
body: {
|
|
textId: 0,
|
|
title: 'Hijack',
|
|
parentNodeId: 0,
|
|
},
|
|
failOnStatusCode: false,
|
|
}).then((response) => {
|
|
expect(response.status).to.eq(403)
|
|
})
|
|
})
|
|
})
|