Rescoped colead role and revised session handling.
This commit is contained in:
parent
da5f3524fa
commit
7dbcd05262
12 changed files with 376 additions and 50 deletions
|
|
@ -79,6 +79,130 @@ func TestConfirmVolunteerRequiresRole(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestCoLeadDeleteVolunteerOwnDept(t *testing.T) {
|
||||
app := testApp(t)
|
||||
mux := testMux(app)
|
||||
|
||||
deptA, _ := app.createDepartment(Department{Name: "Gate"})
|
||||
colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
|
||||
tok := testToken(t, app, colead)
|
||||
|
||||
deptAID := deptA.ID
|
||||
p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
|
||||
v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptAID})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
mux.ServeHTTP(w, testAuthRequest("DELETE", "/api/volunteers/"+itoa(v.ID), nil, tok))
|
||||
if w.Code != http.StatusNoContent {
|
||||
t.Errorf("expected 204 for own dept, got %d: %s", w.Code, w.Body.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestCoLeadDeleteVolunteerOtherDept(t *testing.T) {
|
||||
app := testApp(t)
|
||||
mux := testMux(app)
|
||||
|
||||
deptA, _ := app.createDepartment(Department{Name: "Gate"})
|
||||
deptB, _ := app.createDepartment(Department{Name: "Build"})
|
||||
colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
|
||||
tok := testToken(t, app, colead)
|
||||
|
||||
deptBID := deptB.ID
|
||||
p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
|
||||
v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
mux.ServeHTTP(w, testAuthRequest("DELETE", "/api/volunteers/"+itoa(v.ID), nil, tok))
|
||||
if w.Code != http.StatusForbidden {
|
||||
t.Errorf("expected 403 for other dept, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCoLeadConfirmVolunteerOtherDept(t *testing.T) {
|
||||
app := testApp(t)
|
||||
mux := testMux(app)
|
||||
|
||||
deptA, _ := app.createDepartment(Department{Name: "Gate"})
|
||||
deptB, _ := app.createDepartment(Department{Name: "Build"})
|
||||
colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
|
||||
tok := testToken(t, app, colead)
|
||||
|
||||
deptBID := deptB.ID
|
||||
p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
|
||||
v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/confirm", nil, tok))
|
||||
if w.Code != http.StatusForbidden {
|
||||
t.Errorf("expected 403 for other dept, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCoLeadReadyVolunteerOtherDept(t *testing.T) {
|
||||
app := testApp(t)
|
||||
mux := testMux(app)
|
||||
|
||||
deptA, _ := app.createDepartment(Department{Name: "Gate"})
|
||||
deptB, _ := app.createDepartment(Department{Name: "Build"})
|
||||
colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
|
||||
tok := testToken(t, app, colead)
|
||||
|
||||
deptBID := deptB.ID
|
||||
p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
|
||||
v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/ready", nil, tok))
|
||||
if w.Code != http.StatusForbidden {
|
||||
t.Errorf("expected 403 for other dept, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCoLeadAssignShiftOtherDept(t *testing.T) {
|
||||
app := testApp(t)
|
||||
mux := testMux(app)
|
||||
|
||||
deptA, _ := app.createDepartment(Department{Name: "Gate"})
|
||||
deptB, _ := app.createDepartment(Department{Name: "Build"})
|
||||
colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
|
||||
tok := testToken(t, app, colead)
|
||||
|
||||
deptBID := deptB.ID
|
||||
p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
|
||||
v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptBID})
|
||||
s, _ := app.createShift(Shift{DepartmentID: deptB.ID, Name: "AM", Day: "2026-03-15", StartTime: "08:00", EndTime: "12:00"})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
mux.ServeHTTP(w, testAuthRequest("POST", "/api/volunteers/"+itoa(v.ID)+"/shifts", map[string]any{
|
||||
"shift_id": s.ID,
|
||||
}, tok))
|
||||
if w.Code != http.StatusForbidden {
|
||||
t.Errorf("expected 403 for other dept, got %d", w.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCoLeadUpdateVolunteerTargetDeptForbidden(t *testing.T) {
|
||||
app := testApp(t)
|
||||
mux := testMux(app)
|
||||
|
||||
deptA, _ := app.createDepartment(Department{Name: "Gate"})
|
||||
deptB, _ := app.createDepartment(Department{Name: "Build"})
|
||||
colead := testUserWithRoles(t, app, "Hermia", []string{"colead"}, []int{deptA.ID})
|
||||
tok := testToken(t, app, colead)
|
||||
|
||||
deptAID := deptA.ID
|
||||
p, _ := app.createParticipant(Participant{PreferredName: "Puck", Email: "puck@test.com"})
|
||||
v, _ := app.createVolunteer(Volunteer{ParticipantID: p.ID, DepartmentID: &deptAID})
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
mux.ServeHTTP(w, testAuthRequest("PUT", "/api/volunteers/"+itoa(v.ID), map[string]any{
|
||||
"department_id": deptB.ID,
|
||||
}, tok))
|
||||
if w.Code != http.StatusForbidden {
|
||||
t.Errorf("expected 403 moving to other dept, got %d: %s", w.Code, w.Body.String())
|
||||
}
|
||||
}
|
||||
|
||||
func TestUpdateVolunteerDepartment(t *testing.T) {
|
||||
app := testApp(t)
|
||||
mux := testMux(app)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue