Posts editing tests

2025-10-08 00:13:56 +02:00
parent d27196d7e5
commit 8a5605812c
7 changed files with 250 additions and 124 deletions
--- a/tests/api/posts.rs
+++ b/tests/api/posts.rs
@@ -144,7 +144,7 @@ async fn new_posts_are_visible_on_the_website(connection_pool: PgPool) {
        .fetch_one(&app.connection_pool)
        .await
        .unwrap();
-    let html = app.get_post_html(post.post_id).await;
+    let html = app.get_post_html(&post.post_id).await;
    assert!(html.contains(&title));
 }

@@ -171,7 +171,7 @@ async fn visitor_can_read_a_blog_post(connection_pool: PgPool) {
        .fetch_one(&app.connection_pool)
        .await
        .unwrap();
-    let html = app.get_post_html(post.post_id).await;
+    let html = app.get_post_html(&post.post_id).await;
    assert!(html.contains(&title));
 }

@@ -197,7 +197,7 @@ async fn a_deleted_blog_post_returns_404(connection_pool: PgPool) {

    app.delete_post(post.post_id).await;

-    let html = app.get_post_html(post.post_id).await;
+    let html = app.get_post_html(&post.post_id).await;
    assert!(html.contains("Not Found"));
 }

@@ -234,3 +234,109 @@ async fn clicking_the_notification_link_marks_the_email_as_opened(connection_poo
            .opened
    );
 }
+
+#[sqlx::test]
+async fn only_post_author_can_access_the_edit_form(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+    app.post_create_post(&fake_post_body()).await;
+    let post_id = sqlx::query!("SELECT post_id FROM posts")
+        .fetch_one(&app.connection_pool)
+        .await
+        .unwrap()
+        .post_id;
+    let html = app.get_post_html(&post_id).await;
+    assert!(html.contains("Edit"));
+
+    app.logout().await;
+    app.admin_login().await;
+    let html = app.get_post_html(&post_id).await;
+    assert!(!html.contains("Edit"));
+}
+
+#[sqlx::test]
+async fn only_post_author_can_edit_post(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    let username = "alphonse";
+    let password = "123456789abc";
+    app.create_user(username, password, false).await;
+    let login_body = serde_json::json!({
+        "username": username,
+        "password": password
+    });
+    app.post_login(&login_body).await;
+    app.post_create_post(&fake_post_body()).await;
+    let post_id = sqlx::query!("SELECT post_id FROM posts")
+        .fetch_one(&app.connection_pool)
+        .await
+        .unwrap()
+        .post_id;
+
+    let new_title = "Stunning new title";
+    let new_content = "Astonishing content";
+    let edit_body = serde_json::json!({
+        "title": new_title,
+        "content": new_content,
+    });
+    let response = app.edit_post(&edit_body, &post_id).await;
+    let text = response.text().await.unwrap();
+    assert!(text.contains("Your changes have been saved"));
+    let text = app.get_post_html(&post_id).await;
+    assert!(text.contains(new_title));
+    assert!(text.contains(new_content));
+
+    app.logout().await;
+    app.admin_login().await;
+    let response = app.edit_post(&edit_body, &post_id).await;
+    let text = response.text().await.unwrap();
+    assert!(text.contains("You are not authorized."));
+}
+
+#[sqlx::test]
+async fn invalid_fields_are_rejected(connection_pool: PgPool) {
+    let app = TestApp::spawn(connection_pool).await;
+    app.admin_login().await;
+    app.post_create_post(&fake_post_body()).await;
+    let post_id = sqlx::query!("SELECT post_id FROM posts")
+        .fetch_one(&app.connection_pool)
+        .await
+        .unwrap()
+        .post_id;
+
+    let test_cases = [
+        (
+            serde_json::json!({
+                "title": "",
+                "content": "content"
+            }),
+            "Title must be at least one character",
+            "title was empty",
+        ),
+        (
+            serde_json::json!({
+                "title": "Title",
+                "content": ""
+            }),
+            "Content must be at least one character",
+            "content was empty",
+        ),
+    ];
+    for (invalid_body, expected_error_message, explaination) in test_cases {
+        let response = app.edit_post(&invalid_body, &post_id).await;
+        let text = response.text().await.unwrap();
+        assert!(
+            text.contains(expected_error_message),
+            "The API did not reject the changes when the {}",
+            explaination
+        );
+    }
+}