App-Dochazka-REST
view release on metacpan or search on metacpan
t/dispatch/employee.t view on Meta::CPAN
$status = req( $test, 405, 'demo', 'DELETE', $base );
$status = req( $test, 405, 'active', 'DELETE', $base );
$status = req( $test, 405, 'root', 'DELETE', $base );
note( '=============================' );
note( '"employee/self" resource' );
note( '=============================' );
my $ts_eid_inactive = create_inactive_employee( $test );
my $ts_eid_active = create_active_employee( $test );
foreach my $base ( "employee/self" ) {
docu_check($test, $base);
note( "looping GET $base" );
$status = req( $test, 200, 'demo', 'GET', $base );
is( $status->level, 'OK' );
is( $status->code, 'DISPATCH_EMPLOYEE_SELF', "GET $base 3" );
ok( defined $status->payload, "GET $base 4" );
is_deeply( $status->payload, {
'eid' => 2,
'sec_id' => undef,
'nick' => 'demo',
'fullname' => 'Demo Employee',
'email' => 'demo@dochazka.site',
'supervisor' => undef,
'sync' => 0,
}, "GET $base 5");
#
$status = req( $test, 200, 'root', 'GET', $base );
is( $status->level, 'OK' );
is( $status->code, 'DISPATCH_EMPLOYEE_SELF', "GET $base 8" );
ok( defined $status->payload, "GET $base 9" );
is_deeply( $status->payload, {
'eid' => 1,
'sec_id' => undef,
'nick' => 'root',
'fullname' => 'Root Immutable',
'email' => 'root@site.org',
'supervisor' => undef,
'remark' => 'dbinit',
'sync' => 0,
}, "GET $base 10" );
note( "looping: PUT $base" );
$status = req( $test, 405, 'demo', 'PUT', $base );
$status = req( $test, 405, 'active', 'PUT', $base );
$status = req( $test, 405, 'root', 'PUT', $base );
note( "looping: POST $base" );
note( "- default configuration is that 'active' and 'inactive' can modify" );
note( ' their own passhash and salt fields; demo should *not* be ' );
note( ' authorized to do this' );
req( $test, 403, 'demo', 'POST', $base, '{ "password":"saltine" }' );
foreach my $user ( "active", "inactive" ) {
#
#diag( "$user $base " . '{ "password" : "saltine" }' );
$status = req( $test, 200, $user, 'POST', $base, '{ "password" : "saltine" }' );
if ( $status->not_ok ) {
diag( Dumper $status );
BAIL_OUT(0);
}
is( $status->level, 'OK' );
is( $status->code, 'DOCHAZKA_CUD_OK' );
note( '- use root to change it back, otherwise the user won\'t be able' );
note( ' to log in and next tests will fail' );
$status = req( $test, 200, 'root', 'PUT', "employee/nick/$user", "{ \"password\" : \"$user\" }" );
is( $status->level, 'OK' );
is( $status->code, 'DOCHAZKA_CUD_OK' );
note( '- legal but bogus JSON in body' );
$status = req( $test, 200, $user, 'POST', $base, 0 );
is( $status->level, 'OK' );
is( $status->code, 'DISPATCH_UPDATE_NO_CHANGE_OK' );
note( "- 'salt' is a permitted field, but 'inactive'/$user employees" );
note( " should not, for example, be allowed to change 'nick'" );
req( $test, 403, $user, 'POST', $base, '{ "nick": "wanger" }' );
}
note( 'root can theoretically update any field, but certain fields of its own' );
note( 'profile are immutable' );
$status = req( $test, 200, 'root', 'POST', $base, '{ "email": "root@rotoroot.com" }' );
is( $status->level, 'OK' );
is( $status->code, 'DOCHAZKA_CUD_OK' );
$status = req( $test, 200, 'root', 'POST', $base, '{ "email": "root@site.org" }' );
is( $status->level, 'OK' );
is( $status->code, 'DOCHAZKA_CUD_OK' );
dbi_err( $test, 500, 'root', 'POST', $base, '{ "nick": "aaaaazz" }', qr/root employee is immutable/ );
note( "DELETE $base" );
$status = req( $test, 405, 'demo', 'DELETE', $base );
$status = req( $test, 405, 'active', 'DELETE', $base );
$status = req( $test, 405, 'root', 'DELETE', $base );
}
note( '=============================' );
note( '"employee/self/full" resource' );
note( '=============================' );
$base = "employee/self";
my $resource = "$base/full";
docu_check( $test, $resource );
foreach my $originator ( 'demo', 'inactive', 'active', 'root' ) {
my $uri;
if ( $base eq 'employee/nick' ) {
$uri = "employee/nick/$originator/full";
} elsif ( $base eq 'employee/self' ) {
$uri = 'employee/self/full';
} else {
diag( "Bad loop!" );
BAIL_OUT(0);
( run in 0.643 second using v1.01-cache-2.11-cpan-cdf2f3d4e48 )