Expand contact email test

oxidecomputer · Nov 22, 2024 · aaabdb9 · aaabdb9
1 parent bfd1b63
commit aaabdb9
Showing 1 changed file with 92 additions and 107 deletions.
diff --git a/v-api/src/endpoints/api_user.rs b/v-api/src/endpoints/api_user.rs
@@ -586,8 +586,12 @@ mod tests {
     use newtype_uuid::TypedUuid;
     use v_model::{
         permissions::{Caller, Permissions},
-        storage::{ApiKeyFilter, ListPagination, MockApiKeyStore, MockApiUserStore, StoreError},
-        ApiKey, ApiUser, ApiUserInfo, ApiUserProvider, NewApiUser,
+        storage::{
+            ApiKeyFilter, ListPagination, MockApiKeyStore, MockApiUserContactEmailStore,
+            MockApiUserStore, StoreError,
+        },
+        ApiKey, ApiUser, ApiUserContactEmail, ApiUserInfo, ApiUserProvider, NewApiUser,
+        NewApiUserContactEmail,
     };
 
     use crate::{
@@ -1440,35 +1444,53 @@ mod tests {
     async fn test_set_api_user_contact_email() {
         let user = mock_user();
 
-        let mut store = MockApiUserStore::new();
+        let mut user_store = MockApiUserStore::new();
         let get_user = user.clone();
-        store.expect_get().returning(move |_id, _deleted| {
-            Ok(Some(ApiUserInfo {
-                user: ApiUser {
-                    id: get_user.id,
-                    permissions: get_user.permissions.clone(),
-                    groups: BTreeSet::default(),
-                    created_at: Utc::now(),
-                    updated_at: Utc::now(),
-                    deleted_at: None,
-                },
-                email: None,
-                providers: vec![ApiUserProvider {
-                    id: TypedUuid::default(),
-                    user_id: get_user.id,
-                    provider: "custom".to_string(),
-                    provider_id: "123".to_string(),
-                    emails: vec!["user@company".to_string()],
-                    display_names: vec![],
+        user_store
+            .expect_get()
+            .with(eq(get_user.id), eq(false))
+            .returning(move |_id, _deleted| {
+                Ok(Some(ApiUserInfo {
+                    user: ApiUser {
+                        id: get_user.id,
+                        permissions: get_user.permissions.clone(),
+                        groups: BTreeSet::default(),
+                        created_at: Utc::now(),
+                        updated_at: Utc::now(),
+                        deleted_at: None,
+                    },
+                    email: None,
+                    providers: vec![ApiUserProvider {
+                        id: TypedUuid::default(),
+                        user_id: get_user.id,
+                        provider: "custom".to_string(),
+                        provider_id: "123".to_string(),
+                        emails: vec!["user@company".to_string()],
+                        display_names: vec![],
+                        created_at: Utc::now(),
+                        updated_at: Utc::now(),
+                        deleted_at: None,
+                    }],
+                }))
+            });
+        let mut email_store = MockApiUserContactEmailStore::new();
+        email_store
+            .expect_upsert()
+            .withf(move |arg| arg.user_id == user.id && arg.email == "user@company".to_string())
+            .returning(|new| {
+                Ok(ApiUserContactEmail {
+                    id: new.id,
+                    user_id: new.user_id,
+                    email: new.email,
                     created_at: Utc::now(),
                     updated_at: Utc::now(),
                     deleted_at: None,
-                }],
-            }))
-        });
+                })
+            });
 
         let mut storage = MockStorage::new();
-        storage.api_user_store = Some(Arc::new(store));
+        storage.api_user_store = Some(Arc::new(user_store));
+        storage.api_user_contact_email_store = Some(Arc::new(email_store));
 
         let ctx = mock_context(Arc::new(storage)).await;
 
@@ -1483,7 +1505,7 @@ mod tests {
             no_permissions,
             ApiUserPath { user_id: user.id },
             ApiUserEmailUpdateParams {
-                email: "user-update@company".to_string(),
+                email: "user@company".to_string(),
             },
         )
         .await;
@@ -1494,100 +1516,63 @@ mod tests {
         // 2. Fail due to lack of write permission
         let no_write_permissions = Caller {
             id: user.id,
-            permissions: vec![VPermission::ManageApiUser(user.id)].into(),
+            permissions: vec![VPermission::GetApiUser(user.id)].into(),
             extensions: HashMap::default(),
         };
         let resp = set_api_user_contact_email_inner(
             &ctx,
             no_write_permissions,
             ApiUserPath { user_id: user.id },
             ApiUserEmailUpdateParams {
-                email: "user-update@company".to_string(),
+                email: "user@company".to_string(),
+            },
+        )
+        .await;
+
+        assert!(resp.is_err());
+        assert_eq!(get_status(&resp), StatusCode::FORBIDDEN);
+
+        // 4. Fail to update to non-owned email
+        let write_permission = Caller {
+            id: user.id,
+            permissions: vec![VPermission::GetApiUser(user.id)].into(),
+            extensions: HashMap::default(),
+        };
+        let resp = set_api_user_contact_email_inner(
+            &ctx,
+            write_permission,
+            ApiUserPath { user_id: user.id },
+            ApiUserEmailUpdateParams {
+                email: "user-other@company".to_string(),
             },
         )
         .await;
 
         assert!(resp.is_err());
         assert_eq!(get_status(&resp), StatusCode::FORBIDDEN);
 
-        // store
-        //     .expect_upsert()
-        //     .withf(|x: &NewApiUser<VPermission>| {
-        //         x.permissions.can(&VPermission::CreateApiUser.into())
-        //     })
-        //     .returning(|user| {
-        //         Ok(ApiUserInfo {
-        //             user: ApiUser {
-        //                 id: user.id,
-        //                 permissions: user.permissions,
-        //                 groups: BTreeSet::new(),
-        //                 created_at: Utc::now(),
-        //                 updated_at: Utc::now(),
-        //                 deleted_at: None,
-        //             },
-        //             email: None,
-        //             providers: vec![],
-        //         })
-        //     });
-        // store
-        //     .expect_upsert()
-        //     .withf(|x: &NewApiUser<VPermission>| {
-        //         x.permissions.can(&VPermission::GetApiUsersAll.into())
-        //     })
-        //     .returning(|_| Err(StoreError::Unknown));
-
-        // let mut storage = MockStorage::new();
-        // storage.api_user_store = Some(Arc::new(store));
-
-        // let ctx = mock_context(Arc::new(storage)).await;
-
-        // let user1 = mock_user();
-
-        // // 1. Fail to create due to lack of permissions
-        // let no_permissions = Caller {
-        //     id: user1.id,
-        //     permissions: Permissions::new(),
-        //     extensions: HashMap::default(),
-        // };
-
-        // let resp = create_api_user_inner::<VPermission, VPermissionResponse>(
-        //     &ctx,
-        //     no_permissions,
-        //     successful_update.clone(),
-        // )
-        // .await;
-
-        // assert!(resp.is_err());
-        // assert_eq!(get_status(&resp), StatusCode::FORBIDDEN);
-
-        // let user2 = mock_user();
-
-        // // 2. Succeed in creating new api user
-        // let with_permissions = Caller {
-        //     id: user2.id,
-        //     permissions: vec![VPermission::CreateApiUser].into(),
-        //     extensions: HashMap::default(),
-        // };
-
-        // let resp = create_api_user_inner::<VPermission, VPermissionResponse>(
-        //     &ctx,
-        //     with_permissions.clone(),
-        //     successful_update.clone(),
-        // )
-        // .await;
-
-        // assert!(resp.is_ok());
-        // assert_eq!(get_status(&resp), StatusCode::CREATED);
-
-        // // 3. Handle storage failure and return error
-        // let resp = create_api_user_inner::<VPermission, VPermissionResponse>(
-        //     &ctx,
-        //     with_permissions,
-        //     failure_update.clone(),
-        // )
-        // .await;
-
-        // assert!(resp.is_err());
-        // assert_eq!(get_status(&resp), StatusCode::INTERNAL_SERVER_ERROR);
+        // 5. Succeed in creating email
+        let write_permission = Caller {
+            id: user.id,
+            permissions: vec![
+                VPermission::GetApiUser(user.id),
+                VPermission::ManageApiUser(user.id),
+            ]
+            .into(),
+            extensions: HashMap::default(),
+        };
+        let resp = set_api_user_contact_email_inner(
+            &ctx,
+            write_permission,
+            ApiUserPath { user_id: user.id },
+            ApiUserEmailUpdateParams {
+                email: "user@company".to_string(),
+            },
+        )
+        .await;
+
+        assert!(resp.is_ok());
+        assert_eq!(get_status(&resp), StatusCode::OK);
+        assert_eq!("user@company".to_string(), resp.unwrap().0.email);
     }
 }