diff --git a/requirements/rolePresetsController/createNewPresets.md b/requirements/rolePresetsController/createNewPresets.md new file mode 100644 index 000000000..7a6edc948 --- /dev/null +++ b/requirements/rolePresetsController/createNewPresets.md @@ -0,0 +1,18 @@ +Check mark: ✅ +Cross Mark: ❌ + +# createNewPreset + +> ## Positive case +1. ✅ Receives a POST request in the **/api/rolePreset** route +2. ✅ Return 201 if create New Presets successfully. + +> ## Negative case + +1. ✅ Returns error 403 if user doesn't have permissions for putRole +2. ✅ Returns 400 if missing presetName +3. ✅ Returns 400 if missing roleName +4. ✅ Returns 400 if missing premissions +5. ✅ Returns error 400 when saving new presets + +> ## Edge case diff --git a/requirements/rolePresetsController/deletePresetById.md b/requirements/rolePresetsController/deletePresetById.md new file mode 100644 index 000000000..7698663fb --- /dev/null +++ b/requirements/rolePresetsController/deletePresetById.md @@ -0,0 +1,17 @@ +Check mark: ✅ +Cross Mark: ❌ + +# deletePresetById + +> ## Positive case + +1. ✅ Return 200 if removing preset by id successfully. + +> ## Negative case + +1. ✅ Returns error 403 if user doesn't have permissions for putRole +2. ✅ Returns 400 if error in finding by id +3. ✅ Returns 400 if the route doesn't exist +4. ✅ Returns 400 if any error when removing results + +> ## Edge case \ No newline at end of file diff --git a/requirements/rolePresetsController/getPresetsByRole.md b/requirements/rolePresetsController/getPresetsByRole.md new file mode 100644 index 000000000..7f14b828e --- /dev/null +++ b/requirements/rolePresetsController/getPresetsByRole.md @@ -0,0 +1,15 @@ +Check mark: ✅ +Cross Mark: ❌ + +# getPresetsByRole + +> ## Positive case +1. ✅ Receives a GET request in the **/api/rolePreset** route +2. ✅ Return 200 if get Presets by roleName successfully. + +> ## Negative case + +1. ✅ Returns error 403 if user doesn't have permissions for putRole +2. ✅ Returns 400 when catching any error in finding roleName + +> ## Edge case \ No newline at end of file diff --git a/requirements/rolePresetsController/updatePresetById.md b/requirements/rolePresetsController/updatePresetById.md new file mode 100644 index 000000000..6ce963cf3 --- /dev/null +++ b/requirements/rolePresetsController/updatePresetById.md @@ -0,0 +1,17 @@ +Check mark: ✅ +Cross Mark: ❌ + +# updatePresetById + +> ## Positive case + +1. ✅ Return 200 if update preset by id successfully. + +> ## Negative case + +1. ✅ Returns error 403 if user doesn't have permissions for putRole +2. ✅ Returns 400 if the router doesn't exist +3. ✅ Returns 400 if error in finding by id +3. ✅ Returns 400 if any error when saving results + +> ## Edge case \ No newline at end of file diff --git a/src/controllers/rolePresetsController.js b/src/controllers/rolePresetsController.js index 61f2a2ccb..daf1c10ab 100644 --- a/src/controllers/rolePresetsController.js +++ b/src/controllers/rolePresetsController.js @@ -1,8 +1,8 @@ -const { hasPermission } = require('../utilities/permissions'); +const helper = require('../utilities/permissions'); const rolePresetsController = function (Preset) { const getPresetsByRole = async function (req, res) { - if (!(await hasPermission(req.body.requestor, 'putRole'))) { + if (!(await helper.hasPermission(req.body.requestor, 'putRole'))) { res.status(403).send('You are not authorized to make changes to roles.'); return; } @@ -18,7 +18,7 @@ const rolePresetsController = function (Preset) { }; const createNewPreset = async function (req, res) { - if (!(await hasPermission(req.body.requestor, 'putRole'))) { + if (!(await helper.hasPermission(req.body.requestor, 'putRole'))) { res.status(403).send('You are not authorized to make changes to roles.'); return; } @@ -41,7 +41,7 @@ const rolePresetsController = function (Preset) { }; const updatePresetById = async function (req, res) { - if (!(await hasPermission(req.body.requestor, 'putRole'))) { + if (!(await helper.hasPermission(req.body.requestor, 'putRole'))) { res.status(403).send('You are not authorized to make changes to roles.'); return; } @@ -61,7 +61,7 @@ const rolePresetsController = function (Preset) { }; const deletePresetById = async function (req, res) { - if (!(await hasPermission(req.body.requestor, 'putRole'))) { + if (!(await helper.hasPermission(req.body.requestor, 'putRole'))) { res.status(403).send('You are not authorized to make changes to roles.'); return; } diff --git a/src/controllers/rolePresetsController.spec.js b/src/controllers/rolePresetsController.spec.js new file mode 100644 index 000000000..d009be44e --- /dev/null +++ b/src/controllers/rolePresetsController.spec.js @@ -0,0 +1,444 @@ +const rolePresetsController = require('./rolePresetsController'); +const { mockReq, mockRes, assertResMock } = require('../test'); +const Preset = require('../models/rolePreset'); +const Role = require('../models/role'); +const UserProfile = require('../models/userProfile'); +const helper = require('../utilities/permissions'); + +// Mock the models +jest.mock('../models/role'); +jest.mock('../models/userProfile'); + +const makeSut = () => { + const { createNewPreset, getPresetsByRole, updatePresetById, deletePresetById } = + rolePresetsController(Preset); + return { createNewPreset, getPresetsByRole, updatePresetById, deletePresetById }; +}; + +const flushPromises = () => new Promise(setImmediate); + +describe('rolePresets Controller', () => { + beforeEach(() => { + jest.clearAllMocks(); + Role.findOne = jest.fn().mockReturnValue({ + exec: jest.fn().mockResolvedValue({ permissions: ['someOtherPermission'] }), + }); + UserProfile.findById = jest.fn().mockReturnValue({ + select: jest.fn().mockReturnValue({ + exec: jest.fn().mockResolvedValue({ permissions: { frontPermissions: [] } }), + }), + }); + }); + + afterEach(() => { + jest.clearAllMocks(); + }); + + describe('createNewPreset method', () => { + test("Ensure createNewPresets returns 403 if user doesn't have permissions for putRole", async () => { + const { createNewPreset } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(false)); + + const response = await createNewPreset(mockReq, mockRes); + + expect(hasPermissionSpy).toHaveBeenCalledWith(mockReq.body.requestor, 'putRole'); + + assertResMock(403, 'You are not authorized to make changes to roles.', response, mockRes); + }); + test('Ensure createNewPresetsreturns 400 if missing roleName', async () => { + const { createNewPreset } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + body: { + ...mockReq.body, + presetName: 'testPreset', + premissions: ['testPremissions'], + }, + }; + const response = await createNewPreset(newMockReq, mockRes); + + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock( + 400, + { + error: 'roleName, presetName, and permissions are mandatory fields.', + }, + response, + mockRes, + ); + }); + test('Ensure createNewPresets returns 400 if missing presetName', async () => { + const { createNewPreset } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + body: { + ...mockReq.body, + roleName: 'testRole', + premissions: ['testPremissions'], + }, + }; + const response = await createNewPreset(newMockReq, mockRes); + + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock( + 400, + { + error: 'roleName, presetName, and permissions are mandatory fields.', + }, + response, + mockRes, + ); + }); + test('Ensure createNewPresets returns 400 if missing permissions', async () => { + const { createNewPreset } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + body: { + ...mockReq.body, + roleName: 'testRole', + presetName: 'testPreset', + }, + }; + const response = await createNewPreset(newMockReq, mockRes); + + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock( + 400, + { + error: 'roleName, presetName, and permissions are mandatory fields.', + }, + response, + mockRes, + ); + }); + test('Ensure createNewPresets returns 400 if any error when saving new preset', async () => { + const { createNewPreset } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + body: { + ...mockReq.body, + roleName: 'some roleName', + presetName: 'some Preset', + permissions: ['test', 'write'], + }, + }; + jest + .spyOn(Preset.prototype, 'save') + .mockImplementationOnce(() => Promise.reject(new Error('Error when saving'))); + + const response = await createNewPreset(newMockReq, mockRes); + await flushPromises(); + + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock(400, { error: new Error('Error when saving') }, response, mockRes); + }); + test('Ensure createNewPresets returns 201 if saving new preset successfully', async () => { + const { createNewPreset } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const data = { + roleName: 'testRoleName', + presetName: 'testPresetName', + premissions: ['somePremissions'], + }; + const newMockReq = { + ...mockReq, + body: { + ...mockReq.body, + roleName: 'some roleName', + presetName: 'some Preset', + permissions: ['test', 'write'], + }, + }; + jest.spyOn(Preset.prototype, 'save').mockImplementationOnce(() => Promise.resolve(data)); + + const response = await createNewPreset(newMockReq, mockRes); + await flushPromises(); + + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock( + 201, + { + newPreset: data, + message: 'New preset created', + }, + response, + mockRes, + ); + }); + }); + describe('getPresetsByRole method', () => { + test("Ensure getPresetsByRole returns 403 if user doesn't have permissions for putRole", async () => { + const { getPresetsByRole } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(false)); + + const response = await getPresetsByRole(mockReq, mockRes); + + expect(hasPermissionSpy).toHaveBeenCalledWith(mockReq.body.requestor, 'putRole'); + + assertResMock(403, 'You are not authorized to make changes to roles.', response, mockRes); + }); + test('Ensure getPresetsByRole returns 400 if error in finding roleName', async () => { + const { getPresetsByRole } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + roleName: 'test roleName', + }, + }; + jest + .spyOn(Preset, 'find') + .mockImplementationOnce(() => Promise.reject(new Error('Error when finding'))); + const response = await getPresetsByRole(newMockReq, mockRes); + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock(400, new Error('Error when finding'), response, mockRes); + }); + test('Ensure getPresetsByRole returns 200 if finding roleName successfully', async () => { + const { getPresetsByRole } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + roleName: 'test roleName', + }, + }; + const data = { + roleName: 'test roleName', + presetName: 'test Presetname2', + permissions: ['read', 'add'], + }; + jest.spyOn(Preset, 'find').mockImplementationOnce(() => Promise.resolve(data)); + const response = await getPresetsByRole(newMockReq, mockRes); + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock(200, data, response, mockRes); + }); + }); + describe('updatePresetById method', () => { + test("Ensure updatePresetById returns 403 if user doesn't have permissions for putRole", async () => { + const { updatePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(false)); + + const response = await updatePresetById(mockReq, mockRes); + + expect(hasPermissionSpy).toHaveBeenCalledWith(mockReq.body.requestor, 'putRole'); + + assertResMock(403, 'You are not authorized to make changes to roles.', response, mockRes); + }); + test('Ensure updatePresetById returns 400 if error in finding by id', async () => { + const { updatePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + presetId: '7237f9af9820a0134ca79c5d', + }, + }; + jest + .spyOn(Preset, 'findById') + .mockImplementationOnce(() => Promise.reject(new Error('Error when finding by id'))); + const response = await updatePresetById(newMockReq, mockRes); + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock(400, { error: new Error('Error when finding by id') }, response, mockRes); + }); + test('Ensure updatePresetById returns 400 if error in saving results', async () => { + const { updatePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + presetId: '7237f9af9820a0134ca79c5d', + }, + body: { + ...mockReq.body, + roleName: 'abc RoleName', + presetName: 'abd Preset', + permissions: ['readABC', 'writeABC'], + }, + }; + const findObj = { save: () => {} }; + const findByIdSpy = jest.spyOn(Preset, 'findById').mockResolvedValue(findObj); + jest.spyOn(findObj, 'save').mockRejectedValue(new Error('Error when saving results')); + const response = await updatePresetById(newMockReq, mockRes); + + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + expect(findByIdSpy).toHaveBeenCalledWith(newMockReq.params.presetId); + assertResMock(400, new Error('Error when saving results'), response, mockRes); + }); + test('Ensure updatePresetById returns 200 if updatePreset by id successfully', async () => { + const { updatePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const data = { + roleName: 'abc RoleName', + presetName: 'abd Preset', + permissions: ['readABC', 'writeABC'], + }; + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + presetId: '7237f9af9820a0134ca79c5d', + }, + body: { + ...mockReq.body, + roleName: 'abc RoleName', + presetName: 'abd Preset', + permissions: ['readABC', 'writeABC'], + }, + }; + const findObj = { save: () => {} }; + const findByIdSpy = jest.spyOn(Preset, 'findById').mockResolvedValue(findObj); + jest.spyOn(findObj, 'save').mockResolvedValueOnce(data); + const response = await updatePresetById(newMockReq, mockRes); + + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + expect(findByIdSpy).toHaveBeenCalledWith(newMockReq.params.presetId); + assertResMock(200, data, response, mockRes); + }); + }); + describe('deletePresetById method', () => { + test("Ensure deletePresetById returns 403 if user doesn't have permissions for putRole", async () => { + const { deletePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(false)); + + const response = await deletePresetById(mockReq, mockRes); + + expect(hasPermissionSpy).toHaveBeenCalledWith(mockReq.body.requestor, 'putRole'); + + assertResMock(403, 'You are not authorized to make changes to roles.', response, mockRes); + }); + test('Ensure deletePresetById returns 400 if error in finding by id', async () => { + const { deletePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + presetId: '7237f9af9820a0134ca79c5d', + }, + }; + jest + .spyOn(Preset, 'findById') + .mockImplementationOnce(() => Promise.reject(new Error('Error when finding by id'))); + const response = await deletePresetById(newMockReq, mockRes); + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + assertResMock(400, { error: new Error('Error when finding by id') }, response, mockRes); + }); + test('Ensure deletePresetById returns 400 if error when removing results', async () => { + const { deletePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + presetId: '7237f9af9820a0134ca79c5d', + }, + body: { + ...mockReq.body, + roleName: 'abc RoleName', + presetName: 'abd Preset', + permissions: ['readABC', 'writeABC'], + }, + }; + const removeObj = { remove: () => {} }; + const findByIdSpy = jest.spyOn(Preset, 'findById').mockResolvedValue(removeObj); + jest.spyOn(removeObj, 'remove').mockRejectedValue({ error: 'Error when removing' }); + const response = await deletePresetById(newMockReq, mockRes); + + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + expect(findByIdSpy).toHaveBeenCalledWith(newMockReq.params.presetId); + assertResMock(400, { error: { error: 'Error when removing' } }, response, mockRes); + }); + test('Ensure deletePresetById returns 200 if deleting successfully', async () => { + const { deletePresetById } = makeSut(); + const hasPermissionSpy = jest + .spyOn(helper, 'hasPermission') + .mockImplementationOnce(() => Promise.resolve(true)); + const newMockReq = { + ...mockReq, + params: { + ...mockReq.params, + presetId: '7237f9af9820a0134ca79c5d', + }, + body: { + ...mockReq.body, + roleName: 'abc RoleName', + presetName: 'abd Preset', + permissions: ['readABC', 'writeABC'], + }, + }; + const removeObj = { remove: () => {} }; + const findByIdSpy = jest.spyOn(Preset, 'findById').mockResolvedValue(removeObj); + jest.spyOn(removeObj, 'remove').mockImplementationOnce(() => Promise.resolve(true)); + const response = await deletePresetById(newMockReq, mockRes); + + await flushPromises(); + expect(hasPermissionSpy).toHaveBeenCalledWith(newMockReq.body.requestor, 'putRole'); + + expect(findByIdSpy).toHaveBeenCalledWith(newMockReq.params.presetId); + assertResMock( + 200, + { + message: 'Deleted preset', + }, + response, + mockRes, + ); + }); + }); +}); diff --git a/src/routes/rolePresetRouter.test.js b/src/routes/rolePresetRouter.test.js new file mode 100644 index 000000000..31199be96 --- /dev/null +++ b/src/routes/rolePresetRouter.test.js @@ -0,0 +1,238 @@ +const request = require('supertest'); +const { jwtPayload } = require('../test'); +const { app } = require('../app'); +const { + mockReq, + createUser, + createRole, + mongoHelper: { dbConnect, dbDisconnect, dbClearCollections, dbClearAll }, +} = require('../test'); +const RolePreset = require('../models/rolePreset'); + +const agent = request.agent(app); + +describe('rolePreset routes', () => { + let adminUser; + let adminToken; + let volunteerUser; + let volunteerToken; + let reqBody = { + ...mockReq.body, + }; + + beforeAll(async () => { + await dbConnect(); + adminUser = await createUser(); + volunteerUser = await createUser(); + volunteerUser.role = 'Volunteer'; + adminToken = jwtPayload(adminUser); + volunteerToken = jwtPayload(volunteerUser); + // create 2 roles. One with permission and one without + await createRole('Administrator', ['putRole']); + await createRole('Volunteer', []); + }); + + beforeEach(async () => { + await dbClearCollections('rolePreset'); + reqBody = { + ...reqBody, + roleName: 'some roleName', + presetName: 'some Preset', + permissions: ['test', 'write'], + }; + }); + + afterAll(async () => { + await dbClearAll(); + await dbDisconnect(); + }); + + describe('rolePresetRoutes', () => { + it('should return 401 if authorization header is not present', async () => { + await agent.post('/api/rolePreset').send(reqBody).expect(401); + await agent.get('/api/rolePreset/randomRoleName').send(reqBody).expect(401); + await agent.put(`/api/rolePreset/randomId`).send(reqBody).expect(401); + await agent.delete('/api/rolePreser/randomId').send(reqBody).expect(401); + }); + }); + + describe('Post rolePreset route', () => { + it('Should return 403 if user does not have permissions', async () => { + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', volunteerToken) + .expect(403); + expect(response.text).toEqual('You are not authorized to make changes to roles.'); + }); + + it('Should return 400 if missing roleName', async () => { + reqBody.roleName = null; + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', adminToken) + .expect(400); + + expect(response.body).toEqual({ + error: 'roleName, presetName, and permissions are mandatory fields.', + }); + }); + + it('Should return 400 if missing presetName', async () => { + reqBody.presetName = null; + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', adminToken) + .expect(400); + + expect(response.body).toEqual({ + error: 'roleName, presetName, and permissions are mandatory fields.', + }); + }); + + it('Should return 400 if missing permissions', async () => { + reqBody.permissions = null; + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', adminToken) + .expect(400); + + expect(response.body).toEqual({ + error: 'roleName, presetName, and permissions are mandatory fields.', + }); + }); + + it('Should return 201 if the rolePreset is successfully created', async () => { + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', adminToken) + .expect(201); + + expect(response.body).toEqual({ + newPreset: { + _id: expect.anything(), + __v: expect.anything(), + roleName: reqBody.roleName, + presetName: reqBody.presetName, + permissions: reqBody.permissions, + }, + message: 'New preset created', + }); + }); + }); + + describe('get Presets ByRole route', () => { + it('Should return 403 if user does not have permissions', async () => { + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', volunteerToken) + .expect(403); + + expect(response.text).toEqual('You are not authorized to make changes to roles.'); + }); + + it('Should return 200 if getPreset By role successfully', async () => { + const _rolePreset = new RolePreset(); + _rolePreset.roleName = 'sample roleName'; + _rolePreset.presetName = 'sample presetName'; + _rolePreset.permissions = ['sample permissions']; + const rolePreset = await _rolePreset.save(); + const response = await agent + .get(`/api/rolePreset/${rolePreset.roleName}`) + .set('Authorization', adminToken) + .expect(200); + + expect(response.body).toEqual([ + { + _id: expect.anything(), + __v: expect.anything(), + roleName: rolePreset.roleName, + presetName: rolePreset.presetName, + permissions: expect.arrayContaining(rolePreset.permissions), + }, + ]); + }); + }); + describe('update Preset route', () => { + it('Should return 403 if user does not have permissions', async () => { + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', volunteerToken) + .expect(403); + + expect(response.text).toEqual('You are not authorized to make changes to roles.'); + }); + + it('Should return 400 if the route does not exist', async () => { + await agent + .put('/api/rolePreset/randomId123') + .send(reqBody) + .set('Authorization', adminToken) + .expect(400); + }); + + it('Should return 200 if update Preset By Id successfully', async () => { + const _rolePreset = new RolePreset(); + _rolePreset.roleName = reqBody.roleName; + _rolePreset.presetName = reqBody.presetName; + _rolePreset.permissions = reqBody.permissions; + const rolePreset = await _rolePreset.save(); + const response = await agent + .put(`/api/rolePreset/${rolePreset._id}`) + .send(reqBody) + .set('Authorization', adminToken) + .expect(200); + + expect(response.body).toEqual({ + _id: expect.anything(), + __v: expect.anything(), + roleName: reqBody.roleName, + presetName: reqBody.presetName, + permissions: expect.arrayContaining(reqBody.permissions), + }); + }); + }); + describe('delete Preset route', () => { + it('Should return 403 if user does not have permissions', async () => { + const response = await agent + .post('/api/rolePreset') + .send(reqBody) + .set('Authorization', volunteerToken) + .expect(403); + + expect(response.text).toEqual('You are not authorized to make changes to roles.'); + }); + + it('Should return 400 if the route does not exist', async () => { + await agent + .delete('/api/rolePreset/randomId123') + .send(reqBody) + .set('Authorization', adminToken) + .expect(400); + }); + + it('Should return 200 if update Preset By Id successfully', async () => { + const _rolePreset = new RolePreset(); + _rolePreset.roleName = reqBody.roleName; + _rolePreset.presetName = reqBody.presetName; + _rolePreset.permissions = reqBody.permissions; + const rolePreset = await _rolePreset.save(); + + const response = await agent + .delete(`/api/rolePreset/${rolePreset._id}`) + .send(reqBody) + .set('Authorization', adminToken) + .expect(200); + + expect(response.body).toEqual({ + message: 'Deleted preset', + }); + }); + }); +});