Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
// test/unit/services/SecurityFilterService
describe("Tests for SecurityFilterService", () => {
describe("Tests for isAuthorised", () => {
it("will reject a user that is not authorised to access the resource", () => {
service = new SecurityFilterSerivce() // might need mocked dependencies
result = service.isAuthorised("juniorUser", "/email/approve-copy", "patch")
expect result.toBeFalse()
})
})
})
// test/functional/controllers/EmailController
describe("Tests for EmailController", () => {
describe("Tests for approveCopy (ie: proofread)", () => {
it("should respond with a 403 if the user is a junior", () => {
securityFilter = createMock(SecurityFilterService)
securityFilter.mockMethod("isAuthorised").withArguments("juniorUser").willReturn(false)
controller = new EmailController(securityFilter)
request = new Request(url="/email/approve-copy", method="patch") // and whatever is necessary to identify the user as a juniorUser
response = controller.processRequest(request) // processRequest uses the SecurityFilter to check the user is legit according to its own rules (which we have mocked here)
expect(response.status).toBe(403)
})
})
})
// test/acceptance/services/SecurityFilterService
describe("Tests for SecurityFilterService", () => {
describe("Tests for /email/approve-copy", () => {
describe("Tests for GET (requesting the approval UI)", () => {
it("should respond with a 403 if the user is a junior", () => {
loginResponse = curl("/url/to/login", "juniorUser", "password")
approveCopyResponse = curl("/email/approve-copy", "get", loginResponse.stuffThatConfirmsAuthentication)
expect(approveCopyResponse.statusCode).toBe(403)
})
})
describe("Tests for PATCH (submitting the approval request)", () => {
it("should respond with a 403 if the user is a junior", () => {
loginResponse = curl("/url/to/login", "juniorUser", "password")
approveCopyResponse = curl("/email/approve-copy", "patch", loginResponse.stuffThatConfirmsAuthentication)
expect(approveCopyResponse.statusCode).toBe(403)
})
})
})
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment