tests(api): more tests for users controller

Author: akdasa

modules/libs/protocol/routes.ts

@@ -19,7 +19,7 @@ export const Routes = (baseUrl: string = '') => ({
       update: (id: string) => `${baseUrl}/edu/roles/${id}`,
       delete: (id: string) => `${baseUrl}/edu/roles/${id}`,
     },
-    user: (userId: string) => ({
+    user: (userId?: string) => ({
       get: () => `${baseUrl}/edu/users/${userId}`,
       find: () => `${baseUrl}/edu/users`,
       update: () => `${baseUrl}/edu/users/${userId}`,

modules/services/api/src/edu/controllers/users/specs/context.ts

@@ -1,5 +1,6 @@
 import { faker } from '@faker-js/faker';
 import { INestApplication } from '@nestjs/common';
+import { AuthService } from '@vidya/api/auth/services';
 import {
   RolesService,
   SchoolsService,
@@ -16,6 +17,9 @@ export type Context = {
     users: {
       oneAdmin: User;
     };
+    tokens: {
+      oneAdmin: string;
+    };
   };
   two: {
     school: School;
@@ -26,6 +30,12 @@ export type Context = {
       twoAdmin: User;
     };
   };
+  empty: {
+    tokens: {
+      dummy: string;
+      empty: string;
+    };
+  };
 };
 
 export const createContext = async (
@@ -34,6 +44,7 @@ export const createContext = async (
   const rolesService = app.get(RolesService);
   const schoolsService = app.get(SchoolsService);
   const usersService = app.get(UsersService);
+  const authService = app.get(AuthService);
 
   /* -------------------------------------------------------------------------- */
   /*                                Organizations                               */
@@ -81,6 +92,20 @@ export const createContext = async (
     roles: [twoAdmin],
   });
 
+  /* -------------------------------------------------------------------------- */
+  /*                                   Tokens                                   */
+  /* -------------------------------------------------------------------------- */
+
+  const oneAdminToken = await authService.generateTokens(orgAdminUser.id, [
+    { sid: one.id, p: orgAdmin.permissions },
+  ]);
+
+  const dummyToken = await authService.generateTokens(faker.string.uuid(), [
+    { sid: faker.string.uuid(), p: ['users:read'] },
+  ]);
+
+  const emptyToken = await authService.generateTokens(faker.string.uuid(), []);
+
   /* -------------------------------------------------------------------------- */
   /*                                   Return                                   */
   /* -------------------------------------------------------------------------- */
@@ -94,6 +119,9 @@ export const createContext = async (
       users: {
         oneAdmin: orgAdminUser,
       },
+      tokens: {
+        oneAdmin: oneAdminToken.accessToken,
+      },
     },
     two: {
       school: two,
@@ -104,5 +132,11 @@ export const createContext = async (
         twoAdmin: twoAdminUser,
       },
     },
+    empty: {
+      tokens: {
+        dummy: dummyToken.accessToken,
+        empty: emptyToken.accessToken,
+      },
+    },
   };
 };

modules/services/api/src/edu/controllers/users/specs/users.controller.e2e.get.spec.ts

@@ -0,0 +1,125 @@
+import { Mapper } from '@automapper/core';
+import { DEFAULT_MAPPER_TOKEN } from '@automapper/nestjs';
+import { faker } from '@faker-js/faker';
+import { INestApplication } from '@nestjs/common';
+import * as dto from '@vidya/api/edu/dto';
+import { createTestingApp } from '@vidya/api/edu/shared';
+import * as entities from '@vidya/entities';
+import { Routes } from '@vidya/protocol';
+import { instanceToPlain } from 'class-transformer';
+import * as request from 'supertest';
+
+import { Context, createContext } from './context';
+
+describe('/edu/users', () => {
+  let app: INestApplication;
+  let ctx: Context;
+  let mapper: Mapper;
+
+  beforeEach(async () => {
+    app = await createTestingApp();
+    ctx = await createContext(app);
+    mapper = app.get(DEFAULT_MAPPER_TOKEN);
+  });
+
+  afterAll(async () => {
+    await app.close();
+  });
+
+  /* -------------------------------------------------------------------------- */
+  /*                          Authentication Validation                         */
+  /* -------------------------------------------------------------------------- */
+
+  it(`GET /edu/users returns 401 for unauthenticated user`, () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user().find())
+      .expect(401)
+      .expect({
+        message: 'Unauthorized',
+        statusCode: 401,
+      });
+  });
+
+  it(`GET /edu/users returns 403 for unauthorized user`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user().find())
+      .set('Authorization', `Bearer ${ctx.empty.tokens.empty}`)
+      .expect(403)
+      .expect({
+        message: 'User does not have permission',
+        error: 'Forbidden',
+        statusCode: 403,
+      });
+  });
+
+  /* -------------------------------------------------------------------------- */
+  /*                               Positive Cases                               */
+  /* -------------------------------------------------------------------------- */
+
+  it(`GET /edu/users/:id returns the user by Id`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user(ctx.one.users.oneAdmin.id).get())
+      .set('Authorization', `Bearer ${ctx.one.tokens.oneAdmin}`)
+      .expect(200)
+      .expect({
+        ...instanceToPlain(
+          mapper.map(
+            ctx.one.users.oneAdmin,
+            entities.User,
+            dto.GetUserResponse,
+          ),
+        ),
+      });
+  });
+
+  it(`GET /edu/users returns permitted users`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user().find())
+      .set('Authorization', `Bearer ${ctx.one.tokens.oneAdmin}`)
+      .expect(200)
+      .expect({
+        items: instanceToPlain(
+          mapper.mapArray(
+            [ctx.one.users.oneAdmin],
+            entities.User,
+            dto.UserSummary,
+          ),
+        ),
+      });
+  });
+
+  it(`GET /edu/users filtered by schoolId`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user().find())
+      .query({ schoolId: ctx.two.school.id })
+      .set('Authorization', `Bearer ${ctx.one.tokens.oneAdmin}`)
+      .expect(200)
+      .expect({ items: [] });
+  });
+
+  /* -------------------------------------------------------------------------- */
+  /*                               Negative Cases                               */
+  /* -------------------------------------------------------------------------- */
+
+  it(`GET /edu/users/:id returns 404 if user is not found`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user(faker.string.uuid()).get())
+      .set('Authorization', `Bearer ${ctx.one.tokens.oneAdmin}`)
+      .expect(404);
+  });
+
+  it(`GET /edu/users/:id returns 404 user has no access to it`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user(ctx.two.users.twoAdmin.id).get())
+      .set('Authorization', `Bearer ${ctx.one.tokens.oneAdmin}`)
+      .expect(404);
+  });
+
+  it(`GET /edu/users returns nothing if user do not have permissions`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.user().find())
+      .set('Authorization', `Bearer ${ctx.empty.tokens.dummy}`)
+      .expect(200)
+      .expect({ items: [] });
+  });
+});

modules/services/api/src/edu/controllers/users/specs/users.controller.test.get.spec.ts

@@ -4,7 +4,6 @@ import { INestApplication } from '@nestjs/common';
 import { UserPermissions } from '@vidya/api/auth/utils';
 import { UsersController } from '@vidya/api/edu/controllers';
 import * as dto from '@vidya/api/edu/dto';
-import { UsersService } from '@vidya/api/edu/services';
 import { createTestingApp } from '@vidya/api/edu/shared';
 import { Role } from '@vidya/entities';
 import * as entities from '@vidya/entities';
@@ -43,6 +42,10 @@ describe('UsersController', () => {
     );
   }
 
+  /* -------------------------------------------------------------------------- */
+  /*                                   Get One                                  */
+  /* -------------------------------------------------------------------------- */
+
   describe('getOne', () => {
     it('returns user by Id', async () => {
       const res = await ctr.getOne(
@@ -99,38 +102,4 @@ describe('UsersController', () => {
       expectUsers(res, [ctx.one.users.oneAdmin]);
     });
   });
-
-  /* -------------------------------------------------------------------------- */
-  /*                                 Update One                                 */
-  /* -------------------------------------------------------------------------- */
-
-  describe('updateOne', () => {
-    it('updates user by Id', async () => {
-      const res = await ctr.updateOne(
-        new dto.UpdateUserRequest({ name: 'Updated Name' }),
-        ctx.one.users.oneAdmin.id,
-        getPermissions([ctx.one.roles.oneAdmin]),
-      );
-
-      expect(res).toEqual(
-        mapper.map(
-          await app
-            .get(UsersService)
-            .findOneBy({ id: ctx.one.users.oneAdmin.id }),
-          entities.User,
-          dto.UpdateUserResponse,
-        ),
-      );
-    });
-
-    it('throws if user do not have permission', async () => {
-      await expect(async () => {
-        await ctr.updateOne(
-          new dto.UpdateUserRequest({ name: 'Updated Name' }),
-          ctx.one.users.oneAdmin.id,
-          getPermissions([ctx.two.roles.twoAdmin]),
-        );
-      }).rejects.toThrow(`User does not have permission`);
-    });
-  });
 });

modules/services/api/src/edu/controllers/users/specs/users.controller.test.update.spec.ts

@@ -0,0 +1,69 @@
+import { Mapper } from '@automapper/core';
+import { DEFAULT_MAPPER_TOKEN } from '@automapper/nestjs';
+import { INestApplication } from '@nestjs/common';
+import { UserPermissions } from '@vidya/api/auth/utils';
+import { UsersController } from '@vidya/api/edu/controllers';
+import * as dto from '@vidya/api/edu/dto';
+import { UsersService } from '@vidya/api/edu/services';
+import { createTestingApp } from '@vidya/api/edu/shared';
+import { Role } from '@vidya/entities';
+import * as entities from '@vidya/entities';
+
+import { Context, createContext } from './context';
+
+describe('UsersController', () => {
+  let app: INestApplication;
+  let ctx: Context;
+  let ctr: UsersController;
+  let mapper: Mapper;
+
+  beforeEach(async () => {
+    app = await createTestingApp();
+    ctx = await createContext(app);
+    ctr = app.get(UsersController);
+    mapper = app.get(DEFAULT_MAPPER_TOKEN);
+  });
+
+  function getPermissions(roles: Role[]): UserPermissions {
+    return new UserPermissions(
+      roles.map((r) => ({
+        sid: r.schoolId,
+        p: r.permissions,
+      })),
+    );
+  }
+
+  /* -------------------------------------------------------------------------- */
+  /*                                 Update One                                 */
+  /* -------------------------------------------------------------------------- */
+
+  describe('updateOne', () => {
+    it('updates user by Id', async () => {
+      const res = await ctr.updateOne(
+        new dto.UpdateUserRequest({ name: 'Updated Name' }),
+        ctx.one.users.oneAdmin.id,
+        getPermissions([ctx.one.roles.oneAdmin]),
+      );
+
+      expect(res).toEqual(
+        mapper.map(
+          await app
+            .get(UsersService)
+            .findOneBy({ id: ctx.one.users.oneAdmin.id }),
+          entities.User,
+          dto.UpdateUserResponse,
+        ),
+      );
+    });
+
+    it('throws if user do not have permission', async () => {
+      await expect(async () => {
+        await ctr.updateOne(
+          new dto.UpdateUserRequest({ name: 'Updated Name' }),
+          ctx.one.users.oneAdmin.id,
+          getPermissions([ctx.two.roles.twoAdmin]),
+        );
+      }).rejects.toThrow(`User does not have permission`);
+    });
+  });
+});

modules/services/api/src/edu/controllers/users/users.controller.ts

@@ -6,6 +6,7 @@ import {
   NotFoundException,
   Param,
   ParseUUIDPipe,
+  Query,
   UseGuards,
 } from '@nestjs/common';
 import { ApiBearerAuth, ApiTags } from '@nestjs/swagger';
@@ -63,7 +64,7 @@ export class UsersController {
 
   @Crud.GetMany(Routes().edu.user(':id').find())
   async getMany(
-    @Body() request: dto.GetUsersQuery,
+    @Query() query: dto.GetUsersQuery,
     @UserWithPermissions() userPermissions: UserPermissions,
   ): Promise<GetUsersResponse> {
     userPermissions.check(['users:read']);
@@ -72,10 +73,9 @@ export class UsersController {
       .findAll({
         where: {
           roles: {
-            schoolId: request.schoolId,
+            schoolId: query.schoolId,
           },
         },
-        relations: ['roles'],
       });
     return new dto.GetUsersResponse({
       items: this.mapper.mapArray(users, entities.User, dto.UserSummary),

modules/services/api/src/edu/edu.module.ts

@@ -17,7 +17,11 @@ import {
 } from './controllers';
 import { RolesMappingProfile } from './mappers/roles.mapper';
 import { UsersMappingProfile } from './mappers/users.mapper';
-import { IsRoleExistConstraint, IsUserExistConstraint } from './validations';
+import {
+  IsRoleExistConstraint,
+  IsSchoolExistConstraint,
+  IsUserExistConstraint,
+} from './validations';
 
 @Module({
   imports: [TypeOrmModule.forFeature([User, Role, UserRole, School])],
@@ -30,6 +34,7 @@ import { IsRoleExistConstraint, IsUserExistConstraint } from './validations';
     RolesMappingProfile,
     IsRoleExistConstraint,
     IsUserExistConstraint,
+    IsSchoolExistConstraint,
     RevokedTokensService,
     UsersMappingProfile,
   ],