Transfer asset routes to admin

josh1248 · josh1248 · commit 968618474caf · 2024-10-13T22:28:41.000+08:00
diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex
@@ -136,6 +136,7 @@ defmodule CadetWeb.Router do
   scope "/v2/courses/:course_id/admin", CadetWeb do
     pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin])
 
+    get("/assets/:foldername", AdminAssetsController, :index)
     post("/assets/:foldername/*filename", AdminAssetsController, :upload)
     delete("/assets/:foldername/*filename", AdminAssetsController, :delete)
 
@@ -188,8 +189,6 @@ defmodule CadetWeb.Router do
       :get_score_leaderboard
     )
 
-    get("/assets/:foldername", AdminAssetsController, :index)
-
     get("/grading", AdminGradingController, :index)
     get("/grading/summary", AdminGradingController, :grading_summary)
 
diff --git a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs
@@ -68,12 +68,13 @@ defmodule CadetWeb.AdminAssetsControllerTest do
     end
   end
 
-  describe "read-only permission for non-admin staff" do
+  describe "non-admin staff permission, forbidden" do
     @tag authenticate: :staff
     test "GET /assets/:foldername", %{conn: conn} do
       course_id = conn.assigns.course_id
       conn = get(conn, build_url(course_id, "testFolder"), %{})
-      assert response(conn, 200) =~ "OK"
+
+      assert response(conn, 403) =~ "Forbidden"
     end
 
     @tag authenticate: :staff
