func (s *S) TestAppInfoNotMember(c *C) { alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"} alice.Create() t := account.Team{Name: "example"} t.Create(alice) app.Create(alice, t) defer func() { ap, _ := s.store.FindAppByClientId(app.ClientId) s.store.DeleteApp(ap) s.store.DeleteTeamByAlias(t.Alias) alice.Delete() }() headers, code, body, _ := httpClient.MakeRequest(requests.Args{ AcceptableCode: http.StatusForbidden, Method: "GET", Path: fmt.Sprintf("/api/apps/%s", app.ClientId), Headers: http.Header{"Authorization": {s.authHeader}}, }) c.Assert(code, Equals, http.StatusForbidden) c.Assert(headers.Get("Content-Type"), Equals, "application/json") c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`) }
func (s *S) TestUpdateServiceNotMember(c *C) { alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"} alice.Create() t := account.Team{Name: "example"} t.Create(alice) service.Create(alice, t) defer func() { serv, _ := s.store.FindServiceBySubdomain(service.Subdomain) s.store.DeleteService(serv) s.store.DeleteTeamByAlias(t.Alias) alice.Delete() }() headers, code, body, _ := httpClient.MakeRequest(requests.Args{ AcceptableCode: http.StatusOK, Method: "PUT", Path: fmt.Sprintf("/api/services/%s", service.Subdomain), Body: `{}`, Headers: http.Header{"Authorization": {s.authHeader}}, }) c.Assert(code, Equals, http.StatusForbidden) c.Assert(headers.Get("Content-Type"), Equals, "application/json") c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`) }
func (s *S) TestRemoveUserWithoutSignIn(c *C) { team := account.Team{Name: "ApiHub Team", Alias: "apihub"} team.Create(user) defer func() { s.store.DeleteTeamByAlias(team.Alias) }() testWithoutSignIn(requests.Args{ AcceptableCode: http.StatusUnauthorized, Method: "DELETE", Path: fmt.Sprintf("/api/teams/%s/users", team.Alias), Body: `{"users": ["*****@*****.**"]}`}, c) }
func (api *Api) teamCreate(rw http.ResponseWriter, r *http.Request, user *account.User) { team := account.Team{} if err := json.NewDecoder(r.Body).Decode(&team); err != nil { handleError(rw, errors.ErrBadRequest) return } if err := team.Create(*user); err != nil { handleError(rw, err) return } Created(rw, team) }
func (s *S) TestDeleteTeam(c *C) { team := account.Team{Name: "ApiHub Team", Alias: "apihub"} team.Create(user) headers, code, body, _ := httpClient.MakeRequest(requests.Args{ AcceptableCode: http.StatusOK, Method: "DELETE", Path: fmt.Sprintf("/api/teams/%s", team.Alias), Headers: http.Header{"Authorization": {s.authHeader}}, }) c.Assert(code, Equals, http.StatusOK) c.Assert(headers.Get("Content-Type"), Equals, "application/json") c.Assert(string(body), Equals, fmt.Sprintf(`{"name":"%s","alias":"%s","users":["%s"],"owner":"%s"}`, team.Name, team.Alias, user.Email, user.Email)) }
func (s *S) TestCreateTeamWhenAlreadyExists(c *C) { team := account.Team{Name: "ApiHub Team", Alias: "apihub"} team.Create(user) defer func() { s.store.DeleteTeamByAlias(team.Alias) }() headers, code, body, _ := httpClient.MakeRequest(requests.Args{ AcceptableCode: http.StatusBadRequest, Method: "POST", Path: "/api/teams", Body: fmt.Sprintf(`{"name": "ApiHub Team", "alias": "%s"}`, team.Alias), Headers: http.Header{"Authorization": {s.authHeader}}, }) c.Assert(code, Equals, http.StatusBadRequest) c.Assert(headers.Get("Content-Type"), Equals, "application/json") c.Assert(string(body), Equals, `{"error":"bad_request","error_description":"Someone already has that team alias. Could you try another?"}`) }
func (s *S) TestTeamInfoWithoutPermission(c *C) { alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"} alice.Create() defer alice.Delete() team := account.Team{Name: "ApiHub Team", Alias: "apihub"} team.Create(alice) defer func() { s.store.DeleteTeamByAlias(team.Alias) }() headers, code, body, _ := httpClient.MakeRequest(requests.Args{ AcceptableCode: http.StatusForbidden, Method: "GET", Path: fmt.Sprintf("/api/teams/%s", team.Alias), Headers: http.Header{"Authorization": {s.authHeader}}, }) c.Assert(code, Equals, http.StatusForbidden) c.Assert(headers.Get("Content-Type"), Equals, "application/json") c.Assert(string(body), Equals, `{"error":"access_denied","error_description":"You do not belong to this team!"}`) }
func (s *S) TestRemoveUser(c *C) { alice := account.User{Name: "alice", Email: "*****@*****.**", Password: "******"} alice.Create() defer alice.Delete() team := account.Team{Name: "ApiHub Team", Alias: "apihub", Users: []string{alice.Email}} team.Create(user) defer func() { s.store.DeleteTeamByAlias(team.Alias) }() headers, code, body, _ := httpClient.MakeRequest(requests.Args{ AcceptableCode: http.StatusOK, Method: "DELETE", Path: fmt.Sprintf("/api/teams/%s/users", team.Alias), Headers: http.Header{"Authorization": {s.authHeader}}, Body: fmt.Sprintf(`{"users": ["%s"]}`, alice.Email), }) c.Assert(code, Equals, http.StatusOK) c.Assert(headers.Get("Content-Type"), Equals, "application/json") c.Assert(string(body), Equals, `{"name":"ApiHub Team","alias":"apihub","users":["*****@*****.**"],"owner":"*****@*****.**"}`) }