Testcase for status 403 was split: for authorized and unauthorized user

codex-team · Nov 12, 2023 · 0490531 · 0490531
1 parent a34abd6
commit 0490531
Showing 1 changed file with 25 additions and 1 deletion.
diff --git a/src/presentation/http/router/note.test.ts b/src/presentation/http/router/note.test.ts
@@ -110,7 +110,7 @@ describe('Note API', () => {
       expect(response?.json()).toStrictEqual(expectedNote);
     });
 
-    test('Returns 403 when public access is disabled, user is not creator of the note', async () => {
+    test('Returns 403 when the note is not public, the user is not authorized', async () => {
       const expectedStatus = 403;
 
       const notPublicNote = notes.find(newNote => {
@@ -129,6 +129,30 @@ describe('Note API', () => {
       expect(response?.json()).toStrictEqual({ message: 'Permission denied' });
     });
 
+    test('Returns 403 when public access is disabled, user is not creator of the note', async () => {
+      const expectedStatus = 403;
+      const userId = 2;
+      const accessToken = global.auth(userId);
+
+      const notPublicNote = notes.find(newNote => {
+        const settings = noteSettings.find(ns => ns.note_id === newNote.id);
+
+        return settings!.is_public === false && newNote.creator_id != userId;
+      });
+
+      const response = await global.api?.fakeRequest({
+        method: 'GET',
+        headers: {
+          authorization: `Bearer ${accessToken}`,
+        },
+        url: `/note/${notPublicNote!.public_id}`,
+      });
+
+      expect(response?.statusCode).toBe(expectedStatus);
+
+      expect(response?.json()).toStrictEqual({ message: 'Permission denied' });
+    });
+
     test('Returns 406 when the id  does not exist', async () => {
       const expectedStatus = 406;
       const nonexistentId = 'ishvm5qH84';