refactor: remove pocketbase (#1138)

testing/api_link_test.go

@@ -0,0 +1,222 @@
+package testing
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/SecurityBrewery/catalyst/app/data"
+)
+
+func TestLinksCollection(t *testing.T) {
+	t.Parallel()
+
+	testSets := []catalystTest{
+		{
+			baseTest: baseTest{
+				Name:   "ListLinks",
+				Method: http.MethodGet,
+				URL:    "/api/links?ticket=test-ticket",
+			},
+			userTests: []userTest{
+				{
+					Name:           "Unauthorized",
+					ExpectedStatus: http.StatusUnauthorized,
+					ExpectedContent: []string{
+						`"invalid bearer token"`,
+					},
+					ExpectedEvents: map[string]int{},
+				},
+				{
+					Name:           "Analyst",
+					AuthRecord:     data.AnalystEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedHeaders: map[string]string{
+						"X-Total-Count": "1",
+					},
+					ExpectedEvents: map[string]int{"OnRecordsListRequest": 1},
+				},
+				{
+					Name:           "Admin",
+					Admin:          data.AdminEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedHeaders: map[string]string{
+						"X-Total-Count": "1",
+					},
+					ExpectedEvents: map[string]int{"OnRecordsListRequest": 1},
+				},
+			},
+		},
+		{
+			baseTest: baseTest{
+				Name:           "CreateLink",
+				Method:         http.MethodPost,
+				RequestHeaders: map[string]string{"Content-Type": "application/json"},
+				URL:            "/api/links",
+				Body: s(map[string]any{
+					"ticket": "test-ticket",
+					"name":   "new",
+					"url":    "https://example.com/new",
+				}),
+			},
+			userTests: []userTest{
+				{
+					Name:           "Unauthorized",
+					ExpectedStatus: http.StatusUnauthorized,
+					ExpectedContent: []string{
+						`"invalid bearer token"`,
+					},
+				},
+				{
+					Name:           "Analyst",
+					AuthRecord:     data.AnalystEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedContent: []string{
+						`"ticket":"test-ticket"`,
+					},
+					ExpectedEvents: map[string]int{
+						"OnRecordAfterCreateRequest":  1,
+						"OnRecordBeforeCreateRequest": 1,
+					},
+				},
+				{
+					Name:           "Admin",
+					Admin:          data.AdminEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedContent: []string{
+						`"ticket":"test-ticket"`,
+					},
+					ExpectedEvents: map[string]int{
+						"OnRecordAfterCreateRequest":  1,
+						"OnRecordBeforeCreateRequest": 1,
+					},
+				},
+			},
+		},
+		{
+			baseTest: baseTest{
+				Name:   "GetLink",
+				Method: http.MethodGet,
+				URL:    "/api/links/l_test_link",
+			},
+			userTests: []userTest{
+				{
+					Name:           "Unauthorized",
+					ExpectedStatus: http.StatusUnauthorized,
+					ExpectedContent: []string{
+						`"invalid bearer token"`,
+					},
+				},
+				{
+					Name:           "Analyst",
+					AuthRecord:     data.AnalystEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedContent: []string{
+						`"id":"l_test_link"`,
+					},
+					ExpectedEvents: map[string]int{"OnRecordViewRequest": 1},
+				},
+				{
+					Name:           "Admin",
+					Admin:          data.AdminEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedContent: []string{
+						`"id":"l_test_link"`,
+					},
+					ExpectedEvents: map[string]int{"OnRecordViewRequest": 1},
+				},
+			},
+		},
+		{
+			baseTest: baseTest{
+				Name:           "UpdateLink",
+				Method:         http.MethodPatch,
+				RequestHeaders: map[string]string{"Content-Type": "application/json"},
+				URL:            "/api/links/l_test_link",
+				Body:           s(map[string]any{"name": "update"}),
+			},
+			userTests: []userTest{
+				{
+					Name:           "Unauthorized",
+					ExpectedStatus: http.StatusUnauthorized,
+					ExpectedContent: []string{
+						`"invalid bearer token"`,
+					},
+				},
+				{
+					Name:           "Analyst",
+					AuthRecord:     data.AnalystEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedContent: []string{
+						`"id":"l_test_link"`,
+						`"name":"update"`,
+					},
+					ExpectedEvents: map[string]int{
+						"OnRecordAfterUpdateRequest":  1,
+						"OnRecordBeforeUpdateRequest": 1,
+					},
+				},
+				{
+					Name:           "Admin",
+					Admin:          data.AdminEmail,
+					ExpectedStatus: http.StatusOK,
+					ExpectedContent: []string{
+						`"id":"l_test_link"`,
+						`"name":"update"`,
+					},
+					ExpectedEvents: map[string]int{
+						"OnRecordAfterUpdateRequest":  1,
+						"OnRecordBeforeUpdateRequest": 1,
+					},
+				},
+			},
+		},
+		{
+			baseTest: baseTest{
+				Name:   "DeleteLink",
+				Method: http.MethodDelete,
+				URL:    "/api/links/l_test_link",
+			},
+			userTests: []userTest{
+				{
+					Name:           "Unauthorized",
+					ExpectedStatus: http.StatusUnauthorized,
+					ExpectedContent: []string{
+						`"invalid bearer token"`,
+					},
+				},
+				{
+					Name:           "Analyst",
+					AuthRecord:     data.AnalystEmail,
+					ExpectedStatus: http.StatusNoContent,
+					ExpectedEvents: map[string]int{
+						"OnRecordAfterDeleteRequest":  1,
+						"OnRecordBeforeDeleteRequest": 1,
+					},
+				},
+				{
+					Name:           "Admin",
+					Admin:          data.AdminEmail,
+					ExpectedStatus: http.StatusNoContent,
+					ExpectedEvents: map[string]int{
+						"OnRecordAfterDeleteRequest":  1,
+						"OnRecordBeforeDeleteRequest": 1,
+					},
+				},
+			},
+		},
+	}
+
+	for _, testSet := range testSets {
+		t.Run(testSet.baseTest.Name, func(t *testing.T) {
+			t.Parallel()
+
+			for _, userTest := range testSet.userTests {
+				t.Run(userTest.Name, func(t *testing.T) {
+					t.Parallel()
+
+					runMatrixTest(t, testSet.baseTest, userTest)
+				})
+			}
+		})
+	}
+}