atuttle · December 4, 2021 23:07
diff --git a/tests.js b/tests.js
 // test/unit/services/SecurityFilterService
 describe("Tests for SecurityFilterService", () => {
    describe("Tests for isAuthorised", () => {
        it("will reject a user that is not authorised to access the resource", () => {
            service = new SecurityFilterSerivce() // might need mocked dependencies
            
            result = service.isAuthorised("juniorUser", "/email/approve-copy", "patch")
            
            expect result.toBeFalse()
        }) 
    })
 })

 // test/functional/controllers/EmailController
 describe("Tests for EmailController", () => {
    describe("Tests for approveCopy (ie: proofread)", () => {
        it("should respond with a 403 if the user is a junior", () => {
            securityFilter = createMock(SecurityFilterService)
            securityFilter.mockMethod("isAuthorised").withArguments("juniorUser").willReturn(false)

            controller = new EmailController(securityFilter)

            request = new Request(url="/email/approve-copy", method="patch") // and whatever is necessary to identify the user as a juniorUser

            response = controller.processRequest(request) // processRequest uses the SecurityFilter to check the user is legit according to its own rules (which we have mocked here)
            
            expect(response.status).toBe(403)
        }) 
    })
 })

 // test/acceptance/services/SecurityFilterService
 describe("Tests for SecurityFilterService", () => {
    describe("Tests for /email/approve-copy", () => {
        describe("Tests for GET (requesting the approval UI)", () => {
            it("should respond with a 403 if the user is a junior", () => {
                loginResponse = curl("/url/to/login", "juniorUser", "password")
                
                approveCopyResponse = curl("/email/approve-copy", "get", loginResponse.stuffThatConfirmsAuthentication)
                
                expect(approveCopyResponse.statusCode).toBe(403)
            }) 
        }) 

        describe("Tests for PATCH (submitting the approval request)", () => {
            it("should respond with a 403 if the user is a junior", () => {
                loginResponse = curl("/url/to/login", "juniorUser", "password")
                
                approveCopyResponse = curl("/email/approve-copy", "patch", loginResponse.stuffThatConfirmsAuthentication)
                
                expect(approveCopyResponse.statusCode).toBe(403)
            }) 
        }) 
    })
 })
	// test/unit/services/SecurityFilterService
	describe("Tests for SecurityFilterService", () => {
	describe("Tests for isAuthorised", () => {
	it("will reject a user that is not authorised to access the resource", () => {
	service = new SecurityFilterSerivce() // might need mocked dependencies

	result = service.isAuthorised("juniorUser", "/email/approve-copy", "patch")

	expect result.toBeFalse()
	})
	})
	})

	// test/functional/controllers/EmailController
	describe("Tests for EmailController", () => {
	describe("Tests for approveCopy (ie: proofread)", () => {
	it("should respond with a 403 if the user is a junior", () => {
	securityFilter = createMock(SecurityFilterService)
	securityFilter.mockMethod("isAuthorised").withArguments("juniorUser").willReturn(false)

	controller = new EmailController(securityFilter)

	request = new Request(url="/email/approve-copy", method="patch") // and whatever is necessary to identify the user as a juniorUser

	response = controller.processRequest(request) // processRequest uses the SecurityFilter to check the user is legit according to its own rules (which we have mocked here)

	expect(response.status).toBe(403)
	})
	})
	})

	// test/acceptance/services/SecurityFilterService
	describe("Tests for SecurityFilterService", () => {
	describe("Tests for /email/approve-copy", () => {
	describe("Tests for GET (requesting the approval UI)", () => {
	it("should respond with a 403 if the user is a junior", () => {
	loginResponse = curl("/url/to/login", "juniorUser", "password")

	approveCopyResponse = curl("/email/approve-copy", "get", loginResponse.stuffThatConfirmsAuthentication)

	expect(approveCopyResponse.statusCode).toBe(403)
	})
	})

	describe("Tests for PATCH (submitting the approval request)", () => {
	it("should respond with a 403 if the user is a junior", () => {
	loginResponse = curl("/url/to/login", "juniorUser", "password")

	approveCopyResponse = curl("/email/approve-copy", "patch", loginResponse.stuffThatConfirmsAuthentication)

	expect(approveCopyResponse.statusCode).toBe(403)
	})
	})
	})
	})