test(api/v2): assert team max_permission + etag reflects permission

This commit is contained in:
kolaente 2026-06-04 23:39:09 +02:00 committed by kolaente
parent 184384b68c
commit 58d882d36d
1 changed files with 17 additions and 0 deletions

View File

@ -181,6 +181,7 @@ func TestHumaTeam(t *testing.T) {
// v1's TestTeam_ReadOne also asserts the description and created_by.
assert.Contains(t, rec.Body.String(), `"description":"Lorem Ipsum"`)
assert.Contains(t, rec.Body.String(), `"created_by"`)
assert.Contains(t, rec.Body.String(), `"max_permission":`)
assert.NotEmpty(t, rec.Result().Header.Get("ETag"))
})
// v1's TestTeam_ReadOne/{invalid id, nonexisting} expects
@ -388,3 +389,19 @@ func TestHumaTeam_ETagReturns304(t *testing.T) {
e.ServeHTTP(rec, req)
require.Equal(t, http.StatusNotModified, rec.Code, "body: %s", rec.Body.String())
}
func TestHumaTeam_ETagReflectsPermission(t *testing.T) {
// Team 1: user1 is an admin (max_permission 2), user2 a non-admin member (0).
// Same team, so the per-caller ETag must differ — else a 304 serves stale perms.
e, err := setupTestEnv()
require.NoError(t, err)
admin := humaRequest(t, e, http.MethodGet, "/api/v2/teams/1", "", humaTokenFor(t, &testuser1), "")
require.Equal(t, http.StatusOK, admin.Code, "body: %s", admin.Body.String())
member := humaRequest(t, e, http.MethodGet, "/api/v2/teams/1", "", humaTokenFor(t, &testuser2), "")
require.Equal(t, http.StatusOK, member.Code, "body: %s", member.Body.String())
assert.NotEmpty(t, admin.Header().Get("ETag"))
assert.NotEqual(t, admin.Header().Get("ETag"), member.Header().Get("ETag"),
"same team, different caller permission must produce different ETags")
}