60 lines
1.5 KiB
Go
60 lines
1.5 KiB
Go
//go:build integration
|
|
// +build integration
|
|
|
|
package integration
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
)
|
|
|
|
func TestIntegration_Candidates(t *testing.T) {
|
|
client := newTestClient()
|
|
companyID, userID := setupTestCompanyAndUser(t)
|
|
defer cleanupTestData()
|
|
|
|
t.Run("List Candidates - Unauthorized", func(t *testing.T) {
|
|
client.setAuthToken("")
|
|
resp, err := client.get("/api/v1/candidates")
|
|
if err != nil {
|
|
t.Fatalf("Request failed: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusUnauthorized {
|
|
t.Errorf("Expected 401, got %d", resp.StatusCode)
|
|
}
|
|
})
|
|
|
|
t.Run("List Candidates - As Admin", func(t *testing.T) {
|
|
token := createAuthToken(t, userID, companyID, []string{"admin"})
|
|
client.setAuthToken(token)
|
|
|
|
resp, err := client.get("/api/v1/candidates")
|
|
if err != nil {
|
|
t.Fatalf("Request failed: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
t.Errorf("Expected 200, got %d", resp.StatusCode)
|
|
}
|
|
})
|
|
|
|
t.Run("List Candidates - As Candidate (Forbidden)", func(t *testing.T) {
|
|
candID := createTestCandidate(t)
|
|
token := createAuthToken(t, candID, companyID, []string{"candidate"})
|
|
client.setAuthToken(token)
|
|
|
|
resp, err := client.get("/api/v1/candidates")
|
|
if err != nil {
|
|
t.Fatalf("Request failed: %v", err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
// Candidates shouldn't mock list all candidates
|
|
if resp.StatusCode != http.StatusForbidden {
|
|
t.Errorf("Expected 403, got %d", resp.StatusCode)
|
|
}
|
|
})
|
|
}
|