add backend managecomments tests

2025-12-13 07:46:06 +00:00 · 2019-06-13 13:00:20 -07:00 · 2019-06-13 13:00:20 -07:00 · 3cc05c0916
commit 3cc05c0916
parent d91221fe7e
4 changed files with 147 additions and 72 deletions
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@ -113,6 +113,7 @@ const permissions = shield({
    enable: isModerator,
    disable: isModerator,
    CreateComment: isAuthenticated,
+    UpdateComment: isAuthor,
    DeleteComment: isAuthor,
    // CreateUser: allow,
  },
--- a/backend/src/middleware/validation/index.js
+++ b/backend/src/middleware/validation/index.js
@ -22,17 +22,12 @@ const validateUrl = async (resolve, root, args, context, info) => {
  }
 }

-const validateComment = async (resolve, root, args, context, info) => {
+const validateUpdateComment = async (resolve, root, args, context, info) => {
  const COMMENT_MIN_LENGTH = 1
  const content = args.content.replace(/<(?:.|\n)*?>/gm, '').trim()
  if (!args.content || content.length < COMMENT_MIN_LENGTH) {
    throw new UserInputError(`Comment must be at least ${COMMENT_MIN_LENGTH} character long!`)
  }
-  const NO_POST_ERR_MESSAGE = 'Comment cannot be created without a post!'
-  const { postId } = args
-  if (!postId) {
-    throw new UserInputError(NO_POST_ERR_MESSAGE)
-  }
  /* eslint-disable-next-line no-return-await */
  return await resolve(root, args, context, info)
 }
@ -42,7 +37,6 @@ export default {
    CreateUser: validateUsername,
    UpdateUser: validateUsername,
    CreateSocialMedia: validateUrl,
-    CreateComment: validateComment,
-    UpdateComment: validateComment,
+    UpdateComment: validateUpdateComment,
  },
 }
--- a/backend/src/schema/resolvers/comments.js
+++ b/backend/src/schema/resolvers/comments.js
@ -1,11 +1,13 @@
 import { neo4jgraphql } from 'neo4j-graphql-js'
 import { UserInputError } from 'apollo-server'

+const COMMENT_MIN_LENGTH = 1
 const NO_POST_ERR_MESSAGE = 'Comment cannot be created without a post!'

 export default {
  Mutation: {
    CreateComment: async (object, params, context, resolveInfo) => {
+      const content = params.content.replace(/<(?:.|\n)*?>/gm, '').trim()
      const { postId } = params
      // Adding relationship from comment to post by passing in the postId,
      // but we do not want to create the comment with postId as an attribute
@ -13,6 +15,13 @@ export default {
      // before comment creation.
      delete params.postId

+      if (!params.content || content.length < COMMENT_MIN_LENGTH) {
+        throw new UserInputError(`Comment must be at least ${COMMENT_MIN_LENGTH} character long!`)
+      }
+      if (!postId.trim()) {
+        throw new UserInputError(NO_POST_ERR_MESSAGE)
+      }
+
      const session = context.driver.session()
      const postQueryRes = await session.run(
        `
--- a/backend/src/schema/resolvers/comments.spec.js
+++ b/backend/src/schema/resolvers/comments.spec.js
@ -9,9 +9,10 @@ let createCommentVariables
 let createPostVariables
 let createCommentVariablesSansPostId
 let createCommentVariablesWithNonExistentPost
+let asAuthor

 beforeEach(async () => {
-  await factory.create('User', {
+  asAuthor = await factory.create('User', {
    email: 'test@example.org',
    password: '1234',
  })
@ -211,22 +212,9 @@ describe('CreateComment', () => {
  })
 })

-describe('DeleteComment', () => {
-  const deleteCommentMutation = gql`
-    mutation($id: ID!) {
-      DeleteComment(id: $id) {
-        id
-      }
-    }
-  `
-
-  let deleteCommentVariables = {
-    id: 'c1',
-  }
-
+describe('ManageComments', () => {
  beforeEach(async () => {
-    const asAuthor = Factory()
-    await asAuthor.create('User', {
+    asAuthor = await factory.create('User', {
      email: 'author@example.org',
      password: '1234',
    })
@ -245,55 +233,138 @@ describe('DeleteComment', () => {
    })
  })

-  describe('unauthenticated', () => {
-    it('throws authorization error', async () => {
-      client = new GraphQLClient(host)
-      await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow(
-        'Not Authorised',
-      )
-    })
-  })
-
-  describe('authenticated but not the author', () => {
-    beforeEach(async () => {
-      let headers
-      headers = await login({
-        email: 'test@example.org',
-        password: '1234',
-      })
-      client = new GraphQLClient(host, {
-        headers,
-      })
-    })
-
-    it('throws authorization error', async () => {
-      await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow(
-        'Not Authorised',
-      )
-    })
-  })
-
-  describe('authenticated as author', () => {
-    beforeEach(async () => {
-      let headers
-      headers = await login({
-        email: 'author@example.org',
-        password: '1234',
-      })
-      client = new GraphQLClient(host, {
-        headers,
-      })
-    })
-
-    it('deletes the comment', async () => {
-      const expected = {
-        DeleteComment: {
-          id: 'c1',
-        },
+  describe('UpdateComment', () => {
+    const updateCommentMutation = gql`
+      mutation($content: String!, $id: ID!) {
+        UpdateComment(content: $content, id: $id) {
+          id
+          content
+        }
      }
-      await expect(client.request(deleteCommentMutation, deleteCommentVariables)).resolves.toEqual(
-        expected,
-      )
+    `
+
+    let updateCommentVariables = {
+      id: 'c1',
+      content: 'The comment is updated',
+    }
+
+    describe('unauthenticated', () => {
+      it('throws authorization error', async () => {
+        client = new GraphQLClient(host)
+        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
+          'Not Authorised',
+        )
+      })
+    })
+
+    describe('authenticated but not the author', () => {
+      beforeEach(async () => {
+        let headers
+        headers = await login({
+          email: 'test@example.org',
+          password: '1234',
+        })
+        client = new GraphQLClient(host, {
+          headers,
+        })
+      })
+
+      it('throws authorization error', async () => {
+        await expect(client.request(updateCommentMutation, updateCommentVariables)).rejects.toThrow(
+          'Not Authorised',
+        )
+      })
+    })
+
+    describe('authenticated as author', () => {
+      beforeEach(async () => {
+        let headers
+        headers = await login({
+          email: 'author@example.org',
+          password: '1234',
+        })
+        client = new GraphQLClient(host, {
+          headers,
+        })
+      })
+
+      it('updates the comment', async () => {
+        const expected = {
+          UpdateComment: {
+            id: 'c1',
+            content: 'The comment is updated',
+          },
+        }
+        await expect(
+          client.request(updateCommentMutation, updateCommentVariables),
+        ).resolves.toEqual(expected)
+      })
+    })
+  })
+
+  describe('DeleteComment', () => {
+    const deleteCommentMutation = gql`
+      mutation($id: ID!) {
+        DeleteComment(id: $id) {
+          id
+        }
+      }
+    `
+
+    let deleteCommentVariables = {
+      id: 'c1',
+    }
+
+    describe('unauthenticated', () => {
+      it('throws authorization error', async () => {
+        client = new GraphQLClient(host)
+        await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow(
+          'Not Authorised',
+        )
+      })
+    })
+
+    describe('authenticated but not the author', () => {
+      beforeEach(async () => {
+        let headers
+        headers = await login({
+          email: 'test@example.org',
+          password: '1234',
+        })
+        client = new GraphQLClient(host, {
+          headers,
+        })
+      })
+
+      it('throws authorization error', async () => {
+        await expect(client.request(deleteCommentMutation, deleteCommentVariables)).rejects.toThrow(
+          'Not Authorised',
+        )
+      })
+    })
+
+    describe('authenticated as author', () => {
+      beforeEach(async () => {
+        let headers
+        headers = await login({
+          email: 'author@example.org',
+          password: '1234',
+        })
+        client = new GraphQLClient(host, {
+          headers,
+        })
+      })
+
+      it('deletes the comment', async () => {
+        const expected = {
+          DeleteComment: {
+            id: 'c1',
+          },
+        }
+        await expect(
+          client.request(deleteCommentMutation, deleteCommentVariables),
+        ).resolves.toEqual(expected)
+      })
    })
  })
 })