diff --git a/_regroup/test-etapi/patch-attachment.http b/_regroup/test-etapi/patch-attachment.http deleted file mode 100644 index 44ffe696f..000000000 --- a/_regroup/test-etapi/patch-attachment.http +++ /dev/null @@ -1,79 +0,0 @@ -POST {{triliumHost}}/etapi/create-note -Authorization: {{authToken}} -Content-Type: application/json - -{ - "parentNoteId": "root", - "title": "Hello", - "type": "text", - "content": "Hi there!" -} - -> {% client.global.set("createdNoteId", response.body.note.noteId); %} - -### - -POST {{triliumHost}}/etapi/attachments -Authorization: {{authToken}} -Content-Type: application/json - -{ - "ownerId": "{{createdNoteId}}", - "role": "file", - "mime": "text/plain", - "title": "my attachment", - "content": "text" -} - -> {% client.global.set("createdAttachmentId", response.body.attachmentId); %} - -### - -PATCH {{triliumHost}}/etapi/attachments/{{createdAttachmentId}} -Authorization: {{authToken}} -Content-Type: application/json - -{ - "title": "CHANGED", - "position": 999 -} - -### - -GET {{triliumHost}}/etapi/attachments/{{createdAttachmentId}} -Authorization: {{authToken}} - -> {% - client.assert(response.body.title === "CHANGED"); - client.assert(response.body.position === 999); -%} - -### - -PATCH {{triliumHost}}/etapi/attachments/{{createdAttachmentId}} -Authorization: {{authToken}} -Content-Type: application/json - -{ - "ownerId": "root" -} - -> {% - client.assert(response.status === 400); - client.assert(response.body.code == "PROPERTY_NOT_ALLOWED"); -%} - -### - -PATCH {{triliumHost}}/etapi/attachments/{{createdAttachmentId}} -Authorization: {{authToken}} -Content-Type: application/json - -{ - "title": null -} - -> {% - client.assert(response.status === 400); - client.assert(response.body.code == "PROPERTY_VALIDATION_ERROR"); -%} diff --git a/apps/server/spec/etapi/patch-attachment.spec.ts b/apps/server/spec/etapi/patch-attachment.spec.ts new file mode 100644 index 000000000..706ac7fbb --- /dev/null +++ b/apps/server/spec/etapi/patch-attachment.spec.ts @@ -0,0 +1,78 @@ +import { Application } from "express"; +import { beforeAll, describe, expect, it } from "vitest"; +import supertest from "supertest"; +import { createNote, login } from "./utils.js"; +import config from "../../src/services/config.js"; + +let app: Application; +let token: string; + +const USER = "etapi"; +let createdNoteId: string; +let createdAttachmentId: string; + +describe("etapi/attachment-content", () => { + beforeAll(async () => { + config.General.noAuthentication = false; + const buildApp = (await (import("../../src/app.js"))).default; + app = await buildApp(); + token = await login(app); + + createdNoteId = await createNote(app, token); + + // Create an attachment + const response = await supertest(app) + .post(`/etapi/attachments`) + .auth(USER, token, { "type": "basic"}) + .send({ + "ownerId": createdNoteId, + "role": "file", + "mime": "text/plain", + "title": "my attachment", + "content": "text" + }); + createdAttachmentId = response.body.attachmentId; + expect(createdAttachmentId).toBeTruthy(); + }); + + it("changes title and position", async () => { + const state = { + title: "CHANGED", + position: 999 + } + await supertest(app) + .patch(`/etapi/attachments/${createdAttachmentId}`) + .auth(USER, token, { "type": "basic"}) + .send(state) + .expect(200); + + // Ensure it got changed. + const response = await supertest(app) + .get(`/etapi/attachments/${createdAttachmentId}`) + .auth(USER, token, { "type": "basic"}); + expect(response.body).toMatchObject(state); + }); + + it("forbids changing owner", async () => { + const response = await supertest(app) + .patch(`/etapi/attachments/${createdAttachmentId}`) + .auth(USER, token, { "type": "basic"}) + .send({ + ownerId: "root" + }) + .expect(400); + expect(response.body.code).toStrictEqual("PROPERTY_NOT_ALLOWED"); + }); + + it("handles validation error", async () => { + const response = await supertest(app) + .patch(`/etapi/attachments/${createdAttachmentId}`) + .auth(USER, token, { "type": "basic"}) + .send({ + title: null + }) + .expect(400); + expect(response.body.code).toStrictEqual("PROPERTY_VALIDATION_ERROR"); + }); + +});