diff --git a/openadr-vtn/src/api/ven.rs b/openadr-vtn/src/api/ven.rs index 2f04306..76532af 100644 --- a/openadr-vtn/src/api/ven.rs +++ b/openadr-vtn/src/api/ven.rs @@ -40,14 +40,6 @@ pub async fn get( Path(id): Path, User(user): User, ) -> AppResponse { - if user.is_ven() { - if !user.ven_ids().iter().any(|vid| *vid == id) { - return Err(AppError::Forbidden("User does not have access to this VEN")); - } - } else if !user.is_ven_manager() { - return Err(AppError::Forbidden("User is not a VEN or VEN Manager")); - } - let ven = ven_source.retrieve(&id, &user.try_into()?).await?; Ok(Json(ven)) @@ -132,11 +124,11 @@ mod tests { state::AppState, }; - async fn request_all(app: Router, token: &str) -> Response { + async fn request_all(app: Router, token: &str, query_params: &str) -> Response { app.oneshot( Request::builder() .method(http::Method::GET) - .uri("/vens") + .uri(format!("/vens{query_params}")) .header(http::header::AUTHORIZATION, format!("Bearer {}", token)) .header(http::header::CONTENT_TYPE, mime::APPLICATION_JSON.as_ref()) .body(Body::empty()) @@ -165,7 +157,7 @@ mod tests { let token = jwt_test_token(&state, vec![AuthRole::VenManager]); let app = state.into_router(); - let resp = request_all(app, &token).await; + let resp = request_all(app, &token, "").await; assert_eq!(resp.status(), http::StatusCode::OK); let mut vens: Vec = get_response_json(resp).await; @@ -176,13 +168,44 @@ mod tests { assert_eq!(vens[1].id.as_str(), "ven-2"); } + #[sqlx::test(fixtures("users", "vens"))] + async fn get_all_filetred(db: PgPool) { + let state = test_state(db); + let token = jwt_test_token(&state, vec![AuthRole::VenManager]); + let app = state.clone().into_router(); + + let resp = request_all(app.clone(), &token, "?skip=1").await; + assert_eq!(resp.status(), http::StatusCode::OK); + let vens: Vec = get_response_json(resp).await; + assert_eq!(vens.len(), 1); + + let resp = request_all(app.clone(), &token, "?limit=1").await; + assert_eq!(resp.status(), http::StatusCode::OK); + let vens: Vec = get_response_json(resp).await; + assert_eq!(vens.len(), 1); + + let resp = request_all(app.clone(), &token, "?targetType=VEN_NAME&targetValues=ven-2-name").await; + assert_eq!(resp.status(), http::StatusCode::OK); + let vens: Vec = get_response_json(resp).await; + assert_eq!(vens.len(), 1); + assert_eq!(vens[0].id.as_str(), "ven-2"); + + let token = jwt_test_token(&state, vec![AuthRole::VEN("ven-1".parse().unwrap())]); + let app = state.into_router(); + + let resp = request_all(app.clone(), &token, "?targetType=VEN_NAME&targetValues=ven-1-name").await; + assert_eq!(resp.status(), http::StatusCode::OK); + let vens: Vec = get_response_json(resp).await; + assert_eq!(vens.len(), 0); + } + #[sqlx::test(fixtures("users", "vens"))] async fn get_all_ven_user(db: PgPool) { let state = test_state(db); let token = jwt_test_token(&state, vec![AuthRole::VEN("ven-1".parse().unwrap())]); let app = state.into_router(); - let resp = request_all(app, &token).await; + let resp = request_all(app, &token, "").await; assert_eq!(resp.status(), http::StatusCode::OK); let vens: Vec = get_response_json(resp).await; diff --git a/openadr-vtn/src/data_source/postgres/ven.rs b/openadr-vtn/src/data_source/postgres/ven.rs index d994d91..6cbd6ad 100644 --- a/openadr-vtn/src/data_source/postgres/ven.rs +++ b/openadr-vtn/src/data_source/postgres/ven.rs @@ -196,6 +196,8 @@ impl Crud for PgVenStorage { let pg_filter: PostgresFilter = filter.into(); trace!(?pg_filter); + dbg!(&pg_filter); + let ids = permissions.as_value(); let mut vens: Vec = sqlx::query_as!(