marcel/familienarchiv
1
0
Fork 0
Code Issues 119 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix(ui): hide write/edit controls from READ_ALL (read-only) users (#696) #699

Merged
marcel merged 4 commits from feat/issue-696-hide-write-controls into main 2026-05-31 11:31:35 +02:00
Conversation 7 Commits 4 Files Changed 3 +14
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 5edefdd082 - Show all commits

14
backend/src/test/java/org/raddatz/familienarchiv/document/DocumentControllerTest.java
View File

@@ -297,6 +297,13 @@ class DocumentControllerTest {
.andExpect(status().isForbidden());
}
@Test
@WithMockUser(authorities = "READ_ALL")
void createDocument_returns403_forReaderOnly() throws Exception {
mockMvc.perform(multipart("/api/documents").with(csrf()))
.andExpect(status().isForbidden());
}
@Test
@WithMockUser(authorities = "WRITE_ALL")
void createDocument_returns200_whenHasWritePermission() throws Exception {
@@ -414,6 +421,13 @@ class DocumentControllerTest {
.andExpect(status().isForbidden());
}
@Test
@WithMockUser(authorities = "READ_ALL")
void quickUpload_returns403_forReaderOnly() throws Exception {
mockMvc.perform(multipart("/api/documents/quick-upload").with(csrf()))
.andExpect(status().isForbidden());
}
@Test
@WithMockUser(authorities = "WRITE_ALL")
void quickUpload_returns200_withValidPdfFile() throws Exception {