@Test
public void approveNotAllowedForOwningSupervisor() throws Exception {
TravelExpenseReport travelExpenseReport = dataOnDemand.getRandomObject();
travelExpenseReport.setStatus(TravelExpenseReportStatus.SUBMITTED);
repository.save(travelExpenseReport);
mockMvc
.perform(
put("/travelExpenseReports/" + travelExpenseReport.getId() + "/approve")
.session(supervisorSession(travelExpenseReport.getEmployee().getId())))
.andExpect(status().isForbidden());
SecurityContextHolder.getContext().setAuthentication(AuthorityMocks.adminAuthentication());
TravelExpenseReport one = repository.findOne(travelExpenseReport.getId());
assertThat(one.getStatus(), is(TravelExpenseReportStatus.SUBMITTED));
}
@Test
public void deleteEmployeeNotAllowed() throws Exception {
TravelExpenseReport travelExpenseReport = dataOnDemand.getRandomObject();
assertThat(
removeUrl(
supervisorSession(),
"/travelExpenseReports/" + travelExpenseReport.getId() + "/employee"),
isForbidden());
}
@Test
public void travelExpensesAllowedForSelf() throws Exception {
TravelExpenseReport travelExpenseReport = dataOnDemand.getRandomObject();
assertThat(
oneUrl(
employeeSession(travelExpenseReport.getEmployee().getId()),
"/travelExpenseReports/" + travelExpenseReport.getId() + "/expenses"),
isAccessible());
}
@Test
public void deleteForbiddenForOwnerIfSubmitted() throws Exception {
TravelExpenseReport travelExpenseReport = dataOnDemand.getRandomObject();
travelExpenseReport.setStatus(TravelExpenseReportStatus.SUBMITTED);
repository.save(travelExpenseReport);
assertThat(
removeUrl(
employeeSession(travelExpenseReport.getEmployee().getId()),
"/travelExpenseReports/" + travelExpenseReport.getId()),
isForbidden());
}
@Test
public void deleteForbiddenForOtherEvenIfPending() throws Exception {
TravelExpenseReport travelExpenseReport = dataOnDemand.getRandomObject();
travelExpenseReport.setStatus(TravelExpenseReportStatus.PENDING);
repository.save(travelExpenseReport);
assertThat(
removeUrl(
employeeSession(travelExpenseReport.getEmployee().getId() + 1),
"/travelExpenseReports/" + travelExpenseReport.getId()),
isForbidden());
}
@Override
protected String getJsonRepresentation(TravelExpenseReport travelExpenseReport) {
StringWriter writer = new StringWriter();
JsonGenerator jg = jsonGeneratorFactory.createGenerator(writer);
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
jg.writeStartObject()
.write("status", travelExpenseReport.getStatus().toString())
.write("employee", "/employees/" + travelExpenseReport.getEmployee().getId())
.write("debitor", "/companies/" + travelExpenseReport.getDebitor().getId());
if (travelExpenseReport.getSubmissionDate() != null) {
jg.write("submissionDate", sdf.format(travelExpenseReport.getSubmissionDate()));
}
if (travelExpenseReport.getProject() != null) {
jg.write("project", "/projects/" + travelExpenseReport.getProject().getId());
}
if (travelExpenseReport.getId() != null) {
jg.write("id", travelExpenseReport.getId());
}
jg.writeEnd().close();
return writer.toString();
}