@Test public void approveNotAllowedForOwningSupervisor() throws Exception { TravelExpenseReport travelExpenseReport = dataOnDemand.getRandomObject(); travelExpenseReport.setStatus(TravelExpenseReportStatus.SUBMITTED); repository.save(travelExpenseReport); mockMvc .perform( put("/travelExpenseReports/" + travelExpenseReport.getId() + "/approve") .session(supervisorSession(travelExpenseReport.getEmployee().getId()))) .andExpect(status().isForbidden()); SecurityContextHolder.getContext().setAuthentication(AuthorityMocks.adminAuthentication()); TravelExpenseReport one = repository.findOne(travelExpenseReport.getId()); assertThat(one.getStatus(), is(TravelExpenseReportStatus.SUBMITTED)); }
@Override protected String getJsonRepresentation(TravelExpenseReport travelExpenseReport) { StringWriter writer = new StringWriter(); JsonGenerator jg = jsonGeneratorFactory.createGenerator(writer); SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); jg.writeStartObject() .write("status", travelExpenseReport.getStatus().toString()) .write("employee", "/employees/" + travelExpenseReport.getEmployee().getId()) .write("debitor", "/companies/" + travelExpenseReport.getDebitor().getId()); if (travelExpenseReport.getSubmissionDate() != null) { jg.write("submissionDate", sdf.format(travelExpenseReport.getSubmissionDate())); } if (travelExpenseReport.getProject() != null) { jg.write("project", "/projects/" + travelExpenseReport.getProject().getId()); } if (travelExpenseReport.getId() != null) { jg.write("id", travelExpenseReport.getId()); } jg.writeEnd().close(); return writer.toString(); }