test(acceptance): verify filter/sort limitations

jaredcnance · jaredcnance · commit 072fa394ebe9 · 2018-01-03T06:11:05.000-06:00
diff --git a/src/Examples/JsonApiDotNetCoreExample/Models/TodoItem.cs b/src/Examples/JsonApiDotNetCoreExample/Models/TodoItem.cs
@@ -22,7 +22,7 @@ public TodoItem()
         [Attr("created-date")]
         public DateTime CreatedDate { get; set; }
 
-        [Attr("achieved-date")]
+        [Attr("achieved-date", isFilterable: false, isSortable: false)]
         public DateTime? AchievedDate { get; set; }
         
         public int? OwnerId { get; set; }
diff --git a/test/JsonApiDotNetCoreExampleTests/Acceptance/Spec/AttributeFilterTests.cs b/test/JsonApiDotNetCoreExampleTests/Acceptance/Spec/AttributeFilterTests.cs
@@ -1,4 +1,5 @@
-﻿using System.Linq;
+﻿using System;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Threading.Tasks;
@@ -8,8 +9,6 @@
 using JsonApiDotNetCoreExample;
 using JsonApiDotNetCoreExample.Data;
 using JsonApiDotNetCoreExample.Models;
-using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.TestHost;
 using Newtonsoft.Json;
 using Xunit;
 using Person = JsonApiDotNetCoreExample.Models.Person;
@@ -44,17 +43,13 @@ public async Task Can_Filter_On_Guid_Properties()
             var todoItem = _todoItemFaker.Generate();
             context.TodoItems.Add(todoItem);
             await context.SaveChangesAsync();
-            
-            var builder = new WebHostBuilder()
-                .UseStartup<Startup>();
+
             var httpMethod = new HttpMethod("GET");
             var route = $"/api/v1/todo-items?filter[guid-property]={todoItem.GuidProperty}";
-            var server = new TestServer(builder);
-            var client = server.CreateClient();
             var request = new HttpRequestMessage(httpMethod, route);
 
             // act
-            var response = await client.SendAsync(request);
+            var response = await _fixture.Client.SendAsync(request);
             var body = await response.Content.ReadAsStringAsync();
             var deserializedBody = _fixture
                 .GetService<IJsonApiDeSerializer>()
@@ -68,7 +63,6 @@ public async Task Can_Filter_On_Guid_Properties()
             Assert.Equal(todoItem.GuidProperty, todoItemResponse.GuidProperty);
         }
 
-
         [Fact]
         public async Task Can_Filter_On_Related_Attrs()
         {
@@ -79,17 +73,13 @@ public async Task Can_Filter_On_Related_Attrs()
             todoItem.Owner = person;
             context.TodoItems.Add(todoItem);
             await context.SaveChangesAsync();
-            
-            var builder = new WebHostBuilder()
-                .UseStartup<Startup>();
+
             var httpMethod = new HttpMethod("GET");
             var route = $"/api/v1/todo-items?include=owner&filter[owner.first-name]={person.FirstName}";
-            var server = new TestServer(builder);
-            var client = server.CreateClient();
             var request = new HttpRequestMessage(httpMethod, route);
 
             // act
-            var response = await client.SendAsync(request);
+            var response = await _fixture.Client.SendAsync(request);
             var body = await response.Content.ReadAsStringAsync();
             var documents = JsonConvert.DeserializeObject<Documents>(await response.Content.ReadAsStringAsync());
             var included = documents.Included;
@@ -101,5 +91,20 @@ public async Task Can_Filter_On_Related_Attrs()
             foreach(var item in included)
                 Assert.Equal(person.FirstName, item.Attributes["first-name"]);
         }
+
+        [Fact]
+        public async Task Cannot_Filter_If_Explicitly_Forbidden()
+        {
+            // arrange
+            var httpMethod = new HttpMethod("GET");
+            var route = $"/api/v1/todo-items?include=owner&filter[achieved-date]={DateTime.UtcNow.Date}";
+            var request = new HttpRequestMessage(httpMethod, route);
+
+            // act
+            var response = await _fixture.Client.SendAsync(request);
+
+            // assert
+            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        }
     }
 }
diff --git a/test/JsonApiDotNetCoreExampleTests/Acceptance/Spec/AttributeSortTests.cs b/test/JsonApiDotNetCoreExampleTests/Acceptance/Spec/AttributeSortTests.cs
@@ -0,0 +1,34 @@
+﻿using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using JsonApiDotNetCoreExample;
+using Xunit;
+
+namespace JsonApiDotNetCoreExampleTests.Acceptance.Spec
+{
+    [Collection("WebHostCollection")]
+    public class AttributeSortTests
+    {
+        private TestFixture<Startup> _fixture;
+
+        public AttributeSortTests(TestFixture<Startup> fixture)
+        {
+            _fixture = fixture;
+        }
+
+        [Fact]
+        public async Task Cannot_Sort_If_Explicitly_Forbidden()
+        {
+            // arrange
+            var httpMethod = new HttpMethod("GET");
+            var route = $"/api/v1/todo-items?include=owner&sort=achieved-date";
+            var request = new HttpRequestMessage(httpMethod, route);
+
+            // act
+            var response = await _fixture.Client.SendAsync(request);
+
+            // assert
+            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        }
+    }
+}
