test_name: "Items management" includes: - !include includes.yaml strict: - headers:off - json:off stages: - name: "Login as user1 and get JWT token" request: url: "http://{server_address}:{server_port}/{api_base}/login" method: POST json: username: "{user1_login}" password: "{user1_password}" response: status_code: 200 json: status: success data: token: !anything save: json: user_token: "data.token" - name: "Add non-expired item 1" request: url: "http://{server_address}:{server_port}/{api_base}/items" method: POST headers: Authorization: "Bearer {user_token}" json: name: "Tavern Test Item" expirationDate: "2050-08-10T14:00:00" orderUrl: "{order_url}" response: status_code: 201 json: status: success data: id: !anything save: json: item_id: "data.id" - name: "Add non-expired item 2" request: url: "http://{server_address}:{server_port}/{api_base}/items" method: POST headers: Authorization: "Bearer {user_token}" json: name: "Tavern Test Item" expirationDate: "2050-08-10T14:00:00" orderUrl: "{order_url}" response: status_code: 201 json: status: success data: id: !anything save: json: item_id2: "data.id" - name: "Add expired item" request: url: "http://{server_address}:{server_port}/{api_base}/items" method: POST headers: Authorization: "Bearer {user_token}" json: name: "Tavern Test Item" expirationDate: "2000-08-10T14:00:00" orderUrl: "{order_url}" response: status_code: 201 json: status: success data: id: !anything - name: "Get item list" request: url: "http://{server_address}:{server_port}/{api_base}/items" method: GET headers: Authorization: "Bearer {user_token}" response: status_code: 200 json: status: "success" data: !anylist - name: "Get single existing item" request: url: "http://{server_address}:{server_port}/{api_base}/items/{item_id}" method: GET headers: Authorization: "Bearer {user_token}" response: status_code: 200 json: status: "success" data: id: !anything - name: "Get single non-existing item" request: url: "http://{server_address}:{server_port}/{api_base}/items/00000000-0000-0000-0000-000000000000" method: GET headers: Authorization: "Bearer {user_token}" response: status_code: 404 - name: "Delete item" request: url: "http://{server_address}:{server_port}/{api_base}/items/{item_id}" method: DELETE headers: Authorization: "Bearer {user_token}" response: status_code: 204 # login as user2 and test item access restrictions - name: "Login as user2 and get JWT token" request: url: "http://{server_address}:{server_port}/{api_base}/login" method: POST json: username: "{user2_login}" password: "{user2_password}" response: status_code: 200 json: status: success data: token: !anything save: json: user2_token: "data.token" - name: "User2 tries to access item2 created by user1 (should fail)" request: url: "http://{server_address}:{server_port}/{api_base}/items/{item_id2}" method: GET headers: Authorization: "Bearer {user2_token}" response: status_code: 404 - name: "User2 tries to delete item2 created by user1 (should fail)" request: url: "http://{server_address}:{server_port}/{api_base}/items/{item_id2}" method: DELETE headers: Authorization: "Bearer {user2_token}" response: status_code: 404 - name: "User2 adds own item" request: url: "http://{server_address}:{server_port}/{api_base}/items" method: POST headers: Authorization: "Bearer {user2_token}" json: name: "User2 Tavern Test Item" expirationDate: "2050-08-10T14:00:00" orderUrl: "{order_url}" response: status_code: 201 json: status: success data: id: !anything save: json: user2_item_id: "data.id" - name: "User2 gets item list (should only see own items)" request: url: "http://{server_address}:{server_port}/{api_base}/items" method: GET headers: Authorization: "Bearer {user2_token}" response: status_code: 200 json: status: "success" data: - !anydict id: "{user2_item_id}" name: "User2 Tavern Test Item"