|
8 | 8 | "testing" |
9 | 9 | "time" |
10 | 10 |
|
| 11 | + playlistp "go.senan.xyz/gonic/playlist" |
11 | 12 | "go.senan.xyz/gonic/server/ctrlsubsonic/spec" |
12 | 13 | ) |
13 | 14 |
|
@@ -115,3 +116,55 @@ func TestDeletePlaylist(t *testing.T) { |
115 | 116 | query{url.Values{}, "after_delete", false}, |
116 | 117 | ) |
117 | 118 | } |
| 119 | + |
| 120 | +func TestGetPlaylistDeniesOtherUsersPrivate(t *testing.T) { |
| 121 | + t.Parallel() |
| 122 | + f := newFixture(t) |
| 123 | + |
| 124 | + privateID := writePrivatePlaylist(t, f) |
| 125 | + |
| 126 | + body := f.query(t, f.contr.ServeGetPlaylist, f.alt, url.Values{ |
| 127 | + "id": {privateID}, |
| 128 | + }) |
| 129 | + var sub spec.SubsonicResponse |
| 130 | + if err := json.Unmarshal([]byte(body), &sub); err != nil { |
| 131 | + t.Fatalf("unmarshal: %v", err) |
| 132 | + } |
| 133 | + if sub.Response.Status != "failed" || sub.Response.Error == nil || sub.Response.Error.Code != 50 { |
| 134 | + t.Fatalf("expected error 50, got: %s", body) |
| 135 | + } |
| 136 | +} |
| 137 | + |
| 138 | +func TestDeletePlaylistDeniesOtherUsers(t *testing.T) { |
| 139 | + t.Parallel() |
| 140 | + f := newFixture(t) |
| 141 | + |
| 142 | + body := f.query(t, f.contr.ServeDeletePlaylist, f.alt, url.Values{ |
| 143 | + "id": {f.sharedPlaylistID()}, |
| 144 | + }) |
| 145 | + var sub spec.SubsonicResponse |
| 146 | + if err := json.Unmarshal([]byte(body), &sub); err != nil { |
| 147 | + t.Fatalf("unmarshal: %v", err) |
| 148 | + } |
| 149 | + if sub.Response.Status != "failed" || sub.Response.Error == nil || sub.Response.Error.Code != 50 { |
| 150 | + t.Fatalf("expected error 50, got: %s", body) |
| 151 | + } |
| 152 | + if _, err := f.contr.playlistStore.Read(filepath.Join("1", "shared.m3u")); err != nil { |
| 153 | + t.Fatalf("playlist was deleted despite auth failure: %v", err) |
| 154 | + } |
| 155 | +} |
| 156 | + |
| 157 | +func writePrivatePlaylist(t *testing.T, f *fixture) string { |
| 158 | + t.Helper() |
| 159 | + relPath := filepath.Join("1", "private.m3u") |
| 160 | + err := f.contr.playlistStore.Write(relPath, &playlistp.Playlist{ |
| 161 | + UserID: f.admin.ID, |
| 162 | + UpdatedAt: time.Date(2020, 5, 1, 12, 0, 0, 0, time.UTC), |
| 163 | + Name: "private playlist", |
| 164 | + IsPublic: false, |
| 165 | + }) |
| 166 | + if err != nil { |
| 167 | + t.Fatalf("write private playlist: %v", err) |
| 168 | + } |
| 169 | + return playlistIDEncode(relPath).String() |
| 170 | +} |
0 commit comments