diff --git a/scenarios/user-journey/negative-form-lifecycle/.env.example b/scenarios/user-journey/negative-form-lifecycle/.env.example index a2ce8964..03cfdce5 100644 --- a/scenarios/user-journey/negative-form-lifecycle/.env.example +++ b/scenarios/user-journey/negative-form-lifecycle/.env.example @@ -7,3 +7,6 @@ BASE_URL=http://127.0.0.1:4010 # User ID for internal login (debug authentication) # This should be a valid UUID of a user in the system LOGIN_USER_ID=00000000-0000-0000-0000-000000000001 + +# User ID for non-member 403 test (seeded via backend setup.yaml) +NON_MEMBER_LOGIN_USER_ID=b1c2d3e4-f5a6-7890-abcd-ef1234567890 diff --git a/scenarios/user-journey/negative-form-lifecycle/02a-form-creation-org-membership-negative.http b/scenarios/user-journey/negative-form-lifecycle/02a-form-creation-org-membership-negative.http index b353ceac..7347b7e7 100644 --- a/scenarios/user-journey/negative-form-lifecycle/02a-form-creation-org-membership-negative.http +++ b/scenarios/user-journey/negative-form-lifecycle/02a-form-creation-org-membership-negative.http @@ -10,18 +10,43 @@ ### +# ============================================ +# Login as non-member user (not in org-403-test) +# ============================================ +# Org creation adds the global admin as org admin; use a separate user for the 403 test. +# @name loginNonMember +# @ref getOrgFor403Test +POST {{BASE_URL}}/auth/login/internal +Content-Type: application/json + +{ + "uid": "{{NON_MEMBER_LOGIN_USER_ID}}" +} + +?? status == 200 + +### + # ============================================ # Create form under org before user is a member (expect 403) # ============================================ # Uses org from organization-lifecycle: org exists but current user is not a member. # @name createFormBeforeMember -# @ref createOrgFor403Test +# @ref loginNonMember POST {{BASE_URL}}/orgs/{{orgSlugNotMember}}/forms Content-Type: application/json { "title": "Should Be Forbidden", - "description": "User not yet a member", + "description": { + "type": "doc", + "content": [ + { + "type": "paragraph", + "content": [{ "type": "text", "text": "User not yet a member" }] + } + ] + }, "visibility": "PUBLIC" } @@ -41,11 +66,27 @@ Content-Type: application/json ### +# ============================================ +# Re-login as global admin for cleanup +# ============================================ +# @name adminLoginForCleanup +# @ref createFormBeforeMember +POST {{BASE_URL}}/auth/login/internal +Content-Type: application/json + +{ + "uid": "{{LOGIN_USER_ID}}" +} + +?? status == 200 + +### + # ============================================ # Get User Email # ============================================ # @name getUserEmail -# @ref createFormBeforeMember +# @ref adminLoginForCleanup GET {{BASE_URL}}/users/me ?? status == 200 diff --git a/scenarios/user-journey/organization-lifecycle/.env.example b/scenarios/user-journey/organization-lifecycle/.env.example index c88a2e3e..7d896d0f 100644 --- a/scenarios/user-journey/organization-lifecycle/.env.example +++ b/scenarios/user-journey/organization-lifecycle/.env.example @@ -10,3 +10,6 @@ BASE_URL=http://127.0.0.1:4010 # If you see a 404 "user not found" error, it means the LOGIN_USER_ID is invalid. # You must provide a real user UUID from your database/system. LOGIN_USER_ID=00000000-0000-0000-0000-000000000001 + +# User ID for non-member 403 test (seeded via backend setup.yaml) +NON_MEMBER_LOGIN_USER_ID=b1c2d3e4-f5a6-7890-abcd-ef1234567890