Add simple integ. tests & stubs for system

system/repository/application_test.go

@@ -1,68 +0,0 @@
-// +build integration
-
-package repository
-
-import (
-	"context"
-	"testing"
-
-	"github.com/pkg/errors"
-	"github.com/titpetric/factory"
-
-	"github.com/cortezaproject/corteza-server/internal/test"
-	"github.com/cortezaproject/corteza-server/system/types"
-)
-
-func TestApplication(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping test in short mode.")
-		return
-	}
-
-	db := factory.Database.MustGet("system")
-
-	// Create application repository.
-	crepo := Application(context.Background(), db)
-
-	// Run tests in transaction to maintain DB state.
-	test.Error(t, db.Transaction(func() error {
-		db.Exec("DELETE FROM sys_application WHERE 1=1")
-
-		app := &types.Application{
-			Name:    "created",
-			Enabled: true,
-			OwnerID: 1,
-			Unify: &types.ApplicationUnify{
-				Name:   "created",
-				Listed: true,
-				Order:  1,
-				Icon:   "...ico",
-			},
-		}
-
-		app, err := crepo.Create(app)
-		test.NoError(t, err, "Application.Create error: %+v", err)
-		test.Assert(t, app.Valid(), "Expecting application to be valid after creation")
-		test.Assert(t, app.Name == "created", "Expecting application name to be set, got %q", app.Name)
-		test.Assert(t, app.Enabled, "Expecting application to be enabled")
-		test.Assert(t, app.Unify.Name == "created", "Expecting application name to be set in unify, got %q", app.Name)
-		test.Assert(t, app.Unify.Listed, "Expecting application to be listed in unify")
-		test.Assert(t, app.Unify.Order == 1, "Expecting application name to have order val 1")
-
-		app.Name = "updated"
-		app.Enabled = false
-		app.Unify.Name = "updated"
-		app.Unify.Listed = false
-		app, err = crepo.Update(app)
-
-		test.NoError(t, err, "Application.Create error: %+v", err)
-		test.Assert(t, err == nil, "Application.Create error: %+v", err)
-		test.Assert(t, app.Name == "updated", "Expecting application name to be updated")
-		test.Assert(t, !app.Enabled, "Expecting application to be disabled")
-		test.Assert(t, app.Unify.Name == "updated", "Expecting application name to be updated in unify")
-		test.Assert(t, !app.Unify.Listed, "Expecting application to be unlisted in unify")
-
-		return errors.New("Rollback")
-	}), "expected rollback error")
-
-}

system/repository/credentials_test.go

@@ -1,60 +0,0 @@
-// +build integration
-
-package repository
-
-import (
-	"context"
-	"testing"
-
-	"github.com/pkg/errors"
-	"github.com/titpetric/factory"
-
-	"github.com/cortezaproject/corteza-server/internal/test"
-	"github.com/cortezaproject/corteza-server/system/types"
-)
-
-func TestCredentials(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping test in short mode.")
-		return
-	}
-
-	db := factory.Database.MustGet("system")
-
-	// Create credentials repository.
-	crepo := Credentials(context.Background(), db)
-
-	// Run tests in transaction to maintain DB state.
-	test.Error(t, db.Transaction(func() error {
-		db.Exec("DELETE FROM sys_credentials WHERE 1=1")
-
-		cc := types.CredentialsSet{
-			&types.Credentials{OwnerID: 10000, Kind: "li", Credentials: "linkedin-profile-id"},
-			&types.Credentials{OwnerID: 10000, Kind: "google", Credentials: "google-profile-id"},
-			&types.Credentials{OwnerID: 20000, Kind: "fb", Credentials: "facebook-profile-id"},
-		}
-
-		for _, c := range cc {
-			cNew, err := crepo.Create(c)
-			test.Assert(t, err == nil, "Credentials.Create error: %+v", err)
-			test.Assert(t, c.ID > 0, "Expecting credentials to have a valid ID")
-			test.Assert(t, c.Valid(), "Expecting credentials to be valid after creation")
-
-			_, err = crepo.FindByID(cNew.ID)
-			test.Assert(t, err == nil, "Credentials.FindByID error: %+v", err)
-
-			{
-				r, err := crepo.FindByKind(c.OwnerID, c.Kind)
-				test.Assert(t, err == nil, "Credentials.FindByKind error: %+v", err)
-				test.Assert(t, len(r) == 1, "Expecting exactly 1 result from FindByKind, got: %d", len(r))
-			}
-
-			{
-				r, err := crepo.FindByCredentials(c.Kind, c.Credentials)
-				test.Assert(t, err == nil, "Credentials.FindByKind error: %+v", err)
-				test.Assert(t, len(r) == 1, "Expecting exactly 1 result from FindByCredentials, got: %d", len(r))
-			}
-		}
-		return errors.New("Rollback")
-	}), "expected rollback error")
-}

system/repository/organisation.go

@@ -13,13 +13,13 @@ type (
 	OrganisationRepository interface {
 		With(ctx context.Context, db *factory.DB) OrganisationRepository
 
-		FindOrganisationByID(id uint64) (*types.Organisation, error)
-		FindOrganisations(filter *types.OrganisationFilter) ([]*types.Organisation, error)
-		CreateOrganisation(mod *types.Organisation) (*types.Organisation, error)
-		UpdateOrganisation(mod *types.Organisation) (*types.Organisation, error)
-		ArchiveOrganisationByID(id uint64) error
-		UnarchiveOrganisationByID(id uint64) error
-		DeleteOrganisationByID(id uint64) error
+		FindByID(id uint64) (*types.Organisation, error)
+		Find(filter *types.OrganisationFilter) ([]*types.Organisation, error)
+		Create(mod *types.Organisation) (*types.Organisation, error)
+		Update(mod *types.Organisation) (*types.Organisation, error)
+		ArchiveByID(id uint64) error
+		UnarchiveByID(id uint64) error
+		DeleteByID(id uint64) error
 	}
 
 	organisation struct {
@@ -48,14 +48,14 @@ func (r *organisation) With(ctx context.Context, db *factory.DB) OrganisationRep
 	}
 }
 
-func (r *organisation) FindOrganisationByID(id uint64) (*types.Organisation, error) {
+func (r *organisation) FindByID(id uint64) (*types.Organisation, error) {
 	sql := "SELECT * FROM " + r.organisations + " WHERE id = ? AND " + sqlOrganisationScope
 	mod := &types.Organisation{}
 
 	return mod, isFound(r.db().Get(mod, sql, id), mod.ID > 0, ErrOrganisationNotFound)
 }
 
-func (r *organisation) FindOrganisations(filter *types.OrganisationFilter) ([]*types.Organisation, error) {
+func (r *organisation) Find(filter *types.OrganisationFilter) ([]*types.Organisation, error) {
 	rval := make([]*types.Organisation, 0)
 	params := make([]interface{}, 0)
 	sql := "SELECT * FROM " + r.organisations + " WHERE " + sqlOrganisationScope
@@ -72,27 +72,27 @@ func (r *organisation) FindOrganisations(filter *types.OrganisationFilter) ([]*t
 	return rval, r.db().Select(&rval, sql, params...)
 }
 
-func (r *organisation) CreateOrganisation(mod *types.Organisation) (*types.Organisation, error) {
+func (r *organisation) Create(mod *types.Organisation) (*types.Organisation, error) {
 	mod.ID = factory.Sonyflake.NextID()
 	mod.CreatedAt = time.Now()
 
 	return mod, r.db().Insert(r.organisations, mod)
 }
 
-func (r *organisation) UpdateOrganisation(mod *types.Organisation) (*types.Organisation, error) {
+func (r *organisation) Update(mod *types.Organisation) (*types.Organisation, error) {
 	mod.UpdatedAt = timeNowPtr()
 
 	return mod, r.db().Replace(r.organisations, mod)
 }
 
-func (r *organisation) ArchiveOrganisationByID(id uint64) error {
+func (r *organisation) ArchiveByID(id uint64) error {
 	return r.updateColumnByID(r.organisations, "archived_at", time.Now(), id)
 }
 
-func (r *organisation) UnarchiveOrganisationByID(id uint64) error {
+func (r *organisation) UnarchiveByID(id uint64) error {
 	return r.updateColumnByID(r.organisations, "archived_at", nil, id)
 }
 
-func (r *organisation) DeleteOrganisationByID(id uint64) error {
+func (r *organisation) DeleteByID(id uint64) error {
 	return r.updateColumnByID(r.organisations, "deleted_at", time.Now(), id)
 }

system/repository/organisation_test.go

@@ -1,73 +0,0 @@
-// +build integration
-
-package repository
-
-import (
-	"context"
-	"testing"
-
-	"github.com/pkg/errors"
-	"github.com/titpetric/factory"
-
-	"github.com/cortezaproject/corteza-server/internal/test"
-	"github.com/cortezaproject/corteza-server/system/types"
-)
-
-func TestOrganisation(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping test in short mode.")
-		return
-	}
-
-	db := factory.Database.MustGet("system")
-
-	// Run tests in transaction to maintain DB state.
-	test.Error(t, db.Transaction(func() error {
-		rpo := Organisation(context.Background(), db)
-		org := &types.Organisation{
-			Name: "Test organisation v1",
-		}
-
-		{
-			oa, err := rpo.CreateOrganisation(org)
-			test.Assert(t, err == nil, "CreateOrganisation error: %+v", err)
-			test.Assert(t, oa.Name == org.Name, "Changes were not stored")
-		}
-
-		{
-			org.Name = "Test organisation v2"
-
-			oa, err := rpo.UpdateOrganisation(org)
-			test.Assert(t, err == nil, "UpdateOrganisation error: %+v", err)
-			test.Assert(t, oa.Name == org.Name, "Changes were not stored")
-		}
-
-		{
-			oa, err := rpo.FindOrganisationByID(org.ID)
-			test.Assert(t, err == nil, "FindOrganisationByID error: %+v", err)
-			test.Assert(t, oa.Name == org.Name, "Changes were not stored")
-		}
-
-		{
-			oa, err := rpo.FindOrganisations(&types.OrganisationFilter{Query: org.Name})
-			test.Assert(t, err == nil, "FindOrganisations error: %+v", err)
-			test.Assert(t, len(oa) != 0, "No results found")
-		}
-
-		{
-			err := rpo.ArchiveOrganisationByID(org.ID)
-			test.Assert(t, err == nil, "ArchiveOrganisationByID error: %+v", err)
-		}
-
-		{
-			err := rpo.UnarchiveOrganisationByID(org.ID)
-			test.Assert(t, err == nil, "UnarchiveOrganisationByID error: %+v", err)
-		}
-
-		{
-			err := rpo.DeleteOrganisationByID(org.ID)
-			test.Assert(t, err == nil, "DeleteOrganisationByID error: %+v", err)
-		}
-		return errors.New("Rollback")
-	}), "expected rollback error")
-}

system/repository/role_test.go

@@ -1,109 +0,0 @@
-// +build integration
-
-package repository
-
-import (
-	"context"
-	"testing"
-
-	"github.com/pkg/errors"
-	"github.com/titpetric/factory"
-
-	"github.com/cortezaproject/corteza-server/internal/test"
-	"github.com/cortezaproject/corteza-server/system/types"
-)
-
-func TestRole(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping test in short mode.")
-		return
-	}
-
-	db := factory.Database.MustGet("system")
-
-	test.Error(t, db.Transaction(func() error {
-		userRepo := User(context.Background(), db)
-		user := &types.User{
-			Name:     "John Role Doe",
-			Username: "johndoe",
-		}
-		{
-			u1, err := userRepo.Create(user)
-			test.Assert(t, err == nil, "Owner.Create error: %+v", err)
-			test.Assert(t, user.ID == u1.ID, "Changes were not stored")
-		}
-
-		roleRepo := Role(context.Background(), db)
-		role := &types.Role{
-			Name: "Test role v1",
-		}
-
-		{
-			t1, err := roleRepo.Create(role)
-			test.Assert(t, err == nil, "Role.Create error: %+v", err)
-			test.Assert(t, role.Name == t1.Name, "Changes were not stored")
-		}
-
-		{
-			role.Name = "Test role v2"
-			t1, err := roleRepo.Update(role)
-			test.Assert(t, err == nil, "Role.Update error: %+v", err)
-			test.Assert(t, role.Name == t1.Name, "Changes were not stored")
-		}
-
-		{
-			t1, err := roleRepo.FindByID(role.ID)
-			test.Assert(t, err == nil, "Role.FindByID error: %+v", err)
-			test.Assert(t, role.Name == t1.Name, "Changes were not stored")
-		}
-
-		{
-			aa, err := roleRepo.Find(&types.RoleFilter{Query: role.Name})
-			test.Assert(t, err == nil, "Role.Find error: %+v", err)
-			test.Assert(t, len(aa) > 0, "No results found")
-		}
-
-		{
-			err := roleRepo.ArchiveByID(role.ID)
-			test.Assert(t, err == nil, "Role.ArchiveByID error: %+v", err)
-		}
-
-		{
-			err := roleRepo.UnarchiveByID(role.ID)
-			test.Assert(t, err == nil, "Role.UnarchiveByID error: %+v", err)
-		}
-
-		{
-			err := roleRepo.MemberAddByID(role.ID, user.ID)
-			test.Assert(t, err == nil, "Role.MemberAddByID error: %+v", err)
-		}
-
-		{
-			roles, err := roleRepo.FindByMemberID(user.ID)
-			test.Assert(t, err == nil, "Role.FindByMemberID error: %+v", err)
-			test.Assert(t, len(roles) > 0, "No results found")
-		}
-
-		{
-			roles, err := roleRepo.FindByMemberID(0)
-			test.Assert(t, err == nil, "Role.FindByMemberID error: %+v", err)
-			test.Assert(t, len(roles) == 0, "Results found")
-		}
-
-		{
-			err := roleRepo.MemberRemoveByID(role.ID, user.ID)
-			test.Assert(t, err == nil, "Role.MemberRemoveByID error: %+v", err)
-		}
-
-		{
-			err := roleRepo.DeleteByID(role.ID)
-			test.Assert(t, err == nil, "Role.DeleteByID error: %+v", err)
-		}
-
-		{
-			err := userRepo.DeleteByID(user.ID)
-			test.Assert(t, err == nil, "Owner.DeleteByID error: %+v", err)
-		}
-		return errors.New("Rollback")
-	}), "expected rollback error")
-}

system/repository/user_test.go

@@ -1,67 +0,0 @@
-// +build integration
-
-package repository
-
-import (
-	"context"
-	"testing"
-
-	"github.com/pkg/errors"
-	"github.com/titpetric/factory"
-
-	"github.com/cortezaproject/corteza-server/internal/test"
-	"github.com/cortezaproject/corteza-server/system/types"
-)
-
-func TestUser(t *testing.T) {
-	if testing.Short() {
-		t.Skip("skipping test in short mode.")
-		return
-	}
-
-	db := factory.Database.MustGet("system")
-
-	// Run tests in transaction to maintain DB state.
-	test.Error(t, db.Transaction(func() error {
-		userRepo := User(context.Background(), db)
-		user := &types.User{
-			Name:     "John User Doe",
-			Username: "johndoe",
-			Meta: &types.UserMeta{
-				Avatar: "123",
-			},
-		}
-		{
-			uu, err := userRepo.Create(user)
-			test.Assert(t, err == nil, "Owner.Create error: %+v", err)
-			test.Assert(t, user.ID == uu.ID, "Changes were not stored")
-		}
-
-		roleRepo := Role(context.Background(), db)
-		role := &types.Role{
-			Name: "Test role v1",
-		}
-
-		{
-			t1, err := roleRepo.Create(role)
-			test.Assert(t, err == nil, "Role.Create error: %+v", err)
-			test.Assert(t, role.Name == t1.Name, "Changes were not stored")
-
-			err = roleRepo.MemberAddByID(t1.ID, user.ID)
-			test.Assert(t, err == nil, "Role.MemberAddByID error: %+v", err)
-		}
-
-		{
-			uu, err := userRepo.FindByID(user.ID)
-			test.Assert(t, err == nil, "Owner.FindByID error: %+v", err)
-			test.Assert(t, uu.Meta.Avatar == "123", "Expected avatar to be '123', got '%s'", uu.Meta.Avatar)
-		}
-
-		{
-			users, _, err := userRepo.Find(types.UserFilter{Query: "John User Doe"})
-			test.Assert(t, err == nil, "Owner.Find error: %+v", err)
-			test.Assert(t, len(users) == 1, "Owner.Find: expected 1 user, got %d", len(users))
-		}
-		return errors.New("Rollback")
-	}), "expected rollback error")
-}

system/service/access_control.go

@@ -66,7 +66,7 @@ func (svc accessControl) CanCreateOrganisation(ctx context.Context) bool {
 }
 
 func (svc accessControl) CanCreateUser(ctx context.Context) bool {
-	return svc.can(ctx, types.SystemPermissionResource, "user.create", permissions.Allowed)
+	return svc.can(ctx, types.SystemPermissionResource, "user.create")
 }
 
 func (svc accessControl) CanCreateRole(ctx context.Context) bool {

system/service/error.go

@@ -13,6 +13,7 @@ const (
 	ErrNoPermissions                  serviceError = "NoPermissions"
 	ErrNoGrantPermissions             serviceError = "NoGrantPermissions"
 	ErrNoCreatePermissions            serviceError = "NoCreatePermissions"
+	ErrNoUpdatePermissions            serviceError = "NoUpdatePermissions"
 	ErrNoReadPermissions              serviceError = "NoReadPermissions"
 	ErrNoTriggerManagementPermissions serviceError = "NoTriggerManagementPermissions"
 	ErrNoScriptCreatePermissions      serviceError = "NoScriptCreatePermissions"

system/service/organisation.go

@@ -58,48 +58,48 @@ func (svc organisation) With(ctx context.Context) OrganisationService {
 
 func (svc organisation) FindByID(id uint64) (*types.Organisation, error) {
 	// @todo: permission check if current user can read organisation
-	return svc.rpo.FindOrganisationByID(id)
+	return svc.rpo.FindByID(id)
 }
 
 func (svc organisation) Find(filter *types.OrganisationFilter) ([]*types.Organisation, error) {
 	// @todo: permission check to return only organisations that organisation has access to
 	// @todo: actual searching not just a full select
-	return svc.rpo.FindOrganisations(filter)
+	return svc.rpo.Find(filter)
 }
 
 func (svc organisation) Create(mod *types.Organisation) (*types.Organisation, error) {
 	// @todo: permission check if current user can add/edit organisation
 	// @todo: make sure archived & deleted entries can not be edited
 
-	return svc.rpo.CreateOrganisation(mod)
+	return svc.rpo.Create(mod)
 }
 
 func (svc organisation) Update(mod *types.Organisation) (*types.Organisation, error) {
 	// @todo: permission check if current user can add/edit organisation
 	// @todo: make sure archived & deleted entries can not be edited
 
-	return svc.rpo.UpdateOrganisation(mod)
+	return svc.rpo.Update(mod)
 }
 
 func (svc organisation) Delete(id uint64) error {
 	// @todo: permissions check if current user can remove organisation
 	// @todo: make history unavailable
 	// @todo: notify users that organisation has been removed (remove from web UI)
-	return svc.rpo.DeleteOrganisationByID(id)
+	return svc.rpo.DeleteByID(id)
 }
 
 func (svc organisation) Archive(id uint64) error {
 	// @todo: make history unavailable
 	// @todo: notify users that organisation has been removed (remove from web UI)
 	// @todo: permissions check if current user can archive organisation
-	return svc.rpo.ArchiveOrganisationByID(id)
+	return svc.rpo.ArchiveByID(id)
 }
 
 func (svc organisation) Unarchive(id uint64) error {
 	// @todo: make history unavailable
 	// @todo: notify users that organisation has been removed (remove from web UI)
 	// @todo: permissions check if current user can unarchive organisation
-	return svc.rpo.UnarchiveOrganisationByID(id)
+	return svc.rpo.UnarchiveByID(id)
 }
 
 var _ OrganisationService = &organisation{}

system/service/role.go

@@ -11,6 +11,11 @@ import (
 	"github.com/cortezaproject/corteza-server/system/types"
 )
 
+const (
+	ErrRoleNameNotUnique   = serviceError("RoleNameNotUnique")
+	ErrRoleHandleNotUnique = serviceError("RoleHandleNotUnique")
+)
+
 type (
 	role struct {
 		db     *factory.DB
@@ -123,7 +128,7 @@ func (svc role) FindByHandle(handle string) (*types.Role, error) {
 
 func (svc role) Create(mod *types.Role) (t *types.Role, err error) {
 	if !svc.ac.CanCreateRole(svc.ctx) {
-		return nil, ErrNoPermissions.withStack()
+		return nil, ErrNoCreatePermissions.withStack()
 	}
 
 	return t, svc.db.Transaction(func() (err error) {
@@ -142,7 +147,7 @@ func (svc role) Update(mod *types.Role) (t *types.Role, err error) {
 	}
 
 	if !svc.ac.CanUpdateRole(svc.ctx, mod) {
-		return nil, ErrNoPermissions.withStack()
+		return nil, ErrNoUpdatePermissions.withStack()
 	}
 
 	// @todo: make sure archived & deleted entries can not be edited
@@ -171,19 +176,38 @@ func (svc role) Update(mod *types.Role) (t *types.Role, err error) {
 func (svc role) UniqueCheck(r *types.Role) (err error) {
 	var (
 		e *types.Role
+
+		checks = []struct {
+			query string
+			find  func(string) (*types.Role, error)
+			err   error
+		}{
+			// Checking scenario:
+			// if email/username/handle is found on another user, error is thrown
+			{r.Name, svc.FindByName, ErrRoleNameNotUnique},
+			{r.Handle, svc.FindByHandle, ErrRoleHandleNotUnique},
+		}
 	)
 
-	if e, _ = svc.FindByName(r.Name); e != nil && e.ID != r.ID {
-		return ErrUserUsernameNotUnque
-	}
+	for _, c := range checks {
+		if c.query == "" {
+			// Skip empty values
+			continue
+		}
 
-	if r.Handle != "" {
-		if e, _ = svc.FindByHandle(r.Handle); e != nil && e.ID != r.ID {
-			err = ErrUserHandleNotUnique
+		e, err = c.find(c.query)
+		if err == repository.ErrRoleNotFound {
+			// User not found, proceed to next check
+			continue
+		}
+
+		if e.ID > 0 && e.ID != r.ID {
+			// User found, throw configured error
+			return c.err
 		}
 	}
 
-	return
+	return nil
 }
 
 func (svc role) Delete(roleID uint64) error {

system/service/user.go

@@ -17,9 +17,9 @@ import (
 
 const (
 	ErrUserInvalidCredentials = serviceError("UserInvalidCredentials")
-	ErrUserHandleNotUnique    = serviceError("HandleNotUnique")
-	ErrUserUsernameNotUnque   = serviceError("UsernameNotUnque")
-	ErrUserEmailNotUnique     = serviceError("EmailNotUnique")
+	ErrUserHandleNotUnique    = serviceError("UserHandleNotUnique")
+	ErrUserUsernameNotUnique  = serviceError("UserUsernameNotUnique")
+	ErrUserEmailNotUnique     = serviceError("UserEmailNotUnique")
 	ErrUserLocked             = serviceError("UserLocked")
 )
 
@@ -145,7 +145,7 @@ func (svc user) Find(f types.UserFilter) (types.UserSet, types.UserFilter, error
 
 func (svc user) Create(input *types.User) (out *types.User, err error) {
 	if !svc.ac.CanCreateUser(svc.ctx) {
-		return nil, ErrNoPermissions.withStack()
+		return nil, ErrNoCreatePermissions.withStack()
 	}
 
 	return out, svc.db.Transaction(func() (err error) {
@@ -172,8 +172,10 @@ func (svc user) Update(mod *types.User) (u *types.User, err error) {
 		return
 	}
 
-	if mod.ID != internalAuth.GetIdentityFromContext(svc.ctx).Identity() && !svc.ac.CanUpdateUser(svc.ctx, u) {
-		return nil, ErrNoPermissions.withStack()
+	if mod.ID != internalAuth.GetIdentityFromContext(svc.ctx).Identity() {
+		if !svc.ac.CanUpdateUser(svc.ctx, u) {
+			return nil, ErrNoUpdatePermissions.withStack()
+		}
 	}
 
 	// Assign changed values
@@ -196,25 +198,39 @@ func (svc user) Update(mod *types.User) (u *types.User, err error) {
 func (svc user) UniqueCheck(u *types.User) (err error) {
 	var (
 		e *types.User
+
+		checks = []struct {
+			query string
+			find  func(string) (*types.User, error)
+			err   error
+		}{
+			// Checking scenario:
+			// if email/username/handle is found on another user, error is thrown
+			{u.Email, svc.FindByEmail, ErrUserEmailNotUnique},
+			{u.Username, svc.FindByUsername, ErrUserUsernameNotUnique},
+			{u.Handle, svc.FindByHandle, ErrUserHandleNotUnique},
+		}
 	)
 
-	if e, _ = svc.FindByEmail(u.Email); e != nil && e.ID != u.ID {
-		err = ErrUserEmailNotUnique
-	}
+	for _, c := range checks {
+		if c.query == "" {
+			// Skip empty values
+			continue
+		}
 
-	if u.Username != "" {
-		if e, _ = svc.FindByUsername(u.Username); e != nil && e.ID != u.ID {
-			return ErrUserUsernameNotUnque
+		e, err = c.find(c.query)
+		if err == repository.ErrUserNotFound {
+			// User not found, proceed to next check
+			continue
+		}
+
+		if e.ID > 0 && e.ID != u.ID {
+			// User found, throw configured error
+			return c.err
 		}
 	}
 
-	if u.Handle != "" {
-		if e, _ = svc.FindByHandle(u.Handle); e != nil && e.ID != u.ID {
-			err = ErrUserHandleNotUnique
-		}
-	}
-
-	return
+	return nil
 }
 
 func (svc user) UpdateWithAvatar(mod *types.User, avatar io.Reader) (out *types.User, err error) {

tests/system/auth_external_test.go

@@ -0,0 +1,9 @@
+package system
+
+import (
+	"testing"
+)
+
+func TestAuthExternal(t *testing.T) {
+	t.Skip("pending implementation")
+}

tests/system/auth_internal_test.go

@@ -0,0 +1,9 @@
+package system
+
+import (
+	"testing"
+)
+
+func TestAuthInternal(t *testing.T) {
+	t.Skip("pending implementation")
+}

tests/system/auth_test.go

@@ -0,0 +1,9 @@
+package system
+
+import (
+	"testing"
+)
+
+func TestAuth(t *testing.T) {
+	t.Skip("pending implementation")
+}

tests/system/organisation_test.go

@@ -0,0 +1,158 @@
+package system
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	jsonpath "github.com/steinfletcher/apitest-jsonpath"
+
+	"github.com/cortezaproject/corteza-server/system/repository"
+	"github.com/cortezaproject/corteza-server/system/types"
+	"github.com/cortezaproject/corteza-server/tests/helpers"
+)
+
+func (h helper) repoOrganisation() repository.OrganisationRepository {
+	return repository.Organisation(context.Background(), db())
+}
+
+func (h helper) repoMakeOrganisation(name string) *types.Organisation {
+	a, err := h.
+		repoOrganisation().
+		Create(&types.Organisation{Name: name})
+	h.a.NoError(err)
+
+	return a
+}
+
+func TestOrganisationRead(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+
+	a := h.repoMakeOrganisation("one-app")
+
+	h.apiInit().
+		Get(fmt.Sprintf("/organisation/%d", a.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		Assert(jsonpath.Equal(`$.response.name`, a.Name)).
+		Assert(jsonpath.Equal(`$.response.organisationID`, fmt.Sprintf("%d", a.ID))).
+		End()
+}
+
+func TestOrganisationList(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+
+	h.repoMakeOrganisation("app")
+	h.repoMakeOrganisation("app")
+
+	h.apiInit().
+		Get("/organisation/").
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+}
+
+func TestOrganisationCreateForbidden(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+
+	h.apiInit().
+		Post("/organisation/").
+		FormData("name", "my-app").
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("Not allowed to create organisation")).
+		End()
+}
+
+func TestOrganisationCreate(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+	h.allow(types.SystemPermissionResource, "organisation.create")
+
+	h.apiInit().
+		Post("/organisation/").
+		FormData("name", "my-app").
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+}
+
+func TestOrganisationUpdateForbidden(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+	a := h.repoMakeOrganisation("one-app")
+
+	h.apiInit().
+		Put(fmt.Sprintf("/organisation/%d", a.ID)).
+		FormData("name", "changed-name").
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("Not allowed to update organisation")).
+		End()
+}
+
+func TestOrganisationUpdate(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+	a := h.repoMakeOrganisation("one-app")
+	h.allow(types.OrganisationPermissionResource.AppendWildcard(), "update")
+
+	h.apiInit().
+		Put(fmt.Sprintf("/organisation/%d", a.ID)).
+		FormData("name", "changed-name").
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+
+	a, err := h.repoOrganisation().FindByID(a.ID)
+	h.a.NoError(err)
+	h.a.NotNil(a)
+	h.a.Equal(a.Name, "changed-name")
+}
+
+func TestOrganisationDeleteForbidden(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+	a := h.repoMakeOrganisation("one-app")
+
+	h.apiInit().
+		Delete(fmt.Sprintf("/organisation/%d", a.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("Not allowed to delete organisation")).
+		End()
+}
+
+func TestOrganisationDelete(t *testing.T) {
+	t.Skip("pending implementation")
+
+	h := newHelper(t)
+	h.allow(types.OrganisationPermissionResource.AppendWildcard(), "delete")
+
+	a := h.repoMakeOrganisation("one-app")
+
+	h.apiInit().
+		Delete(fmt.Sprintf("/organisation/%d", a.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+
+	a, err := h.repoOrganisation().FindByID(a.ID)
+	h.a.Error(err, "system.repository.OrganisationNotFound")
+}

tests/system/role_test.go

@@ -0,0 +1,146 @@
+package system
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	jsonpath "github.com/steinfletcher/apitest-jsonpath"
+
+	"github.com/cortezaproject/corteza-server/internal/rand"
+	"github.com/cortezaproject/corteza-server/system/repository"
+	"github.com/cortezaproject/corteza-server/system/types"
+	"github.com/cortezaproject/corteza-server/tests/helpers"
+)
+
+func (h helper) repoRole() repository.RoleRepository {
+	return repository.Role(context.Background(), db())
+}
+
+func (h helper) repoMakeRole(name string) *types.Role {
+	u, err := h.
+		repoRole().
+		Create(&types.Role{Name: name})
+	h.a.NoError(err)
+
+	return u
+}
+
+func TestRoleRead(t *testing.T) {
+	h := newHelper(t)
+
+	u := h.repoMakeRole(string(rand.Bytes(10)))
+
+	h.apiInit().
+		Get(fmt.Sprintf("/roles/%d", u.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		Assert(jsonpath.Equal(`$.response.name`, u.Name)).
+		Assert(jsonpath.Equal(`$.response.roleID`, fmt.Sprintf("%d", u.ID))).
+		End()
+}
+
+func TestRoleList(t *testing.T) {
+	h := newHelper(t)
+
+	h.repoMakeRole(h.randEmail())
+	h.repoMakeRole(h.randEmail())
+
+	h.apiInit().
+		Get("/roles/").
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+}
+
+func TestRoleCreateForbidden(t *testing.T) {
+	h := newHelper(t)
+
+	h.apiInit().
+		Post("/roles/").
+		FormData("name", string(rand.Bytes(10))).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("system.service.NoCreatePermissions")).
+		End()
+}
+
+func TestRoleCreate(t *testing.T) {
+	h := newHelper(t)
+	h.allow(types.SystemPermissionResource, "role.create")
+
+	h.apiInit().
+		Post("/roles/").
+		FormData("name", string(rand.Bytes(10))).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+}
+
+func TestRoleUpdateForbidden(t *testing.T) {
+	h := newHelper(t)
+	u := h.repoMakeRole(string(rand.Bytes(10)))
+
+	h.apiInit().
+		Put(fmt.Sprintf("/roles/%d", u.ID)).
+		FormData("email", h.randEmail()).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("system.service.NoUpdatePermissions")).
+		End()
+}
+
+func TestRoleUpdate(t *testing.T) {
+	h := newHelper(t)
+	u := h.repoMakeRole(string(rand.Bytes(10)))
+	h.allow(types.RolePermissionResource.AppendWildcard(), "update")
+
+	newName := "updated-" + string(rand.Bytes(10))
+
+	h.apiInit().
+		Debug().
+		Put(fmt.Sprintf("/roles/%d", u.ID)).
+		FormData("name", newName).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+
+	u, err := h.repoRole().FindByID(u.ID)
+	h.a.NoError(err)
+	h.a.NotNil(u)
+	h.a.Equal(newName, u.Name)
+}
+
+func TestRoleDeleteForbidden(t *testing.T) {
+	h := newHelper(t)
+	u := h.repoMakeRole(string(rand.Bytes(10)))
+
+	h.apiInit().
+		Delete(fmt.Sprintf("/roles/%d", u.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("system.service.NoPermissions")).
+		End()
+}
+
+func TestRoleDelete(t *testing.T) {
+	h := newHelper(t)
+	h.allow(types.RolePermissionResource.AppendWildcard(), "delete")
+
+	u := h.repoMakeRole(string(rand.Bytes(10)))
+
+	h.apiInit().
+		Delete(fmt.Sprintf("/roles/%d", u.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+
+	u, err := h.repoRole().FindByID(u.ID)
+	h.a.Error(err, "system.repository.RoleNotFound")
+}

tests/system/user_test.go

@@ -0,0 +1,150 @@
+package system
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	jsonpath "github.com/steinfletcher/apitest-jsonpath"
+	"github.com/titpetric/factory"
+
+	"github.com/cortezaproject/corteza-server/system/repository"
+	"github.com/cortezaproject/corteza-server/system/types"
+	"github.com/cortezaproject/corteza-server/tests/helpers"
+)
+
+func (h helper) randEmail() string {
+	return fmt.Sprintf("%d@test.tld", factory.Sonyflake.NextID())
+}
+
+func (h helper) repoUser() repository.UserRepository {
+	return repository.User(context.Background(), db())
+}
+
+func (h helper) repoMakeUser(email string) *types.User {
+	u, err := h.
+		repoUser().
+		Create(&types.User{Email: email})
+	h.a.NoError(err)
+
+	return u
+}
+
+func TestUserRead(t *testing.T) {
+	h := newHelper(t)
+
+	u := h.repoMakeUser(h.randEmail())
+
+	h.apiInit().
+		Get(fmt.Sprintf("/users/%d", u.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		Assert(jsonpath.Equal(`$.response.email`, u.Email)).
+		Assert(jsonpath.Equal(`$.response.userID`, fmt.Sprintf("%d", u.ID))).
+		End()
+}
+
+func TestUserList(t *testing.T) {
+	h := newHelper(t)
+
+	h.repoMakeUser(h.randEmail())
+	h.repoMakeUser(h.randEmail())
+
+	h.apiInit().
+		Get("/users/").
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+}
+
+func TestUserCreateForbidden(t *testing.T) {
+	h := newHelper(t)
+
+	h.apiInit().
+		Post("/users/").
+		FormData("email", h.randEmail()).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("system.service.NoCreatePermissions")).
+		End()
+}
+
+func TestUserCreate(t *testing.T) {
+	h := newHelper(t)
+	h.allow(types.SystemPermissionResource, "user.create")
+
+	h.apiInit().
+		Post("/users/").
+		FormData("email", h.randEmail()).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+}
+
+func TestUserUpdateForbidden(t *testing.T) {
+	h := newHelper(t)
+	u := h.repoMakeUser(h.randEmail())
+
+	h.apiInit().
+		Put(fmt.Sprintf("/users/%d", u.ID)).
+		FormData("email", h.randEmail()).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("system.service.NoUpdatePermissions")).
+		End()
+}
+
+func TestUserUpdate(t *testing.T) {
+	h := newHelper(t)
+	u := h.repoMakeUser(h.randEmail())
+	h.allow(types.UserPermissionResource.AppendWildcard(), "update")
+
+	newEmail := "updated-" + u.Email
+
+	h.apiInit().
+		Debug().
+		Put(fmt.Sprintf("/users/%d", u.ID)).
+		FormData("email", newEmail).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+
+	u, err := h.repoUser().FindByID(u.ID)
+	h.a.NoError(err)
+	h.a.NotNil(u)
+	h.a.Equal(newEmail, u.Email)
+}
+
+func TestUserDeleteForbidden(t *testing.T) {
+	h := newHelper(t)
+	u := h.repoMakeUser(h.randEmail())
+
+	h.apiInit().
+		Delete(fmt.Sprintf("/users/%d", u.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertError("system.service.NoPermissions")).
+		End()
+}
+
+func TestUserDelete(t *testing.T) {
+	h := newHelper(t)
+	h.allow(types.UserPermissionResource.AppendWildcard(), "delete")
+
+	u := h.repoMakeUser(h.randEmail())
+
+	h.apiInit().
+		Delete(fmt.Sprintf("/users/%d", u.ID)).
+		Expect(t).
+		Status(http.StatusOK).
+		Assert(helpers.AssertNoErrors).
+		End()
+
+	u, err := h.repoUser().FindByID(u.ID)
+	h.a.Error(err, "system.repository.UserNotFound")
+}