viraxslot / online-school-app Goto Github PK

Steps to reproduce
Teacher created course (id: {{courseIdForMaterials}})
Post {{host}}/api/v1/courses

{
  "title": "How to create test cases1 {{coursePostfix}}",
  "description": "Basic course about test design technique",
  "visible": true,
  "categoryId": {{categoryIdForMaterial}}
}

Teacher 2 tries to add a material in teacher's course
POST {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials
Request Body

{
  "title": "Additional material {{materialPostfix}}",
  "data": "stringstri",
  "order": 0
}

Actual behavior

1. Status code is 200
2. Response time is less than 1000 ms
3. Teacher 2 added a new material in the teacher's course

Expected behavior

1. Status code is 403
2. Response time is less than 1000 ms
3. Teacher 2 can't add a new material in the teacher's course
4. The error text message ("You're not owner of this course, you can't change/remove it") is correct
   Screenshots
   If applicable, add screenshots to help explain your problem.
   
   
   

Steps to reproduce

1. Log-in as Admin
2. Send POST query to
   http://qa-school-test.quantori.academy/api/v1/categories
   with body {}

Actual behavior

{
    "errors": [
        {
            "msg": "Please send required fields: title",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Parameter should be a string",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Minimum category length is: 3",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Only RU/EN alphabet, space and digits allowed, please change your request",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "You are not allowed to use spaces only",
            "param": "title",
            "location": "body"
        }
    ]
}

Expected behavior

{
      "errors": [
         {
            "msg": "Please send required fields: title",
            "param": "title",
            "location": "body"
         }
      ]
}

Screenshots

Steps to reproduce
admin unban previously banned student/teacher/admin

Actual behavior
string reason: empty

Expected behavior
string reason: = string reason in request body

Steps to reproduce

1. Post - login as admin
2. Post - Create category
3. Post - Login as teacher
4. Post - create a course
5. Patch - change a course

Actual behavior
500 - internal server error
"errors": "Unable to change course: SequelizeUniqueConstraintError: Validation error"
}

Expected behavior

course title and description should be changed

Screenshots
If applicable, add screenshots to help explain your problem.

*Pre-conditions

There exists authenticated Student role user with valid credentials with existing and not-expired Bearer token "StudentToken".
There exist created visible and hidden courses

Steps to reproduce
Send request:
Method "GET"
Endpoint: with http://qa-school-test.quantori.academy/api/v1/courses

Test response json array for presence of hidden courses

Actual behavior
Response body array contains hidden courses

Expected behavior
User is not supposed to see hidden courses in the list
Screenshots
If applicable, add screenshots to help explain your problem.

Steps to reproduceLog-in as admin, create course, login as teacher, change admin's course with 'patch' method.

Actual behavior 404 Not Found with "errors": "Unable to find course record(s)"

Expected behavior 403 Forbidden

Screenshots
If applicable, add screenshots to help explain your problem.

Pre-conditions
There exists student role user with valid credentials, user is logged in and Bearer Token "Student Token" is generated
There exists Course Category and course with CourseId="1"
User has previously put reaction (like or dislike) to the course
Steps to reproduce
In Postman collection click "Add request"
Name request, e.g. "Repeated reaction"
in Auth Tab choose Bearer Token from droplist, and type in "StudentToken" into text field
In Body tab choose "raw" and "json" from droplists respectively.
Send POST request to http://qa-school-test.quantori.academy/api/v1/courses/1/like/yes (http://qa-school-test.quantori.academy/api/v1/courses/1/like/no respectively)

Actual behavior
Response code 200
Json body :{
"result": "You've liked the course"
}

Expected behavior
Response code 400
Error message: "You have previously liked/disliked the course"

Screenshots

Steps to reproduce
Working in postman execute comands below using admin user credentials.

POST http://qa-school-test.quantori.academy/api/v1/categories

{
"title": " "
}

Actual behavior
Code 200 : New category is created

Expected behavior
Code 400: Error message like: ‘Using only space forbidden’ and the list of valuable parameters.
Screenshots

Description:
When NoAuth user tries to remove a course created by user with teacher role, wrong response code and error message are shown.

Pre-conditions:

1. There is at least one active user with admin role;
2. There is at least one active user with teacher role

Steps to reproduce:

1. Login to active user with admin role account;
2. Save access token for admin;
3. Create a new category by POST request (http://qa-school-test.quantori.academy/api/v1/categories) using saved admin access token, input in request body is:
   {"title": "string"}, with 'title' being a string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits);
4. Save the newly created category id to use in following request;
5. Login to active user with teacher role account;
6. Save access token for teacher;
7. Create a new course by POST request (http://qa-school-test.quantori.academy/api/v1/courses) using saved teacher access token, input in request body is:
   {"title": "string",
   "description": "string",
   "visible": true,
   "categoryId": 0},
   with 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'visible' being boolean, 'categoryId' being the id of the category created on the step 3;
8. Save the newly created course id to use in following request;
9. Try making DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}), where courseId is id of the course created on step 7, using No Auth authorization type

Post-conditions:

1. Delete the course created on step 7 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}) using teacher access token
2. Delete the category created on step 3 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{categoryId}) using admin access token

Actual behavior:

1. Response code is 400 Bad request
2. Error message is shown: "error": "There is no such endpoint! Please check the requested URL or Method. API docs can be found at /api/v1/api-docs"

Expected behavior:

1. Code 401 Unauthorized
2. Error message is shown: "error": "Unauthorized"

Screenshots

Description:
When admin user tries to remove the course, created by another admin, the course is successfully removed, no error messages are shown.

Pre-conditions:
There is at least two active users with admin role (here admin1 and admin2);

Steps to reproduce:

1. Login to admin1;
2. Save access token for admin1;
3. Create a new category by POST request (http://qa-school-test.quantori.academy/api/v1/categories) using saved admin1 access token, input in request body is: {"title": "string"}, with 'title' being a string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits);
4. Save the newly created category id to use in following request;
5. Login to admin2 account;
6. Save access token for admin2;
7. Create a new course by POST request (http://qa-school-test.quantori.academy/api/v1/courses) using saved admin2 access token, input in request body is: {"title": "string", "description": "string", "visible": true, "categoryId": 0}, with 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'visible' being boolean, 'categoryId' being the id of the category created on the step 3;
8. Save the newly created course id to use in following request as dynamic variable {{courseId}};
9. Try making DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{{courseId}}), using saved admin1 access token and {{courseId}} variable.

Post-conditions:

1. Delete the course created on step 7 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}) using admin2 access token;
2. Make sure, course is deleted;
3. Delete the category created on step 3 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{categoryId}) using admin1 access token;
4. Make sure, category is deleted

Actual behavior:

1. Response code is 200 Ok
2. No error message is shown
3. Following message is shown in response body: {"result": "Success: record was removed."}

Expected behavior:

1. Code 403 Unauthorized
2. Error message is shown: 'You're not owner of this course, you can't change/remove it'
3. Course is not removed

Screenshots

Steps to reproduce
curl --location --request POST 'http://qa-school-test.quantori.academy/api/v1/categories'
--header 'Authorization: Bearer your token'
--header 'Content-Type: application/json'
--data-raw '{
"title": "Title!@#$%^&*(#)"
}'
Actual behavior
{
"errors": [
{
"value": "Title!",
"msg": "Only RU/EN alphabet and digits allowed, please change your request",
"param": "title",
"location": "body"
}
]
}

Category with the title was not created

Expected behavior
Category with the title was created
I think special symbols should be allowed.
Screenshots

Is your feature request related to a problem? Please describe.
Actual implementation is so, that error message is shown when not allowed characters are used saying: "Only RU/EN alphabet and digits allowed". It seems to me, that category title field could include terms or short phrases, that would need more allowed special characters, so in actual implementation amount of allowed characters seems not to be enough. Besides, spaces are allowed, but not mentioned in error message as allowed characters.

Describe the solution you'd like
I propose allowing for category title field following characters: hyphen, apostrophe, comma, period, colon, slash, & (they seem to may be needed most often), and making error message about allowed characters consistent with changes and actual implementation (spaces are allowed).

Describe alternatives you've considered
The exact number and content of newly allowed characters may vary depending on which terms exactly would be possible to be used in title field (some characters may be deleted from proposed list or added to it).

Description:
When admin user tries to change the course, created by another admin, unexpected code 404 not found and error message ('Unable to find course record(s)') are shown.

Pre-conditions:

There is at least two active users with admin role (here admin1 and admin2);

Steps to reproduce:

1. Login to admin1;
2. Save access token for admin1;
3. Create a new category by POST request (http://qa-school-test.quantori.academy/api/v1/categories) using saved admin1 access token, input in request body is:
   {"title": "string"}, with 'title' being a string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits);
4. Save the newly created category id to use in following request;
5. Login to admin2 account;
6. Save access token for admin2;
7. Create a new course by POST request (http://qa-school-test.quantori.academy/api/v1/courses) using saved admin2 access token, input in request body is:
   {"title": "string",
   "description": "string",
   "visible": true,
   "categoryId": 0},
   with 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'visible' being boolean, 'categoryId' being the id of the category created on the step 3;
8. Save the newly created course id to use in following request;
9. Try making PATCH request (http://qa-school-test.quantori.academy/api/v1/courses), using saved admin1 access token, input in request body is:
   { "id": 0,
   "title": "string",
   "description": "string",
   "categoryId": 0},
   with 'id' being the id of the course created on the step 7, 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'categoryId' being the id of the category created on the step 3

Post-conditions:

1. Delete the course created on step 7 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}) using admin2 access token;
2. Make sure, course is deleted;
3. Delete the category created on step 3 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{categoryId}) using admin1 access token;
4. Make sure, category is deleted

Actual behavior:

1. Response code is 404 Not found
2. Error message 'Unable to find course record(s)' is shown
3. Course is not changed

Expected behavior:

1. Code 403 Unauthorized
2. Error message is shown: 'You're not owner of this course, you can't change/remove it'
3. No changes applied to the course

Screenshots

Is your feature request related to a problem? Please describe.
Now title of new course must be unique even in different categories. But in future there may be two 'course 1' in categories 'math' and 'biology' due to teachers' preferences. Plus it's more difficult to make testing automation. (I added admin delete category for removing of all courses in the end)

Describe the solution you'd like
Availability of creating cources with the same title BUT in different categories.

1. Authorize as a teacher.
2. Create a request to http://qa-school-test.quantori.academy/api/v1/courses:
   {
   "title": "-(0 фыв {{$randomBankAccountBic}}",
   "description": "йцу {{$randomBankAccountBic}}",
   "categoryId": 62
   }
3. Send PATCH request to http://qa-school-test.quantori.academy/api/v1/courses.

Actual behavior
{
"errors": "Unable to change course: SequelizeUniqueConstraintError: Validation error"
}

Expected behavior
{
"errors": [
{
"msg": "Parameter should be boolean",
"param": "visible",
"location": "body"
}
]
}

Screenshots

Pre-conditions
There exists valid teacher role account with valid credentials
There exists category with "categoryId"=1
There exists course with "id"=1 and title "zagolovok"
Steps to reproduce
In Postman create collection, e.g. "Bug report"
Click "Add request"
Name request, e.g. "teacher login"
Type in 'Body':

{
"username": "teacher",
"password": "************"
}

Create teacher Token by typing in 'Tests':
const body = pm.response.json()
pm.environment.set('teacherToken', body.accessToken)

Send POST request to http://qa-school-test.quantori.academy/api/v1/session

Click "Add request"
Name request, e.g. "invalid course description"
Test case1 "499 char":
Type into Body :

{
"id": "1",
"title": "zagolovok1",
"description": "descriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptioriptiodescriptiodes",
“visible”: "true",
“categoryId”: "1"
}
For test case2 "500 char length":
{
"id": "1",
"title": "zagolovok1",
"description": "descriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptioriptiodescriptiodess",
“visible”: "true",
“categoryId”: "1"
}
Send Patch request to http://qa-school-test.quantori.academy/api/v1/courses

Actual result:
Code 500
Error message text:""errors": "Unable to create course: SequelizeDatabaseError: value too long for type character varying(255)""

Expected result:
Code 200
User should be able to change course with description length below 500 characters.

Screenshot:

Is your feature request related to a problem? Please describe.
It is now implemented, that PATCH request for a course if PATCH request values equal initial values, get as a result code 200 Ok and response body in which all the initial values are returned (initial course is created and then being changed by the same teacher user).

Describe the solution you'd like
Please consider adding an error message, saying that no changes have been applied, and changing response code to 400.

Describe alternatives you've considered
Actual implementation seems to be an alternative variant, but I propose, that in some way, user should be informed about whether the values are being changed or not.

Additional context

Teacher created course (course id: {{courseIdForMaterials}})
POST {{host}}/api/v1/courses
Request Body
{
"title": "How to create test cases1 {{coursePostfix}}",
"description": "Basic course about test design technique",
"visible": true,
"categoryId": {{categoryIdForMaterial}}
}
Teacher added a material in this course
POST {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials
{
"title": "Additional material {{materialPostfix}}",
"data": "stringstri",
"order": 5
}
Id the created material was saved in environment {{aterialIdTeacherToDelete}}

Teacher 2 tries to delete by id the teacher's material
DELETE {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials/{{MaterialIdTeacherToDelete}}

Tests:
pm.test("Status code is 403", function () {
pm.response.to.have.status(403);
});

pm.test("Response time is less than 1000ms", function () {
pm.expect(pm.response.responseTime).to.be.below(1000);
});
pm.test("Check the text error message is correct", function () {
const jsonData = pm.response.json();
pm.expect(jsonData.errors).equal("You're not owner of this course, you can't change/remove it")
});
Actual behavior

1. Status code is 200
2. Response time is less than 1000ms
3. Teacher 2 deleted the teacher's material by id
   {
   "result": "Success: record was removed."
   }

Expected behaviour

1. Teacher 2 doesn't manage to delete by id the teacher's material
2. Statuse code is 403
3. Response time is less than 1000ms
4. The text error message ("You're not owner of this material, you can't change/remove it") is correct

Screenshots
If applicable, add screenshots to help explain your problem.

Is your feature request related to a problem? Please describe.
In actual implementation categories seem to be managed one at the time only. It may be not convenient for situations when several or many categories would be needed to be managed at the same time (created, deleted, changed).

Describe the solution you'd like
I propose implementing ability for users with admin roles to manage several categories at the same time with the same action (creating, deleting, changing).

Is your feature request related to a problem? Please describe.
Student users can like/dislike courses which are hidden.

Describe the solution you'd like
I think it would be better to forbid these actions for users when courses are not visible for them.

*Pre-conditions
There exists authenticated Student role user with valid credentials with existing and not-expired Bearer token "StudentToken"
There exists hidden course with "id"=1
Steps to reproduce
Send request:
Method "GET"
Endpoint: with http://qa-school-test.quantori.academy/api/v1/courses/1

Test response json for presence of "false" in "visible"

Actual behavior
Course details are displayed and Response body contains "false".
Expected behavior
User is not supposed to see details of hidden course
Screenshots

Is your feature request related to a problem? Please describe.
In actual implementation maximal allowed length for category title is 100 characters. It seems like such long names may look not very nice in categories list, especially if UI would be implemented later with user access to categories list.

Describe the solution you'd like
I propose changing max title length to 60-70 characters, which seems to be enough for most purposes.

Describe alternatives you've considered
Another length may be considered based on actual knowledge of what kind of titles may be used in a system.

Steps to reproduce
Admin added new material in his course (courseId: {{courseIdForMaterialsAdmin}}, title: Additional material {{materialPostfix}}, data: "New test desidn techniques", order: 3;) POST {{host}}/api/v1/courses/{{courseIdForMaterialsAdmin}}/materials
Admin saved in environment title of material as {{NotUniqueTitle}}

Admin tries to add new material with title which are existed
Post {{host}}/api/v1/courses/{{courseIdForMaterialsAdmin}}/materials
Body request:

{
"title": "{{NotUniqueTitle}}",
"data": "New test desidn techniques",
"order": 3
}

Tests:

pm.test("Status code is 403", function () {
pm.response.to.have.status(403);
});

pm.test("Response time is less than 1000ms", function () {
pm.expect(pm.response.responseTime).to.be.below(1000);
});

pm.test("Check the text error of is correct", function () {
const jsonData = pm.response.json();
pm.expect(jsonData.error).equal("Title of material should be unique")
});

Actual behaviour

1. Status code is 200
2. Response time is less than 1000 ms
3. New material with not unique title was added

Expected behaviour
Status code is 403

1. Response time is less than 1000 ms
2. New material with not unique title wasn't added
3. Error message (Title of material should be unique) is correct

Screenshots
If applicable, add screenshots to help explain your problem.

Description:
When student user tries to remove a course created by user with teacher role, wrong response code and error message are shown.

Pre-conditions:

1. There is at least one active user with admin role;
2. There is at least one active user with teacher role;
3. There is at least one active user with student role

Steps to reproduce:

1. Login to active user with admin role account;
2. Save access token for admin;
3. Create a new category by POST request (http://qa-school-test.quantori.academy/api/v1/categories) using saved admin access token, input in request body is:
   {"title": "string"}, with 'title' being a string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits);
4. Save the newly created category id to use in following request;
5. Login to active user with teacher role account;
6. Save access token for teacher;
7. Create a new course by POST request (http://qa-school-test.quantori.academy/api/v1/courses) using saved teacher access token, input in request body is:
   {"title": "string",
   "description": "string",
   "visible": true,
   "categoryId": 0},
   with 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'visible' being boolean, 'categoryId' being the id of the category created on the step 3;
8. Save the newly created course id to use in following request;
9. Login to active user with student role account;
10. Save access token for student;
11. Try making DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}), where courseId is id of the course created on step 7, using student access token

Post-conditions:

1. Delete the course created on step 7 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}) using teacher access token
2. Delete the category created on step 3 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{categoryId}) using admin access token

Actual behavior:

1. Response code is 400 Bad request
2. Error message is shown: "error": "There is no such endpoint! Please check the requested URL or Method. API docs can be found at /api/v1/api-docs"

Expected behavior:

1. Code 403 Forbidden
2. Error message is shown: "error": "This action is forbidden for role student"

Screenshots

Pre-conditions
There exists valid admin role account with valid credentials and generated token
There exists course entitled "teacher1" created by teacher role with "id"=1 in "categoryId"=1

Steps to reproduce
In Postman create collection, e.g. "testing";
Click "Add request";
Name request, e.g. "change course by admin":
Choose "Bearer Token" in Auth tab;
Type in admin token in "Token" text field;
Choose "raw"and "json" in droplists in 'Body' tab;
Type into "Body" text field json request:

{
"id": "1",
"title": "other",
"description": "xxx",
"visible": "true",
"categoryId": "1"
}

Send PATCH request to http://qa-school-test.quantori.academy/api/v1/courses

Actual result:
Code 404
Json response body is:
{
"errors": "Unable to find course record(s)"
}

Expected result:
Code 200
Admin user should be able to make changes in course.

Screenshots

Steps to reproduce
Teacher 2 created course (id: {{createdTeacher2courseIdforChanging}})
Teacher 2 can find this course using id,

Teacher tries to change this course
Patch{{host}}/api/v1/courses

Request Body:
{
"id": {{createdTeacher2courseIdforChanging}},
"title": "New name of course How to create test cases 1656069936 {{coursePostfix}}",
"description": "Basic course about test design technique",
"visible": true,
"categoryId": {{categoryId}}
}
Tests:
pm.test("Status code is 403", function () {
pm.response.to.have.status(403);
});

pm.test("Response time is less than 1000ms", function () {
pm.expect(pm.response.responseTime).to.be.below(1000);
});

pm.test("Error message is correct", function () {
const body = pm.response.json()
pm.expect(body.errors).to.equal("You're not owner of this course, you can't change/remove it")
});

Actual behavior
Status code: 404 Not Found
{
"errors": "Unable to find course record(s)"
}
Response time is less than 1000
Expected behavior
Status code: 403
Error: You're not owner of this course, you can't change/remove it
Response time is less than 1000
Screenshots
If applicable, add screenshots to help explain your problem.

Steps to reproduce

1. Post - login as admin.
2. Post - create a teacher
3. Get - list of teachers
4. Ban a user (teacher) by id
5. Unban a user by id

Actual behavior

There is no info about the reason and who unbanned

POST {{host}}/api/v1/change-user-ban?userId=88&ban=false
body
{
"reason": "just a wish"
}

response body

{
"result": "User successfully unbanned",
"isBanned": false,
"userId": 88,
"reason": "empty",
"createdBy": ""
}

Expected behavior
"reason" string should be filled like in the request body and "created by" string should be filled with admin name

Screenshots

1. Authorize as a teacher.
2. Send GET request to http://qa-school-test.quantori.academy/api/v1/courses. Choose one of the existed course title.
3. Send PATCH request to http://qa-school-test.quantori.academy/api/v1/courses with existed course title.

Actual behavior
{
"errors": "Unable to change course: SequelizeUniqueConstraintError: Validation error"
}

Expected behavior
{
"errors": "title should be unique"
}

Screenshots

Description:
When teacher user tries to change a course without 'visible' field in request, course is successfully changed with code 200 and no error message.

Pre-conditions:

1. There is at least one active user with admin role;
2. There is at least one active user with teacher role;

Steps to reproduce:

1. Login to active user with admin role account;
2. Save access token for admin;
3. Create a new category by POST request (http://qa-school-test.quantori.academy/api/v1/categories) using saved admin access token, input in request body is:
   {"title": "string"}, with 'title' being a string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits);
4. Save the newly created category id to use in following request;
5. Login to active user with teacher role account;
6. Save access token for teacher;
7. Create a new course by POST request (http://qa-school-test.quantori.academy/api/v1/courses) using saved teacher access token, input in request body is:
   {"title": "string",
   "description": "string",
   "visible": true,
   "categoryId": 0},
   with 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'visible' being boolean, 'categoryId' being the id of the category created on the step 3;
8. Save the newly created course id to use in following request;
9. Try making PATCH request (http://qa-school-test.quantori.academy/api/v1/courses), using saved teacher access token, input in request body is:
   { "id": 0,
   "title": "string",
   "description": "string",
   "categoryId": 0},
   with 'id' being the id of the course created on the step 7, 'title' being string of valid length (3-100) and allowed characters (RU/EN alphabet, space, digits), 'description' being string of valid length (3-255 as implemented at the moment), 'categoryId' being the id of the category created on the step 3

Post-conditions:

1. Delete the course created on step 7 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{courseId}) using teacher access token;
2. Make sure, course is deleted;
3. Delete the category created on step 3 by DELETE request (http://qa-school-test.quantori.academy/api/v1/courses/{categoryId}) using admin access token;
4. Make sure, category is deleted

Actual behavior:

1. Response code is 200 Ok
2. No error message is shown
3. Course is successfully changed

Expected behavior:

1. Code 400 Bad request
2. Error message is shown: "errors":
   [{ "msg": "Parameter should be boolean",
   "param": "visible",
   "location": "body"}]
3. No changes applied to the course

Screenshots

Steps to reproduce
Teacher created course (course id: {{courseIdForMaterials}})
POST {{host}}/api/v1/courses
Request Body

{
  "title": "How to create test cases1 {{coursePostfix}}",
  "description": "Basic course about test design technique",
  "visible": true,
  "categoryId": {{categoryIdForMaterial}}
}

Teacher added a material in this course
POST {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials

{
  "title": "Additional material {{materialPostfix}}",
  "data": "stringstri",
  "order": 2
}

Id the created material was saved in environment {{MaterialIdTeacher}}

Admin tries to change the teacher's material
PATCH {{host}}/api/v1/courses/{{CourseIdForChangingTeacher}}
Request Body

{
  "id": {{MaterialIdTeacher}},
  "title": "New title {{coursePostfix}}",
  "data": "Test Design techniques 12345",
  "order": 2
}

Tests:

pm.test("Status code is 403", function () {
    pm.response.to.have.status(403);
});

pm.test("Response time is less than 1000ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(1000);
});
pm.test("Error message is correct", function () {
    const body = pm.response.json()
    pm.expect(body.errors).to.equal("You\'re not owner of this material, you can\'t change/remove it")
});

Actual behavior

1. {
   "errors": "Unable to find course record(s)"
   }
2. Status code is 404
3. Response time is less than 1000ms

Expected behavior

1. Statuse code is 403
2. Response time is less than 1000ms
3. The text error message ("You're not owner of this material, you can't change/remove it") is correct
   Screenshots
   If applicable, add screenshots to help explain your problem.
   
   

Steps to reproduce
Teacher added new material in his course (courseId: {{courseIdForMaterials}})
Post {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials
Body Request
{
"title": "QA school{{categoryPostfix}}",
"data": " ",
"order": 2
}
Tests
pm.test("Status code is 400", function () {
pm.response.to.have.status(400);
});

pm.test("Response time is less than 1000ms", function () {
pm.expect(pm.response.responseTime).to.be.below(1000);
});

pm.test("Check the error message is correct", function () {
const jsonData = pm.response.json();
pm.expect(jsonData.errors[0].msg).equal("You are not allowed to use spaces only")
});
Actual behavior

1. Status code is 200
2. Response time is less than 1000 ms
3. New material with data which contains spaces only was added
   Expected behavior
4. Status code is 400
5. Response time is less than 1000 ms
6. New material with data which contains spaces only wasn't added
7. The error text ("You are not allowed to use spaces only") is correct
   Screenshots
   If applicable, add screenshots to help explain your problem.
   
   

Pre-conditions
There exists valid teacher role account with valid credentials
There exists category with "categoryId"=1
Steps to reproduce
In Postman create collection, e.g. "Bug report"
Click "Add request"
Name request, e.g. "teacher login"
Type in 'Body':

{
"username": "teacher",
"password": "************"
}

Create teacher Token by typing in 'Tests':
const body = pm.response.json()
pm.environment.set('teacherToken', body.accessToken)

Send POST request to http://qa-school-test.quantori.academy/api/v1/session

Click "Add request"
Name request, e.g. "invalid course description"
Test case1 "499 char":
Type into Body :

{
“title”: “QA course 1",
“description”: "descriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptioriptiodescriptiodes",
“visible”: "true",
“categoryId”: "1"
}
For test case2 "500 char length":
{
“title”: “QA course 1",
“description”: "descriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptiodescriptioriptiodescriptiodess",
“visible”: "true",
“categoryId”: "1"
}
Send Post request to http://qa-school-test.quantori.academy/api/v1/courses

Actual result:
Code 500
Error message text:""errors": "Unable to create course: SequelizeDatabaseError: value too long for type character varying(255)""

Expected result:
Code 200
User should be able to create course with description length below 500 characters.

Screenshot:

Steps to reproduce

1. In Postman create collection, e.g. "Bug report"
2. Click "Add request"
3. Name request, e.g. "admin login"
4. Type in Body:
   {
   "username": "admin",
   "password": "************"
   }
5. Create admin Token by typing in Tests: const body = pm.response.json()
   pm.environment.set('adminToken', body.accessToken)
6. Send POST request to http://qa-school-test.quantori.academy/api/v1/session
7. Click "Add request"
8. Name request, e.g. "invalid alphabet"
9. Type into Body :
   {
   "title": "éèçò"
   }
10. Insert Bearer Token "adminToken" into Auth
11. Insert to Tests:
    pm.test("Error text is correct", function () {
    const body = pm.response.json()
    pm.expect(body.errors[0].msg).to.equal("Only RU/EN alphabet, space and digits allowed, please change your request");
    });
12. Send Post request to http://qa-school-test.quantori.academy/api/v1/categories
    Actual behavior
    Error message text states: "errors": "Only RU/EN alphabet and digits allowed, please change your request"
    Expected behavior
    Error message text should state:"errors": "Only RU/EN alphabet, space and digits allowed, please change your request"
    Screenshots
    If applicable, add screenshots to help explain your problem.
    

Steps to reproduce

1. Authorize by student role
2. Send post request http://qa-school-test.quantori.academy/api/v1/courses without body

Actual behavior

{
    "errors": [
        {
            "msg": "Please send required fields: title",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Parameter should be a string",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Minimum category length is: 3",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Only RU/EN alphabet, space and digits allowed, please change your request",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "You are not allowed to use spaces only",
            "param": "title",
            "location": "body"
        }
    ]
}

Expected behavior

{
    "errors": "This action is forbidden for role student"
}

Pre-conditions

There exists student role user with valid credentials, user is logged in and Bearer Token "Student Token" is generated
There exists Course Category and course with CourseId="1"
User has not previously put reaction (like or dislike) to the course

Steps to reproduce

In Postman collection click "Add request"
Name request, e.g. "Repeated reaction"
in Auth Tab choose Bearer Token from droplist, and type in "StudentToken" into text field
Send POST request to http://qa-school-test.quantori.academy/api/v1/courses/1/like/remove

Actual behavior

Response code 200
Json body :{
"result": "You've removed your like/dislike from the course"
}

Expected behavior

Response code 400
Error message: "You've not previously left a reaction for this course"

Steps to reproduce

Steps to reproduce

1. In Postman create collection, e.g. "Bug report"
2. Click "Add request"
3. Name request, e.g. "admin login"
4. Type in Body:
   {
   "username": "admin",
   "password": "************"
   }
5. Create admin Token by typing in Tests: const body = pm.response.json()
   pm.environment.set('adminToken', body.accessToken)
6. Send POST request to http://qa-school-test.quantori.academy/api/v1/session
7. Click "Add request"
8. Name request, e.g. "empty title"
9. Type into Body :
   {
   "title": ""
   }
10. Insert Bearer Token "adminToken" into Auth
11. Insert to Tests:
    pm.test("Error text is correct", function () {
    const body = pm.response.json()
    pm.expect(body.errors[0].msg).to.equal("Only RU/EN alphabet, space and digits allowed, please change your request");
    });
12. Send Post request to http://qa-school-test.quantori.academy/api/v1/categories

Actual behavior
Error message text states: "errors": "Only RU/EN alphabet and digits allowed, please change your request"
Expected behavior
Error message text should state:"errors": "Only RU/EN alphabet, space and digits allowed, please change your request"
Screenshots
If applicable, add screenshots to help explain your problem.

There is no any error message if we create category with extra field. Category is created but all extras just disappear. I think, the user should know if some of the entered information is not saved

Steps to reproduce

1. Login as admin
2. Create category with extra information or fields

{
  "title": "string",
  "extra": "string"
}

3. Send request

Actual behavior
New category is created, extra fields and information disappear

Expected behavior
Error message

Screenshots

It should be possible to change fields 1 by 1.

Teacher created course (course id: {{courseIdForMaterials}})
POST {{host}}/api/v1/courses
Request Body
{
"title": "How to create test cases1 {{coursePostfix}}",
"description": "Basic course about test design technique",
"visible": true,
"categoryId": {{categoryIdForMaterial}}
}
Teacher added a material in this course
POST {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials
{
"title": "Additional material {{materialPostfix}}",
"data": "stringstri",
"order": 2
}
Id the created material was saved in environment {{MaterialIdTeacher}}

Teacher 2 tries to change the teacher's material
PATCH {{host}}/api/v1/courses/{{CourseIdForChangingTeacher}}/materials
Request Body
{
"id": {{MaterialIdTeacher}},
"title": "New title {{coursePostfix}}",
"data": "Test Design techniques 12345",
"order": 2
}
Tests:
pm.test("Status code is 403", function () {
pm.response.to.have.status(403);
});

pm.test("Response time is less than 1000ms", function () {
pm.expect(pm.response.responseTime).to.be.below(1000);
});
pm.test("Error message is correct", function () {
const body = pm.response.json()
pm.expect(body.errors).to.equal("You're not owner of this material, you can't change/remove it")
});
Actual behavior

1. Status code is 200
2. Response time is less than 1000ms
3. Expected behavior
4. Teacher 2 changed the teacher's material

Expected behaviour

1. Statuse code is 403
2. Response time is less than 1000ms
3. The text error message ("You're not owner of this material, you can't change/remove it") is correct
4. Teacher 2 doesn't manage to change the teacher's material
   Screenshots
   If applicable, add screenshots to help explain your problem.
   
   
   

Steps to reproduce
admin created category and course,
teacher can find this course using id,
teacher tries to change the course using it's id

{
"id": {{adm-courseid}},
"title": "st csdg",
"description": " dfvg",
"visible": true,
"categoryId": {{categoryid}}
}

Actual behavior

code: 404
"errors": "Unable to find course record(s)"
}
Expected behavior

code: 403
pm.test("Body matches You're not owner of this course, you can't change/remove it", function () {
pm.expect(pm.response.text()).to.include("You're not owner of this course, you can't change/remove it");

Screenshots

Steps to reproduce

1. Teacher added new material in his course (courseId: {{courseIdForMaterials}}, title: Additional material {{materialPostfix}}, data: "data of material. New", order: 3;) POST {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials
2. Teacher saved in environment title of material as {{NotUniqueTitleTeacher}}

Teacher tries to add new material with title which are existed
Post {{host}}/api/v1/courses/{{courseIdForMaterials}}/materials
Body request:

{
  "title": "{{NotUniqueTitleTeacher}}",
  "data": "data of material. New",
  "order": 3
}

Tests:

pm.test("Status code is 403", function () {
    pm.response.to.have.status(403);
});

pm.test("Response time is less than 1000ms", function () {
    pm.expect(pm.response.responseTime).to.be.below(1000);
});

pm.test("Check the text error of is correct", function () {
    const jsonData = pm.response.json();
    pm.expect(jsonData.error).equal("Title of material should be unique")
});

Actual behavior

1. Status code is 200
2. Response time is less than 1000 ms
3. New material with not unique title was added

Expected behavior

1. Status code is 403
2. Response time is less than 1000 ms
3. New material with not unique title wasn't added
4. Error message (Title of material should be unique) is correct
   Screenshots
   If applicable, add screenshots to help explain your problem.

Steps to reproduce

1. Create a collection on Postman
2. Click on the “add request” button
3. Use the POST method to call a request http://qa-school-test-api.quantori.academy/api/v1/session
4. Enter the following “string” in the “Body” in the following order
   • {
   “username”: “admin”,
   “password”: “1234”
   }
5. Press the “send” button to generate an “accessToken”.
6. Click “Add request” to create a category
7. Use the POST method to call a request http://qa-school-test-api.quantori.academy/api/v1/categories
8. Enter the following “string” in the “Body” in the following order
   • {
   “title”: “Testing on Postman”
   }
9. Select Authorization
10. Click on Bearer Token
11. Enter the accessToken in “Bearer Token” field
12. Click on “Send” button to get a response

Actual behavior
• Status code: 500; Internal server error
• Error message:
{
"errors": "Unable to create category: SequelizeValidationError: notNull Violation: category.createdBy cannot be null"
}

Expected behavior
Expected behavior
• Status code: 200
• {
"id": 0,
"title": "string"
}

Screenshots
If applicable, add screenshots to help explain your problem.

**Pre-conditions"

There exists admin role account with valid credentials. Admin is logged in and bearer token "adminToken" is created and saved to environment.

Steps to reproduce

In Postman create collection, e.g. "Bug report"
Click "Add request"
Name request, e.g. "title with Ru characters"
In Auth tab choose "Bearer Token" from droplist
Add "adminToken" to the textfield
In Body tab choose "Raw" and "Json" from droplists
Type into request Json Body :
{
"title": " ёёёёёёёёёёёёёёёёёёё"
}

Send Post request to http://qa-school-test.quantori.academy/api/v1/categories

Actual behavior
Code 400
Json Response body has following text:
{
"errors": [
{
"value": " ёёёёёёёёёёёёёёёёёёё",
"msg": "Only RU/EN alphabet, space and digits allowed, please change your request",
"param": "title",
"location": "body"
}
]
}
Expected behavior
Response Code 200
Json response body should contain:""title": " ёёёёёёёёёёёёёёёёёёё""
Screenshots

Steps to reproduce

1. In Postman create collection, e.g. "Bug report"

2. Click "Add request"

3. Name request, e.g. "admin login"

4. Type in Body:
   {
   "username": "admin",
   "password": "************"
   }

5. Create admin Token by typing in Tests: const body = pm.response.json()
   pm.environment.set('adminToken', body.accessToken)

6. Send POST request to http://qa-school-test.quantori.academy/api/v1/session

7. Click "Add request"

8. Name request, e.g. "invalid special characters"

9. Type into Body :
   {
   "title": ",.;:*@'"
   }

10. Insert Bearer Token "adminToken" into Auth

11. Insert to Tests:
    pm.test("Error text is correct", function () {
    const body = pm.response.json()
    pm.expect(body.errors[0].msg).to.equal("Only RU/EN alphabet, space and digits allowed, please change your request");
    });

12. Send Post request to http://qa-school-test.quantori.academy/api/v1/categories

Actual behavior
Error message text states: "errors": "Only RU/EN alphabet and digits allowed, please change your request"
Expected behavior
Error message text should state:"errors": "Only RU/EN alphabet, space and digits allowed, please change your request"
Screenshots
If applicable, add screenshots to help explain your problem.

Pre-conditions:
There exists a teacher account with valid credentials

Steps to reproduce:
Login with teacher account
Use the received token for authentication
Send a request:
POST http://qa-school-test.quantori.academy/api/v1/courses
{
"title": "course1238",
"description": "rec",
"visible": true,
"categoryId": 352
}

Actual behavior:
500 Internal Server Error
"Unable to create course: SequelizeValidationError: notNull Violation: course.createdBy cannot be null"

Expected behavior:
The course is created

Steps to reproduce

1. Send post request http://qa-school-test.quantori.academy/api/v1/courses without body
   Actual behavior

{
    "errors": [
        {
            "msg": "Please send required fields: title,categoryId",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Please send required fields: title,categoryId",
            "param": "categoryId",
            "location": "body"
        },
        {
            "msg": "Parameter should be a string",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Minimum course title length is: 3",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "You are not allowed to use spaces only",
            "param": "title",
            "location": "body"
        },
        {
            "msg": "Parameter should be a string",
            "param": "description",
            "location": "body"
        },
        {
            "msg": "Minimum course description length is: 3",
            "param": "description",
            "location": "body"
        },
        {
            "msg": "Parameter should be boolean",
            "param": "visible",
            "location": "body"
        },
        {
            "msg": "Parameter should be numeric",
            "param": "categoryId",
            "location": "body"
        },
        {
            "msg": "Unable to find category record(s)",
            "param": "categoryId",
            "location": "body"
        }
    ]
}

Expected behavior

{
    "errors": "Unauthorized"
}

Steps to reproduce
Log-in as Admin
Send POST query to
http://qa-school-test.quantori.academy/api/v1/categories
with body

{
    "title": 1234
}

Actual behavior

{
    "errors": [
        {
            "value": 1234,
            "msg": "Parameter should be a string",
            "param": "title",
            "location": "body"
        },
        {
            "value": 1234,
            "msg": "Only RU/EN alphabet, space and digits allowed, please change your request",
            "param": "title",
            "location": "body"
        },
        {
            "value": 1234,
            "msg": "You are not allowed to use spaces only",
            "param": "title",
            "location": "body"
        }
    ]
}

Expected behavior

{
    "errors": [
        {
            "value": 1234,
            "msg": "Parameter should be a string",
            "param": "title",
            "location": "body"
        }
    ]
}

Screenshots

Description
It is possible to create category with title consisting of spaces only, allowing such names in categories list seems not to be user friendly, as such names wouldn't look nice in the list.

Steps to reproduce

1. Login to active user with admin role account
2. Save access token for admin to use it in following request
3. Input {"title": "name"}, where name is string of spaces of valid length (3-100) in POST request Body
4. Use saved admin access token for authorization
5. Make POST request to http://qa-school-test.quantori.academy/api/v1/categories

Actual behavior

1. Response code is 200 OK
2. No error message is shown
3. New category is created with title: "name", where name is string of spaces of valid length (3-100)

Expected behavior

1. Code 400 Bad request
2. Error message is shown
3. Category is not created

Screenshots

Is your feature request related to a problem? Please describe.
I've noticed that when many users are working at the same time lots of course id and categories id get created and stay. Since the academic program can change with time, some courses can be of short length and not expecting students to get promoted to next education stage , so students would come and leave, and you'd get a flow of new users and not enrolled users. So I assume that manual deleting of category, course, or users can be good when you have manageable number of those, if business expands and grows to lets say 100 000 users and 100 categories and each would have 20-50 courses,, or if education focus changes, admins or authorized users will waste too much time deleting items from category or users lists manually.

Describe the solution you'd like
I'd like chief admin to have possibility to remove all categories and all users sorted by role .

Is your feature request related to a problem? Please describe.
It is now only possible to get the separate category by id or the list of all existing categories, which is not quite comfortable while managing categories by admin user, when there are more than one user in a system with admin role.

Describe the solution you'd like
I propose adding a new endpoint by analogy with courses so it would be possible to manage categories created by the separate admin while being logged in to this admin account:
GET http://qa-school-test.quantori.academy/api/v1/categories/mine