Closed cbj4074 closed 4 years ago
The test(s) should probably reflect the business rule requirement that the approved_at
and approver_id
fields are null upon initial creation. I'll fix that.
Also, we should ensure that unapproved records are not returned from API endpoints unless the User
is a staff member. But such a test seems to be more within the scope of access policies.
@mblarsen What are your thoughts in this regard? Should we have separate tests that are specific to access policies, or should such tests be included in the GenreRepositoryTest
class?
The attendant business logic requires Genre names to be unique and that when a new Genre is added it is not yet approved.