-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(superadmin): add endpoint for superadmin (#400)
* fix(superadmin): add endpoint for superadmin * fix(superadmin): remove local and add tests * fix(tests): fix tests Co-authored-by: WikiRik <WikiRik@users.noreply.github.com>
- Loading branch information
Showing
5 changed files
with
160 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
const { startServer, stopServer } = require('../../lib/server'); | ||
const { request } = require('../scripts/helpers'); | ||
const generator = require('../scripts/generator'); | ||
|
||
describe('User superadmin', () => { | ||
beforeAll(async () => { | ||
await startServer(); | ||
}); | ||
|
||
afterAll(async () => { | ||
await stopServer(); | ||
}); | ||
|
||
afterEach(async () => { | ||
await generator.clearAll(); | ||
}); | ||
|
||
test('should return 404 if the user is not found', async () => { | ||
const user = await generator.createUser({ superadmin: true }); | ||
const token = await generator.createAccessToken({}, user); | ||
|
||
await generator.createPermission({ scope: 'global', action: 'update_superadmin', object: 'member' }); | ||
|
||
const res = await request({ | ||
uri: '/members/1337/superadmin', | ||
method: 'PUT', | ||
headers: { 'X-Auth-Token': token.value }, | ||
body: { superadmin: false } | ||
}); | ||
|
||
expect(res.statusCode).toEqual(404); | ||
expect(res.body.success).toEqual(false); | ||
expect(res.body).not.toHaveProperty('data'); | ||
expect(res.body).toHaveProperty('message'); | ||
}); | ||
|
||
test('should fail if there are validation errors', async () => { | ||
const user = await generator.createUser({ superadmin: true }); | ||
const token = await generator.createAccessToken({}, user); | ||
|
||
await generator.createPermission({ scope: 'global', action: 'update_superadmin', object: 'member' }); | ||
|
||
const res = await request({ | ||
uri: '/members/' + user.id + '/superadmin', | ||
method: 'PUT', | ||
headers: { 'X-Auth-Token': token.value }, | ||
body: { superadmin: 'aaa' } | ||
}); | ||
|
||
expect(res.statusCode).toEqual(422); | ||
expect(res.body.success).toEqual(false); | ||
expect(res.body).not.toHaveProperty('data'); | ||
expect(res.body).toHaveProperty('errors'); | ||
expect(res.body.errors).toHaveProperty('superadmin'); | ||
}); | ||
|
||
test('should succeed if everything is okay', async () => { | ||
const user = await generator.createUser({ superadmin: true }); | ||
const token = await generator.createAccessToken({}, user); | ||
|
||
await generator.createPermission({ scope: 'global', action: 'update_superadmin', object: 'member' }); | ||
|
||
const res = await request({ | ||
uri: '/members/' + user.id + '/superadmin', | ||
method: 'PUT', | ||
headers: { 'X-Auth-Token': token.value }, | ||
body: { superadmin: false } | ||
}); | ||
|
||
expect(res.statusCode).toEqual(200); | ||
expect(res.body.success).toEqual(true); | ||
expect(res.body).not.toHaveProperty('errors'); | ||
expect(res.body).toHaveProperty('data'); | ||
expect(res.body.data.superadmin).toEqual(false); | ||
}); | ||
|
||
test('should fail for yourself without permission', async () => { | ||
const user = await generator.createUser(); | ||
const token = await generator.createAccessToken({}, user); | ||
|
||
const res = await request({ | ||
uri: '/members/' + user.id + '/superadmin', | ||
method: 'PUT', | ||
headers: { 'X-Auth-Token': token.value }, | ||
body: { superadmin: true } | ||
}); | ||
|
||
expect(res.statusCode).toEqual(403); | ||
expect(res.body.success).toEqual(false); | ||
expect(res.body).not.toHaveProperty('data'); | ||
expect(res.body).toHaveProperty('message'); | ||
}); | ||
|
||
test('should not work with local permission', async () => { | ||
const user = await generator.createUser(); | ||
const token = await generator.createAccessToken({}, user); | ||
|
||
const otherUser = await generator.createUser(); | ||
const permission = await generator.createPermission({ scope: 'local', action: 'update_superadmin', object: 'member' }); | ||
const body = await generator.createBody(); | ||
const circle = await generator.createCircle({ body_id: body.id }); | ||
await generator.createCircleMembership(circle, user); | ||
await generator.createCirclePermission(circle, permission); | ||
await generator.createBodyMembership(body, otherUser); | ||
|
||
const res = await request({ | ||
uri: '/members/' + otherUser.id + '/superadmin', | ||
method: 'PUT', | ||
headers: { 'X-Auth-Token': token.value }, | ||
body: { superadmin: true } | ||
}); | ||
|
||
expect(res.statusCode).toEqual(403); | ||
expect(res.body.success).toEqual(false); | ||
expect(res.body).not.toHaveProperty('data'); | ||
expect(res.body).toHaveProperty('message'); | ||
}); | ||
|
||
test('should fail for other person without permission', async () => { | ||
const user = await generator.createUser(); | ||
const token = await generator.createAccessToken({}, user); | ||
|
||
const otherUser = await generator.createUser(); | ||
|
||
const res = await request({ | ||
uri: '/members/' + otherUser.id + '/superadmin', | ||
method: 'PUT', | ||
headers: { 'X-Auth-Token': token.value }, | ||
body: { superadmin: true } | ||
}); | ||
|
||
expect(res.statusCode).toEqual(403); | ||
expect(res.body.success).toEqual(false); | ||
expect(res.body).not.toHaveProperty('data'); | ||
expect(res.body).toHaveProperty('message'); | ||
}); | ||
}); |