diff options
| author | Jules Laplace <jules@okfoc.us> | 2017-03-21 10:33:11 +0100 |
|---|---|---|
| committer | Jules Laplace <jules@okfoc.us> | 2017-03-21 10:33:11 +0100 |
| commit | 27e9b694626e9dc3f8aa55b4231b626789382b98 (patch) | |
| tree | 1ebcf3544ac0b31ab67e1822e82e92021a9e87a7 | |
| parent | 7f01bcd15487697863437d3faf449baf21f5519d (diff) | |
fix removing meals
| -rw-r--r-- | src/services/user/hooks/index.js | 18 | ||||
| -rw-r--r-- | test/services/meal/index.test.js | 26 | ||||
| -rw-r--r-- | test/services/user/roles.test.js | 14 |
3 files changed, 55 insertions, 3 deletions
diff --git a/src/services/user/hooks/index.js b/src/services/user/hooks/index.js index 8210e81..22493c6 100644 --- a/src/services/user/hooks/index.js +++ b/src/services/user/hooks/index.js @@ -77,9 +77,17 @@ function removeUserMeals () { // Set provider as undefined so we avoid an infinite loop if this hook is // set on the resource we are requesting. var params = Object.assign({}, hook.params, { provider: undefined }); - return hook.app.service('meals').remove(null, { userid: hook.params.user.id }).then(function (data) { - resolve(hook); - }).catch(reject); + + return _this.get(hook.id, params).then(function (data) { + if (data.toJSON) { + data = data.toJSON(); + } else if (data.toObject) { + data = data.toObject(); + } + return hook.app.service('meals').remove(null, { query: { userid: hook.id }}).then(function (data) { + resolve(hook); + }).catch(reject); + }) }); } } @@ -97,6 +105,10 @@ exports.before = { auth.verifyToken(), auth.populateUser(), auth.restrictToAuthenticated(), + auth.restrictToRoles({ + fieldName: 'role', + roles: ['manager','admin'], + }), ], get: [ auth.verifyToken(), diff --git a/test/services/meal/index.test.js b/test/services/meal/index.test.js index 8fdbc36..e1b36f2 100644 --- a/test/services/meal/index.test.js +++ b/test/services/meal/index.test.js @@ -81,6 +81,20 @@ describe('meal service', () => { }) }) + it('should create some new meals', (done) => { + chai.request(app) + .post('/meals') + .set('Accept', 'application/json') + .set('Authorization', 'Bearer '.concat(token)) + .send({ + userid: userid, + }) + .end((err, res) => { + assert.notEqual(res.statusCode, 200) + done() + }) + }) + it('should list its meals', (done) => { chai.request(app) .patch('/meals/'.concat(mealid)) @@ -121,4 +135,16 @@ describe('meal service', () => { }) }) + it('should list its meals', (done) => { + chai.request(app) + .get('/meals/'.concat(mealid)) + .set('Accept', 'application/json') + .set('Authorization', 'Bearer '.concat(token)) + .end((err, res) => { + assert.notEqual(res.statusCode, 200) + done() + }) + }) + + }) diff --git a/test/services/user/roles.test.js b/test/services/user/roles.test.js index 660df9d..11fd2a4 100644 --- a/test/services/user/roles.test.js +++ b/test/services/user/roles.test.js @@ -92,6 +92,20 @@ describe('user roles', () => { }) }) + it('doesnt let users fetch other users', (done) => { + chai.request(app) + .get('/users/') + .set('Accept', 'application/json') + .set('Authorization', 'Bearer '.concat(userRole.token)) + .send({ + }) + .end((err, res) => { + console.log(res.body) + done() + }) + }) + + it('doesnt let users CRUD other users', (done) => { chai.request(app) .patch('/users/'.concat(managerRole.id)) |