test user roles

author: Jules Laplace <jules@okfoc.us> 2017-03-17 01:55:00 +0100
committer: Jules Laplace <jules@okfoc.us> 2017-03-17 01:55:00 +0100
commit: 2da21be7c3c16799a2e57153437e72b5a7f47dac (patch)
tree: b58ef841140d4fb8d060ce51d07c1f3e993d88ce
parent: a4b496b8e7cb215dc9be2fa0e627382364889eb4 (diff)
2 files changed, 152 insertions, 1 deletions
diff --git a/src/services/user/hooks/index.js b/src/services/user/hooks/index.js
index c4ed466..80c3848 100644
--- a/src/services/user/hooks/index.js
+++ b/src/services/user/hooks/index.js
@@ -58,7 +58,7 @@ function validateRoleOnUpdate () {
         if (userRole.toString() === 'user' && dataRole.toString() !== 'user') {
           reject(new _feathersErrors2.default.Forbidden('You do not have permission to change your role.'));
         }
-        else if (userRole.toString() === 'manager' && dataRole.toString() !== 'user') {
+        else if (userRole.toString() === 'manager' && dataRole.toString() === 'admin') {
           reject(new _feathersErrors2.default.Forbidden('You do not have permission to change this user\'s role.'));
         }
         else {
diff --git a/test/services/user/roles.test.js b/test/services/user/roles.test.js
new file mode 100644
index 0000000..d050806
--- /dev/null
+++ b/test/services/user/roles.test.js
@@ -0,0 +1,151 @@
+'use strict';
+
+const chai = require('chai')
+const chaiHttp = require('chai-http')
+const should = chai.should();
+const assert = require('assert');
+const app = require('../../../src/app');
+
+const User = app.service('users')
+const Meal = app.service('meals')
+const authentication = require('feathers-authentication/client');
+const bodyParser = require('body-parser');
+
+var mealid
+
+var userRole, managerRole, adminRole
+
+app
+  .use(bodyParser.json())
+  .use(bodyParser.urlencoded({ extended: true }))
+  .configure(authentication());
+chai.use(chaiHttp);
+
+function createUserAndFetchToken (role, done) {
+  const email = 'test@test.com' + Math.random()
+  User.create({
+    email: email,
+    password: 'password',
+    goal: 2000,
+    role: role,
+  }, () => {
+    Meal.create({
+      name: 'breakfast',
+      date: new Date (),
+      calories: 500,
+    }).then(function (data) {
+      chai.request(app)
+        .post('/auth/local')
+        .set('Accept', 'application/json')
+        .send({
+          email: email,
+          password: 'password',
+        })
+        .end((err, res) => {
+          done({
+            token: res.body.token,
+            id: res.body.data.id,
+            mealid: data.id,
+          })
+        })
+    })
+  })
+}
+function destroyUser (user, done) {
+  chai.request(app)
+    .delete('/users/'.concat(user.id))
+    .set('Accept', 'application/json')
+    .set('Authorization', 'Bearer '.concat(user.token))
+    .send()
+    .end((err, res) => {
+      done()
+    })
+}
+
+describe('user roles', () => {
+  before((done) => {
+    this.server = app.listen(3030)
+    this.server.once('listening', () => {
+      createUserAndFetchToken('user', function(data){
+        userRole = data
+        createUserAndFetchToken('manager', function(data){
+          managerRole = data
+          createUserAndFetchToken('admin', function(data){
+            adminRole = data
+            done()
+          })
+        })
+      })
+    })
+  })
+
+  after((done) => {
+    const server = this.server
+    destroyUser(userRole, function(){
+      destroyUser(managerRole, function(){
+        destroyUser(adminRole, function(){
+          server.close(function(){})
+          done()
+        })
+      })
+    })
+  })
+
+  it('lets managers CRUD users', (done) => {
+    chai.request(app)
+      .patch('/users/'.concat(userRole.id))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(managerRole.token))
+      .send({
+        goal: 650,
+      })
+      .end((err, res) => {
+        res.body.goal.should.equal(650)
+        done()
+      })
+  })
+
+  it('lets admins CRUD users', (done) => {
+    chai.request(app)
+      .patch('/users/'.concat(userRole.id))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(adminRole.token))
+      .send({
+        goal: 790,
+      })
+      .end((err, res) => {
+        res.body.goal.should.equal(790)
+        done()
+      })
+  })
+
+  it('doesnt let managers CRUD user meals', (done) => {
+    chai.request(app)
+      .patch('/meals/'.concat(userRole.mealid))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(managerRole.token))
+      .send({
+        calories: 600,
+      })
+      .end((err, res) => {
+        console.log(res.body)
+        // assert.equal(res.statusCode, 500);
+        done()
+      })
+  })
+
+  it('lets admins CRUD user meals', (done) => {
+    chai.request(app)
+      .patch('/meals/'.concat(userRole.mealid))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(adminRole.token))
+      .send({
+        calories: 501,
+      })
+      .end((err, res) => {
+        res.body.calories.should.equal(501)
+        done()
+      })
+  })
+
+})
author	Jules Laplace <jules@okfoc.us>	2017-03-17 01:55:00 +0100
committer	Jules Laplace <jules@okfoc.us>	2017-03-17 01:55:00 +0100
commit	2da21be7c3c16799a2e57153437e72b5a7f47dac (patch)
tree	b58ef841140d4fb8d060ce51d07c1f3e993d88ce
parent	a4b496b8e7cb215dc9be2fa0e627382364889eb4 (diff)