getting set up with babel and webpack

author: Jules Laplace <jules@okfoc.us> 2017-03-17 22:15:38 +0100
committer: Jules Laplace <jules@okfoc.us> 2017-03-17 22:15:38 +0100
commit: 09ffebf333adfe45967b44eb8f6237a65a876e25 (patch)
tree: b83d6cc1461fe2f74f2ca9b637ab36abeada51f6 /test
parent: 4e9e8b7692f906e5e389ebfbf5cb1873bed38a00 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/test/services/user/roles.test.js b/test/services/user/roles.test.js
index b121977..660df9d 100644
--- a/test/services/user/roles.test.js
+++ b/test/services/user/roles.test.js
@@ -92,6 +92,20 @@ describe('user roles', () => {
     })
   })
 
+  it('doesnt let users CRUD other users', (done) => {
+    chai.request(app)
+      .patch('/users/'.concat(managerRole.id))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(userRole.token))
+      .send({
+        goal: 400,
+      })
+      .end((err, res) => {
+        assert.equal(res.statusCode, 403);
+        done()
+      })
+  })
+
   it('lets managers CRUD users', (done) => {
     chai.request(app)
       .patch('/users/'.concat(userRole.id))
@@ -120,6 +134,20 @@ describe('user roles', () => {
       })
   })
 
+  it('doesnt let users CRUD other users\' meals', (done) => {
+    chai.request(app)
+      .patch('/meals/'.concat(managerRole.mealid))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(userRole.token))
+      .send({
+        calories: 620,
+      })
+      .end((err, res) => {
+        assert.equal(res.statusCode, 403);
+        done()
+      })
+  })
+
   it('doesnt let managers CRUD user meals', (done) => {
     chai.request(app)
       .patch('/meals/'.concat(userRole.mealid))
author	Jules Laplace <jules@okfoc.us>	2017-03-17 22:15:38 +0100
committer	Jules Laplace <jules@okfoc.us>	2017-03-17 22:15:38 +0100
commit	09ffebf333adfe45967b44eb8f6237a65a876e25 (patch)
tree	b83d6cc1461fe2f74f2ca9b637ab36abeada51f6 /test
parent	4e9e8b7692f906e5e389ebfbf5cb1873bed38a00 (diff)