summaryrefslogtreecommitdiff
path: root/test/services/user/roles.test.js
diff options
context:
space:
mode:
Diffstat (limited to 'test/services/user/roles.test.js')
-rw-r--r--test/services/user/roles.test.js28
1 files changed, 28 insertions, 0 deletions
diff --git a/test/services/user/roles.test.js b/test/services/user/roles.test.js
index b121977..660df9d 100644
--- a/test/services/user/roles.test.js
+++ b/test/services/user/roles.test.js
@@ -92,6 +92,20 @@ describe('user roles', () => {
})
})
+ it('doesnt let users CRUD other users', (done) => {
+ chai.request(app)
+ .patch('/users/'.concat(managerRole.id))
+ .set('Accept', 'application/json')
+ .set('Authorization', 'Bearer '.concat(userRole.token))
+ .send({
+ goal: 400,
+ })
+ .end((err, res) => {
+ assert.equal(res.statusCode, 403);
+ done()
+ })
+ })
+
it('lets managers CRUD users', (done) => {
chai.request(app)
.patch('/users/'.concat(userRole.id))
@@ -120,6 +134,20 @@ describe('user roles', () => {
})
})
+ it('doesnt let users CRUD other users\' meals', (done) => {
+ chai.request(app)
+ .patch('/meals/'.concat(managerRole.mealid))
+ .set('Accept', 'application/json')
+ .set('Authorization', 'Bearer '.concat(userRole.token))
+ .send({
+ calories: 620,
+ })
+ .end((err, res) => {
+ assert.equal(res.statusCode, 403);
+ done()
+ })
+ })
+
it('doesnt let managers CRUD user meals', (done) => {
chai.request(app)
.patch('/meals/'.concat(userRole.mealid))
generated by cgit v1.2.3-70-g09d2 (git 2.51.0) at 2025-12-23 13:55:56 +0000