From 09ffebf333adfe45967b44eb8f6237a65a876e25 Mon Sep 17 00:00:00 2001
From: Jules Laplace <jules@okfoc.us>
Date: Fri, 17 Mar 2017 22:15:38 +0100
Subject: getting set up with babel and webpack

---
 test/services/user/roles.test.js | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'test')

diff --git a/test/services/user/roles.test.js b/test/services/user/roles.test.js
index b121977..660df9d 100644
--- a/test/services/user/roles.test.js
+++ b/test/services/user/roles.test.js
@@ -92,6 +92,20 @@ describe('user roles', () => {
     })
   })
 
+  it('doesnt let users CRUD other users', (done) => {
+    chai.request(app)
+      .patch('/users/'.concat(managerRole.id))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(userRole.token))
+      .send({
+        goal: 400,
+      })
+      .end((err, res) => {
+        assert.equal(res.statusCode, 403);
+        done()
+      })
+  })
+
   it('lets managers CRUD users', (done) => {
     chai.request(app)
       .patch('/users/'.concat(userRole.id))
@@ -120,6 +134,20 @@ describe('user roles', () => {
       })
   })
 
+  it('doesnt let users CRUD other users\' meals', (done) => {
+    chai.request(app)
+      .patch('/meals/'.concat(managerRole.mealid))
+      .set('Accept', 'application/json')
+      .set('Authorization', 'Bearer '.concat(userRole.token))
+      .send({
+        calories: 620,
+      })
+      .end((err, res) => {
+        assert.equal(res.statusCode, 403);
+        done()
+      })
+  })
+
   it('doesnt let managers CRUD user meals', (done) => {
     chai.request(app)
       .patch('/meals/'.concat(userRole.mealid))
-- 
cgit v1.2.3-70-g09d2