'use strict'; const chai = require('chai') const chaiHttp = require('chai-http') const should = chai.should(); const assert = require('assert'); const app = require('../../../src/app'); const User = app.service('users') const Meal = app.service('meals') const authentication = require('feathers-authentication/client'); const bodyParser = require('body-parser'); var mealid var userRole, managerRole, adminRole app .use(bodyParser.json()) .use(bodyParser.urlencoded({ extended: true })) .configure(authentication()); chai.use(chaiHttp); function createUserAndFetchToken (role, done) { const email = 'test@test.com' + Math.random() User.create({ email: email, password: 'password', goal: 2000, role: role, }).then(function (userdata) { Meal.create({ name: 'breakfast', date: new Date (), calories: 500, userid: userdata.id, }).then(function (mealdata) { chai.request(app) .post('/auth/local') .set('Accept', 'application/json') .send({ email: email, password: 'password', }) .end((err, res) => { done({ token: res.body.token, id: userdata.id, mealid: mealdata.id, }) }) }) }) } function destroyUser (user, done) { chai.request(app) .delete('/users/'.concat(user.id)) .set('Accept', 'application/json') .set('Authorization', 'Bearer '.concat(user.token)) .send() .end((err, res) => { done() }) } describe('user roles', () => { before((done) => { this.server = app.listen(3030) this.server.once('listening', () => { createUserAndFetchToken('user', function(data){ userRole = data createUserAndFetchToken('manager', function(data){ managerRole = data createUserAndFetchToken('admin', function(data){ adminRole = data done() }) }) }) }) }) after((done) => { const server = this.server destroyUser(userRole, function(){ destroyUser(managerRole, function(){ destroyUser(adminRole, function(){ server.close(function(){}) done() }) }) }) }) it('doesnt let users CRUD other users', (done) => { chai.request(app) .patch('/users/'.concat(managerRole.id)) .set('Accept', 'application/json') .set('Authorization', 'Bearer '.concat(userRole.token)) .send({ goal: 400, }) .end((err, res) => { assert.equal(res.statusCode, 403); done() }) }) it('lets managers CRUD users', (done) => { chai.request(app) .patch('/users/'.concat(userRole.id)) .set('Accept', 'application/json') .set('Authorization', 'Bearer '.concat(managerRole.token)) .send({ goal: 650, }) .end((err, res) => { res.body.goal.should.equal(650) done() }) }) it('lets admins CRUD users', (done) => { chai.request(app) .patch('/users/'.concat(userRole.id)) .set('Accept', 'application/json') .set('Authorization', 'Bearer '.concat(adminRole.token)) .send({ goal: 790, }) .end((err, res) => { res.body.goal.should.equal(790) done() }) }) it('doesnt let users CRUD other users\' meals', (done) => { chai.request(app) .patch('/meals/'.concat(managerRole.mealid)) .set('Accept', 'application/json') .set('Authorization', 'Bearer '.concat(userRole.token)) .send({ calories: 620, }) .end((err, res) => { assert.equal(res.statusCode, 403); done() }) }) it('doesnt let managers CRUD user meals', (done) => { chai.request(app) .patch('/meals/'.concat(userRole.mealid)) .set('Accept', 'application/json') .set('Authorization', 'Bearer '.concat(managerRole.token)) .send({ calories: 600, }) .end((err, res) => { assert.equal(res.statusCode, 403); done() }) }) it('lets admins CRUD user meals', (done) => { chai.request(app) .patch('/meals/'.concat(userRole.mealid)) .set('Accept', 'application/json') .set('Authorization', 'Bearer '.concat(adminRole.token)) .send({ calories: 501, }) .end((err, res) => { res.body.calories.should.equal(501) done() }) }) })