diff --git a/server/api/__snapshots__/team.test.js.snap b/server/api/__snapshots__/team.test.js.snap index 07df222e..bfe0d589 100644 --- a/server/api/__snapshots__/team.test.js.snap +++ b/server/api/__snapshots__/team.test.js.snap @@ -48,12 +48,29 @@ Object { } `; -exports[`#team.users should require admin 1`] = ` +exports[`#team.users should require admin for detailed info 1`] = ` Object { - "error": "only_available_for_admins", - "message": "Only available for admins", - "ok": false, - "status": 403, + "data": Array [ + Object { + "avatarUrl": "http://example.com/avatar.png", + "id": "fa952cff-fa64-4d42-a6ea-6955c9689046", + "name": "Admin User", + "username": "admin", + }, + Object { + "avatarUrl": "http://example.com/avatar.png", + "id": "46fde1d4-0050-428f-9f0b-0bf77f4bdf61", + "name": "User 1", + "username": "user1", + }, + ], + "ok": true, + "pagination": Object { + "limit": 15, + "nextPath": "/api/team.users?limit=15&offset=15", + "offset": 0, + }, + "status": 200, } `; diff --git a/server/api/auth.js b/server/api/auth.js index 91d965e2..45ddea40 100644 --- a/server/api/auth.js +++ b/server/api/auth.js @@ -27,7 +27,7 @@ router.post('auth.slack', async ctx => { let user = await User.findOne({ where: { slackId: data.user.id } }); let team = await Team.findOne({ where: { slackId: data.team.id } }); - const teamExisted = !!team; + const isFirstUser = !team; if (team) { team.name = data.team.name; @@ -51,7 +51,7 @@ router.post('auth.slack', async ctx => { name: data.user.name, email: data.user.email, teamId: team.id, - isAdmin: !teamExisted, + isAdmin: isFirstUser, slackData: data.user, slackAccessToken: data.access_token, }); @@ -61,7 +61,7 @@ router.post('auth.slack', async ctx => { await user.save(); } - if (!teamExisted) { + if (isFirstUser) { await team.createFirstCollection(user.id); } diff --git a/server/api/team.js b/server/api/team.js index 416f0874..98d63dee 100644 --- a/server/api/team.js +++ b/server/api/team.js @@ -10,9 +10,8 @@ import pagination from './middlewares/pagination'; import { presentUser } from '../presenters'; const router = new Router(); -router.use(auth({ adminOnly: true })); -router.post('team.users', pagination(), async ctx => { +router.post('team.users', auth(), pagination(), async ctx => { const user = ctx.state.user; const users = await User.findAll({ @@ -26,11 +25,13 @@ router.post('team.users', pagination(), async ctx => { ctx.body = { pagination: ctx.state.pagination, - data: users.map(user => presentUser(ctx, user, { includeDetails: true })), + data: users.map(listUser => + presentUser(ctx, listUser, { includeDetails: user.isAdmin }) + ), }; }); -router.post('team.addAdmin', async ctx => { +router.post('team.addAdmin', auth({ adminOnly: true }), async ctx => { const { user } = ctx.body; const admin = ctx.state.user; ctx.assertPresent(user, 'id is required'); @@ -47,7 +48,7 @@ router.post('team.addAdmin', async ctx => { ctx.body = presentUser(ctx, promotedUser, { includeDetails: true }); }); -router.post('team.removeAdmin', async ctx => { +router.post('team.removeAdmin', auth({ adminOnly: true }), async ctx => { const { user } = ctx.body; const admin = ctx.state.user; ctx.assertPresent(user, 'id is required'); diff --git a/server/api/team.test.js b/server/api/team.test.js index ba4ad3be..319d9852 100644 --- a/server/api/team.test.js +++ b/server/api/team.test.js @@ -23,14 +23,14 @@ describe('#team.users', async () => { expect(body).toMatchSnapshot(); }); - it('should require admin', async () => { + it('should require admin for detailed info', async () => { const { user } = await seed(); const res = await server.post('/api/team.users', { body: { token: user.getJwtToken() }, }); const body = await res.json(); - expect(res.status).toEqual(403); + expect(res.status).toEqual(200); expect(body).toMatchSnapshot(); }); });