coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix: Disable 'Invite people…' control for non-admins (#1903)

Browse Source 
closes #1902
This commit is contained in:
Tom Moor
2021-02-18 23:35:55 -08:00
committed by GitHub
parent fae54c7957
commit bbf434e2f4
4 changed files with 46 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
server/api/users.test.js
View File

@ -107,7 +107,7 @@ describe("#users.info", () => {
describe("#users.invite", () => {
it("should return sent invites", async () => {
const user = await buildUser();
const user = await buildUser({ isAdmin: true });
const res = await server.post("/api/users.invite", {
body: {
token: user.getJwtToken(),
@ -119,6 +119,17 @@ describe("#users.invite", () => {
expect(body.data.sent.length).toEqual(1);
});
it("should require admin", async () => {
const user = await buildUser();
const res = await server.post("/api/users.invite", {
body: {
token: user.getJwtToken(),
invites: [{ email: "test@example.com", name: "Test", guest: false }],
},
});
expect(res.status).toEqual(403);
});
it("should require authentication", async () => {
const res = await server.post("/api/users.invite");
expect(res.status).toEqual(401);