coop-cloud-chaos-patchs/outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update team and collection authorization

Browse Source
This commit is contained in:
Tom Moor
2018-02-18 01:14:51 -08:00
parent 2f81eb5e87
commit e84fb5e6ba
17 changed files with 181 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
server/api/collections.test.js
View File

@ -2,6 +2,7 @@
import TestServer from 'fetch-test-server';
import app from '..';
import { flushdb, seed } from '../test/support';
import { buildUser } from '../test/factories';
import Collection from '../models/Collection';
const server = new TestServer(app.callback());
@ -31,14 +32,6 @@ describe('#collections.list', async () => {
});
describe('#collections.info', async () => {
it('should require authentication', async () => {
const res = await server.post('/api/collections.info');
const body = await res.json();
expect(res.status).toEqual(401);
expect(body).toMatchSnapshot();
});
it('should return collection', async () => {
const { user, collection } = await seed();
const res = await server.post('/api/collections.info', {
@ -49,6 +42,23 @@ describe('#collections.info', async () => {
expect(res.status).toEqual(200);
expect(body.data.id).toEqual(collection.id);
});
it('should require authentication', async () => {
const res = await server.post('/api/collections.info');
const body = await res.json();
expect(res.status).toEqual(401);
expect(body).toMatchSnapshot();
});
it('should require authorization', async () => {
const { collection } = await seed();
const user = await buildUser();
const res = await server.post('/api/collections.info', {
body: { token: user.getJwtToken(), id: collection.id },
});
expect(res.status).toEqual(404);
});
});
describe('#collections.create', async () => {
@ -82,6 +92,15 @@ describe('#collections.delete', async () => {
expect(body).toMatchSnapshot();
});
it('should require authorization', async () => {
const { collection } = await seed();
const user = await buildUser();
const res = await server.post('/api/collections.delete', {
body: { token: user.getJwtToken(), id: collection.id },
});
expect(res.status).toEqual(403);
});
it('should not delete last collection', async () => {
const { user, collection } = await seed();
const res = await server.post('/api/collections.delete', {