142303b3de
* WIP - got one API test to pass yay * adds group update endpoint * added group policies * adds groups.list API * adds groups.info * remove comment * WIP * tests for delete * adds group membership list * adds tests for groups list * add and remove user endpoints for group * ask some questions * fix up some issues around primary keys * remove export from group permissions Co-Authored-By: Tom Moor <tom.moor@gmail.com> * remove random file * only create events on actual updates, add tests to ensure * adds uniqueness validation to group name * throw validation errors on model and let it pass through the controller * fix linting * WIP * WIP * WIP * WIP * WIP basic edit and delete * basic CRUD for groups and memberships in place * got member counts working * add member count and limit the number of users sent over teh wire to 6 * factor avatar with AvatarWithPresence into its own class * wip * WIP avatars in group lists * WIP collection groups * add and remove group endpoints * wip add collection groups * wip get group adding to collections to work * wip get updating collection group memberships to work * wip get new group modal working * add tests for collection index * include collection groups in the withmemberships scope * tie permissions to group memberships * remove unused import * Update app/components/GroupListItem.js update title copy Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/migrations/20191211044318-create-groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/api/groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/api/groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/CollectionMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/models/Group.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * minor fixes * Update app/scenes/CollectionMembers/AddGroupsToCollection.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/GroupMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/GroupMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/menus/GroupMenu.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/Collection.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/CollectionMembers/CollectionMembers.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/GroupNew.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/GroupNew.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/Settings/Groups.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update server/api/documents.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * Update app/scenes/CollectionMembers/components/CollectionGroupMemberListItem.js Co-Authored-By: Tom Moor <tom.moor@gmail.com> * address comments * WIP - getting websocket stuff up and running * socket event for group deletion * wrapped up cascading deletes * lint * flow * fix: UI feedback * fix: Facepile size * fix: Lots of missing await's * Allow clicking facepile on group list item to open members * remove unused route push, grammar * fix: Remove bad analytics events feat: Add group events to audit log * collection. -> collections. * Add groups to entity websocket events (sync create/update/delete) between clients * fix: Users should not be able to see groups they are not a member of * fix: Not caching errors in UI when changing group memberships * fix: Hide unusable UI * test * fix: Tweak language * feat: Automatically open 'add member' modal after creating group Co-authored-by: Tom Moor <tom.moor@gmail.com>
461 lines
13 KiB
JavaScript
461 lines
13 KiB
JavaScript
/* eslint-disable flowtype/require-valid-file-annotation */
|
|
import TestServer from 'fetch-test-server';
|
|
import app from '../app';
|
|
import { flushdb } from '../test/support';
|
|
import { buildUser, buildGroup } from '../test/factories';
|
|
import { Event } from '../models';
|
|
|
|
const server = new TestServer(app.callback());
|
|
|
|
beforeEach(flushdb);
|
|
afterAll(server.close);
|
|
|
|
describe('#groups.create', async () => {
|
|
it('should create a group', async () => {
|
|
const name = 'hello I am a group';
|
|
const user = await buildUser({ isAdmin: true });
|
|
|
|
const res = await server.post('/api/groups.create', {
|
|
body: { token: user.getJwtToken(), name },
|
|
});
|
|
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.name).toEqual(name);
|
|
});
|
|
});
|
|
|
|
describe('#groups.update', async () => {
|
|
it('should require authentication', async () => {
|
|
const group = await buildGroup();
|
|
const res = await server.post('/api/groups.update', {
|
|
body: { id: group.id, name: 'Test' },
|
|
});
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(401);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
|
|
it('should require admin', async () => {
|
|
const group = await buildGroup();
|
|
const user = await buildUser();
|
|
const res = await server.post('/api/groups.update', {
|
|
body: { token: user.getJwtToken(), id: group.id, name: 'Test' },
|
|
});
|
|
expect(res.status).toEqual(403);
|
|
});
|
|
|
|
it('should require authorization', async () => {
|
|
const group = await buildGroup();
|
|
const user = await buildUser({ isAdmin: true });
|
|
|
|
const res = await server.post('/api/groups.update', {
|
|
body: { token: user.getJwtToken(), id: group.id, name: 'Test' },
|
|
});
|
|
expect(res.status).toEqual(403);
|
|
});
|
|
|
|
describe('when user is admin', async () => {
|
|
let user, group;
|
|
|
|
beforeEach(async () => {
|
|
user = await buildUser({ isAdmin: true });
|
|
group = await buildGroup({ teamId: user.teamId });
|
|
});
|
|
|
|
it('allows admin to edit a group', async () => {
|
|
const res = await server.post('/api/groups.update', {
|
|
body: { token: user.getJwtToken(), id: group.id, name: 'Test' },
|
|
});
|
|
|
|
const events = await Event.findAll();
|
|
expect(events.length).toEqual(1);
|
|
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.name).toBe('Test');
|
|
});
|
|
|
|
it('does not create an event if the update is a noop', async () => {
|
|
const res = await server.post('/api/groups.update', {
|
|
body: { token: user.getJwtToken(), id: group.id, name: group.name },
|
|
});
|
|
|
|
const events = await Event.findAll();
|
|
expect(events.length).toEqual(0);
|
|
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.name).toBe(group.name);
|
|
});
|
|
|
|
it('fails with validation error when name already taken', async () => {
|
|
await buildGroup({
|
|
teamId: user.teamId,
|
|
name: 'test',
|
|
});
|
|
|
|
const res = await server.post('/api/groups.update', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
name: 'TEST',
|
|
},
|
|
});
|
|
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(400);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('#groups.list', async () => {
|
|
it('should require authentication', async () => {
|
|
const res = await server.post('/api/groups.list');
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(401);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
|
|
it('should return groups with memberships preloaded', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup({ teamId: user.teamId });
|
|
|
|
await group.addUser(user, { through: { createdById: user.id } });
|
|
|
|
const res = await server.post('/api/groups.list', {
|
|
body: { token: user.getJwtToken() },
|
|
});
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(200);
|
|
|
|
expect(body.data['groups'].length).toEqual(1);
|
|
expect(body.data['groups'][0].id).toEqual(group.id);
|
|
|
|
expect(body.data['groupMemberships'].length).toEqual(1);
|
|
expect(body.data['groupMemberships'][0].groupId).toEqual(group.id);
|
|
expect(body.data['groupMemberships'][0].user.id).toEqual(user.id);
|
|
|
|
expect(body.policies.length).toEqual(1);
|
|
expect(body.policies[0].abilities.read).toEqual(true);
|
|
});
|
|
});
|
|
|
|
describe('#groups.info', async () => {
|
|
it('should return group if admin', async () => {
|
|
const user = await buildUser({ isAdmin: true });
|
|
const group = await buildGroup({ teamId: user.teamId });
|
|
|
|
const res = await server.post('/api/groups.info', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.id).toEqual(group.id);
|
|
});
|
|
|
|
it('should return group if member', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup({ teamId: user.teamId });
|
|
await group.addUser(user, { through: { createdById: user.id } });
|
|
|
|
const res = await server.post('/api/groups.info', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.id).toEqual(group.id);
|
|
});
|
|
|
|
it('should not return group if non-member, non-admin', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup({ teamId: user.teamId });
|
|
|
|
const res = await server.post('/api/groups.info', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
|
|
expect(res.status).toEqual(403);
|
|
});
|
|
|
|
it('should require authentication', async () => {
|
|
const res = await server.post('/api/groups.info');
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(401);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
|
|
it('should require authorization', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup();
|
|
const res = await server.post('/api/groups.info', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
expect(res.status).toEqual(403);
|
|
});
|
|
});
|
|
|
|
describe('#groups.delete', async () => {
|
|
it('should require authentication', async () => {
|
|
const group = await buildGroup();
|
|
const res = await server.post('/api/groups.delete', {
|
|
body: { id: group.id },
|
|
});
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(401);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
|
|
it('should require admin', async () => {
|
|
const group = await buildGroup();
|
|
const user = await buildUser();
|
|
const res = await server.post('/api/groups.delete', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
expect(res.status).toEqual(403);
|
|
});
|
|
|
|
it('should require authorization', async () => {
|
|
const group = await buildGroup();
|
|
const user = await buildUser({ isAdmin: true });
|
|
|
|
const res = await server.post('/api/groups.delete', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
expect(res.status).toEqual(403);
|
|
});
|
|
|
|
it('allows admin to delete a group', async () => {
|
|
const user = await buildUser({ isAdmin: true });
|
|
const group = await buildGroup({ teamId: user.teamId });
|
|
|
|
const res = await server.post('/api/groups.delete', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
|
|
const body = await res.json();
|
|
expect(res.status).toEqual(200);
|
|
expect(body.success).toEqual(true);
|
|
});
|
|
});
|
|
|
|
describe('#groups.memberships', async () => {
|
|
it('should return members in a group', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup({ teamId: user.teamId });
|
|
|
|
await group.addUser(user, { through: { createdById: user.id } });
|
|
|
|
const res = await server.post('/api/groups.memberships', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.users.length).toEqual(1);
|
|
expect(body.data.users[0].id).toEqual(user.id);
|
|
expect(body.data.groupMemberships.length).toEqual(1);
|
|
expect(body.data.groupMemberships[0].user.id).toEqual(user.id);
|
|
});
|
|
|
|
it('should allow filtering members in group by name', async () => {
|
|
const user = await buildUser();
|
|
const user2 = await buildUser({ name: "Won't find" });
|
|
const group = await buildGroup({ teamId: user.teamId });
|
|
|
|
await group.addUser(user, { through: { createdById: user.id } });
|
|
await group.addUser(user2, { through: { createdById: user.id } });
|
|
|
|
const res = await server.post('/api/groups.memberships', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
query: user.name.slice(0, 3),
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(200);
|
|
expect(body.data.users.length).toEqual(1);
|
|
expect(body.data.users[0].id).toEqual(user.id);
|
|
});
|
|
|
|
it('should require authentication', async () => {
|
|
const res = await server.post('/api/groups.memberships');
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(401);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
|
|
it('should require authorization', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup();
|
|
|
|
const res = await server.post('/api/groups.memberships', {
|
|
body: { token: user.getJwtToken(), id: group.id },
|
|
});
|
|
expect(res.status).toEqual(403);
|
|
});
|
|
});
|
|
|
|
describe('#groups.add_user', async () => {
|
|
it('should add user to group', async () => {
|
|
const user = await buildUser({ isAdmin: true });
|
|
const group = await buildGroup({
|
|
teamId: user.teamId,
|
|
});
|
|
|
|
const res = await server.post('/api/groups.add_user', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
userId: user.id,
|
|
},
|
|
});
|
|
|
|
const users = await group.getUsers();
|
|
expect(res.status).toEqual(200);
|
|
expect(users.length).toEqual(1);
|
|
});
|
|
|
|
it('should require authentication', async () => {
|
|
const res = await server.post('/api/groups.add_user');
|
|
expect(res.status).toEqual(401);
|
|
});
|
|
|
|
it('should require user in team', async () => {
|
|
const user = await buildUser({ isAdmin: true });
|
|
const group = await buildGroup({
|
|
teamId: user.teamId,
|
|
});
|
|
const anotherUser = await buildUser();
|
|
|
|
const res = await server.post('/api/groups.add_user', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
userId: anotherUser.id,
|
|
},
|
|
});
|
|
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(403);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
|
|
it('should require admin', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup({
|
|
teamId: user.teamId,
|
|
});
|
|
const anotherUser = await buildUser({ teamId: user.teamId });
|
|
|
|
const res = await server.post('/api/groups.add_user', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
userId: anotherUser.id,
|
|
},
|
|
});
|
|
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(403);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
});
|
|
|
|
describe('#groups.remove_user', async () => {
|
|
it('should remove user from group', async () => {
|
|
const user = await buildUser({ isAdmin: true });
|
|
const group = await buildGroup({
|
|
teamId: user.teamId,
|
|
});
|
|
|
|
await server.post('/api/groups.add_user', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
userId: user.id,
|
|
},
|
|
});
|
|
|
|
const users = await group.getUsers();
|
|
expect(users.length).toEqual(1);
|
|
|
|
const res = await server.post('/api/groups.remove_user', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
userId: user.id,
|
|
},
|
|
});
|
|
|
|
const users1 = await group.getUsers();
|
|
expect(res.status).toEqual(200);
|
|
expect(users1.length).toEqual(0);
|
|
});
|
|
|
|
it('should require authentication', async () => {
|
|
const res = await server.post('/api/groups.remove_user');
|
|
|
|
expect(res.status).toEqual(401);
|
|
});
|
|
|
|
it('should require user in team', async () => {
|
|
const user = await buildUser({ isAdmin: true });
|
|
const group = await buildGroup({
|
|
teamId: user.teamId,
|
|
});
|
|
const anotherUser = await buildUser();
|
|
|
|
const res = await server.post('/api/groups.remove_user', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
userId: anotherUser.id,
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(403);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
|
|
it('should require admin', async () => {
|
|
const user = await buildUser();
|
|
const group = await buildGroup({
|
|
teamId: user.teamId,
|
|
});
|
|
const anotherUser = await buildUser({
|
|
teamId: user.teamId,
|
|
});
|
|
|
|
const res = await server.post('/api/groups.remove_user', {
|
|
body: {
|
|
token: user.getJwtToken(),
|
|
id: group.id,
|
|
userId: anotherUser.id,
|
|
},
|
|
});
|
|
const body = await res.json();
|
|
|
|
expect(res.status).toEqual(403);
|
|
expect(body).toMatchSnapshot();
|
|
});
|
|
});
|