Setup isModerator permission for disable relation

2025-12-13 07:45:56 +00:00 · 2019-03-05 16:19:51 +01:00 · 2019-03-05 16:19:51 +01:00 · 85d9d7043e
commit 85d9d7043e
parent 420ea8a4d6
2 changed files with 51 additions and 5 deletions
--- a/src/middleware/permissionsMiddleware.js
+++ b/src/middleware/permissionsMiddleware.js
@ -55,7 +55,10 @@ const permissions = shield({
    report: isAuthenticated,
    CreateBadge: isAdmin,
    UpdateBadge: isAdmin,
-    DeleteBadge: isAdmin
+    DeleteBadge: isAdmin,
+
+    AddPostDisabledBy: isModerator,
+    RemovePostDisabledBy: isModerator,
    // addFruitToBasket: isAuthenticated
    // CreateUser: allow,
  },
--- a/src/resolvers/posts.spec.js
+++ b/src/resolvers/posts.spec.js
@ -214,10 +214,25 @@ describe('AddPostDisabledBy', () => {
      }
    }
  `
-  it.todo('throws authorization error')
+  it('throws authorization error', async () => {
+    client = new GraphQLClient(host)
+    await expect(client.request(mutation)).rejects.toThrow('Not Authorised')
+  })

  describe('authenticated', () => {
-    it.todo('throws authorization error')
+    let headers
+    beforeEach(async () => {
+      await factory.create('User', {
+        email: 'someUser@example.org',
+        password: '1234'
+      })
+      headers = await login({ email: 'someUser@example.org', password: '1234' })
+      client = new GraphQLClient(host, { headers })
+    })
+
+    it('throws authorization error', async () => {
+      await expect(client.request(mutation)).rejects.toThrow('Not Authorised')
+    })

    describe('as moderator', () => {
      it.todo('throws authorization error')
@ -231,10 +246,38 @@ describe('AddPostDisabledBy', () => {
 })

 describe('RemovePostDisabledBy', () => {
-  it.todo('throws authorization error')
+  const mutation = `
+    mutation {
+      AddPostDisabledBy(from: { id: "u8" }, to: { id: "p9" }) {
+        from {
+          id
+        }
+        to {
+          id
+        }
+      }
+    }
+  `
+
+  it('throws authorization error', async () => {
+    client = new GraphQLClient(host)
+    await expect(client.request(mutation)).rejects.toThrow('Not Authorised')
+  })

  describe('authenticated', () => {
-    it.todo('throws authorization error')
+    let headers
+    beforeEach(async () => {
+      await factory.create('User', {
+        email: 'someUser@example.org',
+        password: '1234'
+      })
+      headers = await login({ email: 'someUser@example.org', password: '1234' })
+      client = new GraphQLClient(host, { headers })
+    })
+
+    it('throws authorization error', async () => {
+      await expect(client.request(mutation)).rejects.toThrow('Not Authorised')
+    })

    describe('as moderator', () => {
      it.todo('throws authorization error')