diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js index c40803e00..ec2261c5a 100644 --- a/src/middleware/permissionsMiddleware.js +++ b/src/middleware/permissionsMiddleware.js @@ -55,7 +55,10 @@ const permissions = shield({ report: isAuthenticated, CreateBadge: isAdmin, UpdateBadge: isAdmin, - DeleteBadge: isAdmin + DeleteBadge: isAdmin, + + AddPostDisabledBy: isModerator, + RemovePostDisabledBy: isModerator, // addFruitToBasket: isAuthenticated // CreateUser: allow, }, diff --git a/src/resolvers/posts.spec.js b/src/resolvers/posts.spec.js index 1601e3348..cbe836b21 100644 --- a/src/resolvers/posts.spec.js +++ b/src/resolvers/posts.spec.js @@ -214,10 +214,25 @@ describe('AddPostDisabledBy', () => { } } ` - it.todo('throws authorization error') + it('throws authorization error', async () => { + client = new GraphQLClient(host) + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('authenticated', () => { - it.todo('throws authorization error') + let headers + beforeEach(async () => { + await factory.create('User', { + email: 'someUser@example.org', + password: '1234' + }) + headers = await login({ email: 'someUser@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('throws authorization error', async () => { + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('as moderator', () => { it.todo('throws authorization error') @@ -231,10 +246,38 @@ describe('AddPostDisabledBy', () => { }) describe('RemovePostDisabledBy', () => { - it.todo('throws authorization error') + const mutation = ` + mutation { + AddPostDisabledBy(from: { id: "u8" }, to: { id: "p9" }) { + from { + id + } + to { + id + } + } + } + ` + + it('throws authorization error', async () => { + client = new GraphQLClient(host) + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('authenticated', () => { - it.todo('throws authorization error') + let headers + beforeEach(async () => { + await factory.create('User', { + email: 'someUser@example.org', + password: '1234' + }) + headers = await login({ email: 'someUser@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('throws authorization error', async () => { + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('as moderator', () => { it.todo('throws authorization error')