From 85d9d7043eef6080673f52db806892e11e2881e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= Date: Tue, 5 Mar 2019 16:19:51 +0100 Subject: [PATCH] Setup isModerator permission for disable relation --- src/middleware/permissionsMiddleware.js | 5 ++- src/resolvers/posts.spec.js | 51 +++++++++++++++++++++++-- 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/src/middleware/permissionsMiddleware.js b/src/middleware/permissionsMiddleware.js index c40803e00..ec2261c5a 100644 --- a/src/middleware/permissionsMiddleware.js +++ b/src/middleware/permissionsMiddleware.js @@ -55,7 +55,10 @@ const permissions = shield({ report: isAuthenticated, CreateBadge: isAdmin, UpdateBadge: isAdmin, - DeleteBadge: isAdmin + DeleteBadge: isAdmin, + + AddPostDisabledBy: isModerator, + RemovePostDisabledBy: isModerator, // addFruitToBasket: isAuthenticated // CreateUser: allow, }, diff --git a/src/resolvers/posts.spec.js b/src/resolvers/posts.spec.js index 1601e3348..cbe836b21 100644 --- a/src/resolvers/posts.spec.js +++ b/src/resolvers/posts.spec.js @@ -214,10 +214,25 @@ describe('AddPostDisabledBy', () => { } } ` - it.todo('throws authorization error') + it('throws authorization error', async () => { + client = new GraphQLClient(host) + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('authenticated', () => { - it.todo('throws authorization error') + let headers + beforeEach(async () => { + await factory.create('User', { + email: 'someUser@example.org', + password: '1234' + }) + headers = await login({ email: 'someUser@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('throws authorization error', async () => { + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('as moderator', () => { it.todo('throws authorization error') @@ -231,10 +246,38 @@ describe('AddPostDisabledBy', () => { }) describe('RemovePostDisabledBy', () => { - it.todo('throws authorization error') + const mutation = ` + mutation { + AddPostDisabledBy(from: { id: "u8" }, to: { id: "p9" }) { + from { + id + } + to { + id + } + } + } + ` + + it('throws authorization error', async () => { + client = new GraphQLClient(host) + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('authenticated', () => { - it.todo('throws authorization error') + let headers + beforeEach(async () => { + await factory.create('User', { + email: 'someUser@example.org', + password: '1234' + }) + headers = await login({ email: 'someUser@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('throws authorization error', async () => { + await expect(client.request(mutation)).rejects.toThrow('Not Authorised') + }) describe('as moderator', () => { it.todo('throws authorization error')