IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3063 from Human-Connection/3038-Delete_user_as_admin_through_API_only

Browse Source 
feature: Delete_user_as_admin_through_API_only
This commit is contained in:
Robert Schäfer 2020-03-10 19:17:00 +01:00 committed by GitHub
commit c4398fea2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 540 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/middleware/permissionsMiddleware.js
View File

@ -133,7 +133,7 @@ export default shield(
CreateComment: isAuthenticated,
UpdateComment: isAuthor,
DeleteComment: isAuthor,
DeleteUser: isDeletingOwnAccount,
DeleteUser: or(isDeletingOwnAccount, isAdmin),
requestPasswordReset: allow,
resetPassword: allow,
AddPostEmotions: isAuthenticated,

5
backend/src/schema/resolvers/users.js
View File

@ -175,6 +175,7 @@ export default {
DeleteUser: async (object, params, context, resolveInfo) => {
const { resource } = params
const session = context.driver.session()
const { id: userId } = params
try {
if (resource && resource.length) {
await session.writeTransaction(transaction => {
@ -190,7 +191,7 @@ export default {
RETURN author
`,
{
userId: context.user.id,
userId,
},
)
})
@ -212,7 +213,7 @@ export default {
DETACH DELETE socialMedia
RETURN user
`,
{ userId: context.user.id },
{ userId },
)
log(deleteUserTransactionResponse)
return deleteUserTransactionResponse.records.map(record => record.get('user').properties)

733
backend/src/schema/resolvers/users.spec.js
View File

@ -273,189 +273,142 @@ describe('DeleteUser', () => {
}
}
`
beforeEach(async () => {
variables = { id: ' u343', resource: [] }
describe('as another user', () => {
beforeEach(async () => {
variables = { id: ' u343', resource: [] }
user = await Factory.build('user', {
name: 'My name should be deleted',
about: 'along with my about',
id: 'u343',
user = await Factory.build('user', {
name: 'My name should be deleted',
about: 'along with my about',
id: 'u343',
})
})
await Factory.build(
'user',
{
id: 'not-my-account',
},
{
email: 'friends-account@example.org',
},
)
})
describe('unauthenticated', () => {
it('throws authorization error', async () => {
beforeEach(async () => {
const anotherUser = await Factory.build(
'user',
{
role: 'user',
},
{
email: 'user@example.org',
password: '1234',
},
)
authenticatedUser = await anotherUser.toJson()
})
it("an ordinary user has no authorization to delete another user's account", async () => {
const { errors } = await mutate({ mutation: deleteUserMutation, variables })
expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
})
})
describe('authenticated', () => {
describe('as moderator', () => {
beforeEach(async () => {
authenticatedUser = await user.toJson()
})
variables = { id: ' u343', resource: [] }
describe("attempting to delete another user's account", () => {
beforeEach(() => {
variables = { ...variables, id: 'not-my-account' }
})
it('throws an authorization error', async () => {
const { errors } = await mutate({ mutation: deleteUserMutation, variables })
expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
user = await Factory.build('user', {
name: 'My name should be deleted',
about: 'along with my about',
id: 'u343',
})
})
describe('attempting to delete my own account', () => {
beforeEach(() => {
variables = { ...variables, id: 'u343' }
beforeEach(async () => {
const moderator = await Factory.build(
'user',
{
role: 'moderator',
},
{
email: 'moderator@example.org',
password: '1234',
},
)
authenticatedUser = await moderator.toJson()
})
it('moderator is not allowed to delete other user accounts', async () => {
const { errors } = await mutate({ mutation: deleteUserMutation, variables })
expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
})
})
describe('as admin', () => {
beforeEach(async () => {
variables = { id: ' u343', resource: [] }
user = await Factory.build('user', {
name: 'My name should be deleted',
about: 'along with my about',
id: 'u343',
})
})
describe('authenticated as Admin', () => {
beforeEach(async () => {
const admin = await Factory.build(
'user',
{
role: 'admin',
},
{
email: 'admin@example.org',
password: '1234',
},
)
authenticatedUser = await admin.toJson()
})
describe('given posts and comments', () => {
beforeEach(async () => {
await Factory.build('category', {
id: 'cat9',
name: 'Democracy & Politics',
icon: 'university',
})
await Factory.build(
'post',
{
id: 'p139',
content: 'Post by user u343',
},
{
author: user,
categoryIds,
},
)
await Factory.build(
'comment',
{
id: 'c155',
content: 'Comment by user u343',
},
{
author: user,
},
)
await Factory.build(
'comment',
{
id: 'c156',
content: "A comment by someone else on user u343's post",
},
{
postId: 'p139',
},
)
describe('deleting a user account', () => {
beforeEach(() => {
variables = { ...variables, id: 'u343' }
})
it("deletes my account, but doesn't delete posts or comments by default", async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'Post by user u343',
contentExcerpt: 'Post by user u343',
deleted: false,
comments: [
{
id: 'c156',
content: "A comment by someone else on user u343's post",
contentExcerpt: "A comment by someone else on user u343's post",
deleted: false,
},
],
},
],
comments: [
{
id: 'c155',
content: 'Comment by user u343',
contentExcerpt: 'Comment by user u343',
deleted: false,
},
],
},
},
errors: undefined,
}
await expect(mutate({ mutation: deleteUserMutation, variables })).resolves.toMatchObject(
expectedResponse,
)
})
describe('deletion of all post requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Post'] }
})
describe("marks user's posts as deleted", () => {
it('posts on request', async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
comments: [
{
id: 'c156',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
],
comments: [
{
id: 'c155',
content: 'Comment by user u343',
contentExcerpt: 'Comment by user u343',
deleted: false,
},
],
},
},
errors: undefined,
}
await expect(
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
describe('given posts and comments', () => {
beforeEach(async () => {
await Factory.build('category', {
id: 'cat9',
name: 'Democracy & Politics',
icon: 'university',
})
})
})
describe('deletion of all comments requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Comment'] }
await Factory.build(
'post',
{
id: 'p139',
content: 'Post by user u343',
},
{
author: user,
categoryIds,
},
)
await Factory.build(
'comment',
{
id: 'c155',
content: 'Comment by user u343',
},
{
author: user,
},
)
await Factory.build(
'comment',
{
id: 'c156',
content: "A comment by someone else on user u343's post",
},
{
postId: 'p139',
},
)
})
it('marks comments as deleted', async () => {
it("deletes account, but doesn't delete posts or comments by default", async () => {
const expectedResponse = {
data: {
DeleteUser: {
@ -482,9 +435,9 @@ describe('DeleteUser', () => {
comments: [
{
id: 'c155',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
content: 'Comment by user u343',
contentExcerpt: 'Comment by user u343',
deleted: false,
},
],
},
@ -495,14 +448,257 @@ describe('DeleteUser', () => {
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
describe('deletion of all post and comments requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Post', 'Comment'] }
describe('deletion of all post requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Post'] }
})
describe("marks user's posts as deleted", () => {
it('on request', async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
comments: [
{
id: 'c156',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
],
comments: [
{
id: 'c155',
content: 'Comment by user u343',
contentExcerpt: 'Comment by user u343',
deleted: false,
},
],
},
},
errors: undefined,
}
await expect(
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
})
it('marks posts and comments as deleted', async () => {
describe('deletion of all comments requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Comment'] }
})
it('marks comments as deleted', async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'Post by user u343',
contentExcerpt: 'Post by user u343',
deleted: false,
comments: [
{
id: 'c156',
content: "A comment by someone else on user u343's post",
contentExcerpt: "A comment by someone else on user u343's post",
deleted: false,
},
],
},
],
comments: [
{
id: 'c155',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
},
errors: undefined,
}
await expect(
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
describe('deletion of all posts and comments requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Post', 'Comment'] }
})
it('marks posts and comments as deleted', async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
comments: [
{
id: 'c156',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
],
comments: [
{
id: 'c155',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
},
errors: undefined,
}
await expect(
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
})
describe('connected `EmailAddress` nodes', () => {
it('will be removed completely', async () => {
await expect(neode.all('EmailAddress')).resolves.toHaveLength(2)
await mutate({ mutation: deleteUserMutation, variables })
await expect(neode.all('EmailAddress')).resolves.toHaveLength(1)
})
})
describe('connected `SocialMedia` nodes', () => {
beforeEach(async () => {
const socialMedia = await Factory.build('socialMedia')
await socialMedia.relateTo(user, 'ownedBy')
})
it('will be removed completely', async () => {
await expect(neode.all('SocialMedia')).resolves.toHaveLength(1)
await mutate({ mutation: deleteUserMutation, variables })
await expect(neode.all('SocialMedia')).resolves.toHaveLength(0)
})
})
})
})
})
describe('user deletes his own account', () => {
beforeEach(async () => {
variables = { id: 'u343', resource: [] }
user = await Factory.build('user', {
name: 'My name should be deleted',
about: 'along with my about',
id: 'u343',
})
await Factory.build(
'user',
{
id: 'not-my-account',
},
{
email: 'friends-account@example.org',
},
)
})
describe('authenticated', () => {
beforeEach(async () => {
authenticatedUser = await user.toJson()
})
describe("attempting to delete another user's account", () => {
beforeEach(() => {
variables = { ...variables, id: 'not-my-account' }
})
it('throws an authorization error', async () => {
const { errors } = await mutate({ mutation: deleteUserMutation, variables })
expect(errors[0]).toHaveProperty('message', 'Not Authorised!')
})
})
describe('attempting to delete my own account', () => {
beforeEach(() => {
variables = { ...variables, id: 'u343' }
})
describe('given posts and comments', () => {
beforeEach(async () => {
await Factory.build('category', {
id: 'cat9',
name: 'Democracy & Politics',
icon: 'university',
})
await Factory.build(
'post',
{
id: 'p139',
content: 'Post by user u343',
},
{
author: user,
categoryIds,
},
)
await Factory.build(
'comment',
{
id: 'c155',
content: 'Comment by user u343',
},
{
author: user,
},
)
await Factory.build(
'comment',
{
id: 'c156',
content: "A comment by someone else on user u343's post",
},
{
postId: 'p139',
},
)
})
it("deletes my account, but doesn't delete posts or comments by default", async () => {
const expectedResponse = {
data: {
DeleteUser: {
@ -513,15 +709,15 @@ describe('DeleteUser', () => {
contributions: [
{
id: 'p139',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
content: 'Post by user u343',
contentExcerpt: 'Post by user u343',
deleted: false,
comments: [
{
id: 'c156',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
content: "A comment by someone else on user u343's post",
contentExcerpt: "A comment by someone else on user u343's post",
deleted: false,
},
],
},
@ -529,9 +725,9 @@ describe('DeleteUser', () => {
comments: [
{
id: 'c155',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
content: 'Comment by user u343',
contentExcerpt: 'Comment by user u343',
deleted: false,
},
],
},
@ -542,27 +738,170 @@ describe('DeleteUser', () => {
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
})
describe('connected `EmailAddress` nodes', () => {
it('will be removed completely', async () => {
await expect(neode.all('EmailAddress')).resolves.toHaveLength(2)
await mutate({ mutation: deleteUserMutation, variables })
await expect(neode.all('EmailAddress')).resolves.toHaveLength(1)
})
})
describe('deletion of all post requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Post'] }
})
describe('connected `SocialMedia` nodes', () => {
beforeEach(async () => {
const socialMedia = await Factory.build('socialMedia')
await socialMedia.relateTo(user, 'ownedBy')
describe("marks user's posts as deleted", () => {
it('posts on request', async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
comments: [
{
id: 'c156',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
],
comments: [
{
id: 'c155',
content: 'Comment by user u343',
contentExcerpt: 'Comment by user u343',
deleted: false,
},
],
},
},
errors: undefined,
}
await expect(
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
})
describe('deletion of all comments requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Comment'] }
})
it('marks comments as deleted', async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'Post by user u343',
contentExcerpt: 'Post by user u343',
deleted: false,
comments: [
{
id: 'c156',
content: "A comment by someone else on user u343's post",
contentExcerpt: "A comment by someone else on user u343's post",
deleted: false,
},
],
},
],
comments: [
{
id: 'c155',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
},
errors: undefined,
}
await expect(
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
describe('deletion of all post and comments requested', () => {
beforeEach(() => {
variables = { ...variables, resource: ['Post', 'Comment'] }
})
it('marks posts and comments as deleted', async () => {
const expectedResponse = {
data: {
DeleteUser: {
id: 'u343',
name: 'UNAVAILABLE',
about: 'UNAVAILABLE',
deleted: true,
contributions: [
{
id: 'p139',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
comments: [
{
id: 'c156',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
],
comments: [
{
id: 'c155',
content: 'UNAVAILABLE',
contentExcerpt: 'UNAVAILABLE',
deleted: true,
},
],
},
},
errors: undefined,
}
await expect(
mutate({ mutation: deleteUserMutation, variables }),
).resolves.toMatchObject(expectedResponse)
})
})
})
it('will be removed completely', async () => {
await expect(neode.all('SocialMedia')).resolves.toHaveLength(1)
await mutate({ mutation: deleteUserMutation, variables })
await expect(neode.all('SocialMedia')).resolves.toHaveLength(0)
describe('connected `EmailAddress` nodes', () => {
it('will be removed completely', async () => {
await expect(neode.all('EmailAddress')).resolves.toHaveLength(2)
await mutate({ mutation: deleteUserMutation, variables })
await expect(neode.all('EmailAddress')).resolves.toHaveLength(1)
})
})
describe('connected `SocialMedia` nodes', () => {
beforeEach(async () => {
const socialMedia = await Factory.build('socialMedia')
await socialMedia.relateTo(user, 'ownedBy')
})
it('will be removed completely', async () => {
await expect(neode.all('SocialMedia')).resolves.toHaveLength(1)
await mutate({ mutation: deleteUserMutation, variables })
await expect(neode.all('SocialMedia')).resolves.toHaveLength(0)
})
})
})
})