test remove user from group mutation

backend/src/graphql/groups.js

@@ -150,6 +150,19 @@ export const changeGroupMemberRoleMutation = () => {
   `
 }
 
+export const removeUserFromGroupMutation = () => {
+  return gql`
+    mutation ($groupId: ID!, $userId: ID!) {
+      RemoveUserFromGroup(groupId: $groupId, userId: $userId) {
+        id
+        name
+        slug
+        myRoleInGroup
+      }
+    }
+  `
+}
+
 // ------ queries
 
 export const groupQuery = () => {

backend/src/middleware/permissionsMiddleware.js

@@ -271,19 +271,25 @@ const canRemoveUserFromGroup = rule({
       { currentUserId, groupId, userId },
     )
     return {
-      currentUserRole: transactionResponse.records.map((record) => record.get('currentUserRole'))[0],
+      currentUserRole: transactionResponse.records.map((record) =>
+        record.get('currentUserRole'),
+      )[0],
       userRole: transactionResponse.records.map((record) => record.get('userRole'))[0],
     }
   })
   try {
     const { currentUserRole, userRole } = await readTxPromise
-    return currentUserRole && ['admin', 'owner'].includes(currentUserRole)
-      && userRole && userRole !== 'owner'
+    return (
+      currentUserRole &&
+      ['admin', 'owner'].includes(currentUserRole) &&
+      userRole &&
+      userRole !== 'owner'
+    )
   } catch (error) {
     throw new Error(error)
   } finally {
     session.close()
-  }  
+  }
 })
 
 const canCommentPost = rule({

backend/src/schema/resolvers/groups.spec.js

@@ -6,6 +6,7 @@ import {
   joinGroupMutation,
   leaveGroupMutation,
   changeGroupMemberRoleMutation,
+  removeUserFromGroupMutation,
   groupMembersQuery,
   groupQuery,
 } from '../../graphql/groups'
@@ -196,7 +197,6 @@ const seedComplexScenarioAndClearAuthentication = async () => {
     },
   })
   // hidden-group
-  authenticatedUser = await adminMemberUser.toJson()
   await mutate({
     mutation: createGroupMutation(),
     variables: {
@@ -214,32 +214,17 @@ const seedComplexScenarioAndClearAuthentication = async () => {
     mutation: changeGroupMemberRoleMutation(),
     variables: {
       groupId: 'hidden-group',
-      userId: 'admin-member-user',
-      roleInGroup: 'usual',
-    },
-  })
-  await mutate({
-    mutation: changeGroupMemberRoleMutation(),
-    variables: {
-      groupId: 'hidden-group',
-      userId: 'second-owner-member-user',
+      userId: 'usual-member-user',
       roleInGroup: 'usual',
     },
   })
+
   await mutate({
     mutation: changeGroupMemberRoleMutation(),
     variables: {
       groupId: 'hidden-group',
       userId: 'admin-member-user',
-      roleInGroup: 'usual',
-    },
-  })
-  await mutate({
-    mutation: changeGroupMemberRoleMutation(),
-    variables: {
-      groupId: 'hidden-group',
-      userId: 'second-owner-member-user',
-      roleInGroup: 'usual',
+      roleInGroup: 'admin',
     },
   })
 
@@ -251,7 +236,7 @@ beforeAll(async () => {
 })
 
 afterAll(async () => {
-  await cleanDatabase()
+  // await cleanDatabase()
   driver.close()
 })
 
@@ -2982,4 +2967,171 @@ describe('in mode', () => {
       })
     })
   })
+
+  describe('RemoveUserFromGroup', () => {
+    beforeAll(async () => {
+      await seedComplexScenarioAndClearAuthentication()
+    })
+
+    afterEach(async () => {
+      // await cleanDatabase()
+    })
+
+    describe('unauthenticated', () => {
+      it('throws an error', async () => {
+        await expect(
+          mutate({
+            mutation: removeUserFromGroupMutation(),
+            variables: {
+              groupId: 'hidden-group',
+              userId: 'usual-member-user',
+            },
+          }),
+        ).resolves.toMatchObject({
+          errors: expect.arrayContaining([
+            expect.objectContaining({
+              message: 'Not Authorized!',
+            }),
+          ]),
+        })
+      })
+    })
+
+    describe('authenticated', () => {
+      describe('as usual member', () => {
+        it('throws an error', async () => {
+          authenticatedUser = await usualMemberUser.toJson()
+          await expect(
+            mutate({
+              mutation: removeUserFromGroupMutation(),
+              variables: {
+                groupId: 'hidden-group',
+                userId: 'admin-member-user',
+              },
+            }),
+          ).resolves.toMatchObject({
+            errors: expect.arrayContaining([
+              expect.objectContaining({
+                message: 'Not Authorized!',
+              }),
+            ]),
+          })
+        })
+      })
+
+      describe('as owner', () => {
+        beforeEach(async () => {
+          authenticatedUser = await ownerMemberUser.toJson()
+        })
+
+        it('removes the user from the group', async () => {
+          await expect(
+            mutate({
+              mutation: removeUserFromGroupMutation(),
+              variables: {
+                groupId: 'hidden-group',
+                userId: 'usual-member-user',
+              },
+            }),
+          ).resolves.toMatchObject({
+            data: {
+              RemoveUserFromGroup: expect.objectContaining({
+                id: 'usual-member-user',
+                myRoleInGroup: null,
+              }),
+            },
+            errors: undefined,
+          })
+        })
+
+        it('cannot remove self', async () => {
+          await expect(
+            mutate({
+              mutation: removeUserFromGroupMutation(),
+              variables: {
+                groupId: 'hidden-group',
+                userId: 'owner-member-user',
+              },
+            }),
+          ).resolves.toMatchObject({
+            errors: expect.arrayContaining([
+              expect.objectContaining({
+                message: 'Not Authorized!',
+              }),
+            ]),
+          })
+        })
+      })
+
+      describe('as admin', () => {
+        beforeEach(async () => {
+          authenticatedUser = await adminMemberUser.toJson()
+          await mutate({
+            mutation: changeGroupMemberRoleMutation(),
+            variables: {
+              groupId: 'hidden-group',
+              userId: 'usual-member-user',
+              roleInGroup: 'usual',
+            },
+          })
+        })
+
+        it('removes the user from the group', async () => {
+          await expect(
+            mutate({
+              mutation: removeUserFromGroupMutation(),
+              variables: {
+                groupId: 'hidden-group',
+                userId: 'usual-member-user',
+              },
+            }),
+          ).resolves.toMatchObject({
+            data: {
+              RemoveUserFromGroup: expect.objectContaining({
+                id: 'usual-member-user',
+                myRoleInGroup: null,
+              }),
+            },
+            errors: undefined,
+          })
+        })
+
+        it('cannot remove self', async () => {
+          await expect(
+            mutate({
+              mutation: removeUserFromGroupMutation(),
+              variables: {
+                groupId: 'hidden-group',
+                userId: 'admin-member-user',
+              },
+            }),
+          ).resolves.toMatchObject({
+            errors: expect.arrayContaining([
+              expect.objectContaining({
+                message: 'Not Authorized!',
+              }),
+            ]),
+          })
+        })
+
+        it('cannot remove owner', async () => {
+          await expect(
+            mutate({
+              mutation: removeUserFromGroupMutation(),
+              variables: {
+                groupId: 'hidden-group',
+                userId: 'owner-member-user',
+              },
+            }),
+          ).resolves.toMatchObject({
+            errors: expect.arrayContaining([
+              expect.objectContaining({
+                message: 'Not Authorized!',
+              }),
+            ]),
+          })
+        })
+      })
+    })
+  })
 })