From cd3e2ee8ad2a1a6a0f78589c7bb969dfbeaa76cb Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Fri, 3 Mar 2023 17:29:48 +0100 Subject: [PATCH] test remove user from group mutation --- backend/src/graphql/groups.js | 13 ++ .../src/middleware/permissionsMiddleware.js | 14 +- backend/src/schema/resolvers/groups.spec.js | 192 ++++++++++++++++-- 3 files changed, 195 insertions(+), 24 deletions(-) diff --git a/backend/src/graphql/groups.js b/backend/src/graphql/groups.js index e388b2cd9..a7cfc3351 100644 --- a/backend/src/graphql/groups.js +++ b/backend/src/graphql/groups.js @@ -150,6 +150,19 @@ export const changeGroupMemberRoleMutation = () => { ` } +export const removeUserFromGroupMutation = () => { + return gql` + mutation ($groupId: ID!, $userId: ID!) { + RemoveUserFromGroup(groupId: $groupId, userId: $userId) { + id + name + slug + myRoleInGroup + } + } + ` +} + // ------ queries export const groupQuery = () => { diff --git a/backend/src/middleware/permissionsMiddleware.js b/backend/src/middleware/permissionsMiddleware.js index 7e9f40246..2e04dd4a0 100644 --- a/backend/src/middleware/permissionsMiddleware.js +++ b/backend/src/middleware/permissionsMiddleware.js @@ -271,19 +271,25 @@ const canRemoveUserFromGroup = rule({ { currentUserId, groupId, userId }, ) return { - currentUserRole: transactionResponse.records.map((record) => record.get('currentUserRole'))[0], + currentUserRole: transactionResponse.records.map((record) => + record.get('currentUserRole'), + )[0], userRole: transactionResponse.records.map((record) => record.get('userRole'))[0], } }) try { const { currentUserRole, userRole } = await readTxPromise - return currentUserRole && ['admin', 'owner'].includes(currentUserRole) - && userRole && userRole !== 'owner' + return ( + currentUserRole && + ['admin', 'owner'].includes(currentUserRole) && + userRole && + userRole !== 'owner' + ) } catch (error) { throw new Error(error) } finally { session.close() - } + } }) const canCommentPost = rule({ diff --git a/backend/src/schema/resolvers/groups.spec.js b/backend/src/schema/resolvers/groups.spec.js index 3b84f4b42..e786756ea 100644 --- a/backend/src/schema/resolvers/groups.spec.js +++ b/backend/src/schema/resolvers/groups.spec.js @@ -6,6 +6,7 @@ import { joinGroupMutation, leaveGroupMutation, changeGroupMemberRoleMutation, + removeUserFromGroupMutation, groupMembersQuery, groupQuery, } from '../../graphql/groups' @@ -196,7 +197,6 @@ const seedComplexScenarioAndClearAuthentication = async () => { }, }) // hidden-group - authenticatedUser = await adminMemberUser.toJson() await mutate({ mutation: createGroupMutation(), variables: { @@ -214,32 +214,17 @@ const seedComplexScenarioAndClearAuthentication = async () => { mutation: changeGroupMemberRoleMutation(), variables: { groupId: 'hidden-group', - userId: 'admin-member-user', - roleInGroup: 'usual', - }, - }) - await mutate({ - mutation: changeGroupMemberRoleMutation(), - variables: { - groupId: 'hidden-group', - userId: 'second-owner-member-user', + userId: 'usual-member-user', roleInGroup: 'usual', }, }) + await mutate({ mutation: changeGroupMemberRoleMutation(), variables: { groupId: 'hidden-group', userId: 'admin-member-user', - roleInGroup: 'usual', - }, - }) - await mutate({ - mutation: changeGroupMemberRoleMutation(), - variables: { - groupId: 'hidden-group', - userId: 'second-owner-member-user', - roleInGroup: 'usual', + roleInGroup: 'admin', }, }) @@ -251,7 +236,7 @@ beforeAll(async () => { }) afterAll(async () => { - await cleanDatabase() + // await cleanDatabase() driver.close() }) @@ -2982,4 +2967,171 @@ describe('in mode', () => { }) }) }) + + describe('RemoveUserFromGroup', () => { + beforeAll(async () => { + await seedComplexScenarioAndClearAuthentication() + }) + + afterEach(async () => { + // await cleanDatabase() + }) + + describe('unauthenticated', () => { + it('throws an error', async () => { + await expect( + mutate({ + mutation: removeUserFromGroupMutation(), + variables: { + groupId: 'hidden-group', + userId: 'usual-member-user', + }, + }), + ).resolves.toMatchObject({ + errors: expect.arrayContaining([ + expect.objectContaining({ + message: 'Not Authorized!', + }), + ]), + }) + }) + }) + + describe('authenticated', () => { + describe('as usual member', () => { + it('throws an error', async () => { + authenticatedUser = await usualMemberUser.toJson() + await expect( + mutate({ + mutation: removeUserFromGroupMutation(), + variables: { + groupId: 'hidden-group', + userId: 'admin-member-user', + }, + }), + ).resolves.toMatchObject({ + errors: expect.arrayContaining([ + expect.objectContaining({ + message: 'Not Authorized!', + }), + ]), + }) + }) + }) + + describe('as owner', () => { + beforeEach(async () => { + authenticatedUser = await ownerMemberUser.toJson() + }) + + it('removes the user from the group', async () => { + await expect( + mutate({ + mutation: removeUserFromGroupMutation(), + variables: { + groupId: 'hidden-group', + userId: 'usual-member-user', + }, + }), + ).resolves.toMatchObject({ + data: { + RemoveUserFromGroup: expect.objectContaining({ + id: 'usual-member-user', + myRoleInGroup: null, + }), + }, + errors: undefined, + }) + }) + + it('cannot remove self', async () => { + await expect( + mutate({ + mutation: removeUserFromGroupMutation(), + variables: { + groupId: 'hidden-group', + userId: 'owner-member-user', + }, + }), + ).resolves.toMatchObject({ + errors: expect.arrayContaining([ + expect.objectContaining({ + message: 'Not Authorized!', + }), + ]), + }) + }) + }) + + describe('as admin', () => { + beforeEach(async () => { + authenticatedUser = await adminMemberUser.toJson() + await mutate({ + mutation: changeGroupMemberRoleMutation(), + variables: { + groupId: 'hidden-group', + userId: 'usual-member-user', + roleInGroup: 'usual', + }, + }) + }) + + it('removes the user from the group', async () => { + await expect( + mutate({ + mutation: removeUserFromGroupMutation(), + variables: { + groupId: 'hidden-group', + userId: 'usual-member-user', + }, + }), + ).resolves.toMatchObject({ + data: { + RemoveUserFromGroup: expect.objectContaining({ + id: 'usual-member-user', + myRoleInGroup: null, + }), + }, + errors: undefined, + }) + }) + + it('cannot remove self', async () => { + await expect( + mutate({ + mutation: removeUserFromGroupMutation(), + variables: { + groupId: 'hidden-group', + userId: 'admin-member-user', + }, + }), + ).resolves.toMatchObject({ + errors: expect.arrayContaining([ + expect.objectContaining({ + message: 'Not Authorized!', + }), + ]), + }) + }) + + it('cannot remove owner', async () => { + await expect( + mutate({ + mutation: removeUserFromGroupMutation(), + variables: { + groupId: 'hidden-group', + userId: 'owner-member-user', + }, + }), + ).resolves.toMatchObject({ + errors: expect.arrayContaining([ + expect.objectContaining({ + message: 'Not Authorized!', + }), + ]), + }) + }) + }) + }) + }) })