mirror of
https://github.com/Ocelot-Social-Community/Ocelot-Social.git
synced 2025-12-13 07:46:06 +00:00
change role as admin tests added. current user cannot change own role
This commit is contained in:
Moriz Wahl
parent
d5e227a38a
commit
0af45c0156
@ -247,6 +247,7 @@ export default {
|
|||||||
switchUserRole: async (object, args, context, resolveInfo) => {
|
switchUserRole: async (object, args, context, resolveInfo) => {
|
||||||
const { role, id } = args
|
const { role, id } = args
|
||||||
|
|
||||||
|
if (context.user.id === id) throw new Error('you-cannot-change-your-own-role')
|
||||||
const session = context.driver.session()
|
const session = context.driver.session()
|
||||||
const writeTxResultPromise = session.writeTransaction(async (transaction) => {
|
const writeTxResultPromise = session.writeTransaction(async (transaction) => {
|
||||||
const switchUserRoleResponse = await transaction.run(
|
const switchUserRoleResponse = await transaction.run(
|
||||||
|
|||||||
@ -45,6 +45,18 @@ const deleteUserMutation = gql`
|
|||||||
}
|
}
|
||||||
`
|
`
|
||||||
|
|
||||||
|
const switchUserRoleMutation = gql`
|
||||||
|
mutation($role: UserGroup!, $id: ID!) {
|
||||||
|
switchUserRole(role: $role, id: $id) {
|
||||||
|
name
|
||||||
|
role
|
||||||
|
id
|
||||||
|
updatedAt
|
||||||
|
email
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`
|
||||||
|
|
||||||
beforeAll(() => {
|
beforeAll(() => {
|
||||||
const { server } = createServer({
|
const { server } = createServer({
|
||||||
context: () => {
|
context: () => {
|
||||||
@ -458,3 +470,71 @@ describe('Delete a User as admin', () => {
|
|||||||
})
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
|
describe('switch user role', () => {
|
||||||
|
beforeEach(async () => {
|
||||||
|
user = await Factory.build('user', {
|
||||||
|
id: 'user',
|
||||||
|
role: 'user',
|
||||||
|
})
|
||||||
|
admin = await Factory.build('user', {
|
||||||
|
role: 'admin',
|
||||||
|
id: 'admin',
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
describe('as simple user', () => {
|
||||||
|
it('cannot change the role', async () => {
|
||||||
|
authenticatedUser = await user.toJson()
|
||||||
|
variables = {
|
||||||
|
id: 'user',
|
||||||
|
role: 'admin',
|
||||||
|
}
|
||||||
|
await expect(mutate({ mutation: switchUserRoleMutation, variables })).resolves.toEqual(
|
||||||
|
expect.objectContaining({
|
||||||
|
errors: [
|
||||||
|
expect.objectContaining({
|
||||||
|
message: 'Not Authorised!',
|
||||||
|
}),
|
||||||
|
],
|
||||||
|
}),
|
||||||
|
)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
describe('as admin', () => {
|
||||||
|
it('changes the role of other user', async () => {
|
||||||
|
authenticatedUser = await admin.toJson()
|
||||||
|
variables = {
|
||||||
|
id: 'user',
|
||||||
|
role: 'moderator',
|
||||||
|
}
|
||||||
|
await expect(mutate({ mutation: switchUserRoleMutation, variables })).resolves.toEqual(
|
||||||
|
expect.objectContaining({
|
||||||
|
data: {
|
||||||
|
switchUserRole: expect.objectContaining({
|
||||||
|
role: 'moderator',
|
||||||
|
}),
|
||||||
|
},
|
||||||
|
}),
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
|
it('cannot change own role', async () => {
|
||||||
|
authenticatedUser = await admin.toJson()
|
||||||
|
variables = {
|
||||||
|
id: 'admin',
|
||||||
|
role: 'moderator',
|
||||||
|
}
|
||||||
|
await expect(mutate({ mutation: switchUserRoleMutation, variables })).resolves.toEqual(
|
||||||
|
expect.objectContaining({
|
||||||
|
errors: [
|
||||||
|
expect.objectContaining({
|
||||||
|
message: 'you-cannot-change-your-own-role',
|
||||||
|
}),
|
||||||
|
],
|
||||||
|
}),
|
||||||
|
)
|
||||||
|
})
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user