Add tests, create comments only when authenticated

2025-12-13 07:46:06 +00:00 · 2019-04-16 20:31:34 -03:00 · 2019-04-16 20:31:34 -03:00 · 9bc0c0f92c
commit 9bc0c0f92c
parent dfef4fe05f
3 changed files with 68 additions and 6 deletions
--- a/backend/src/middleware/permissionsMiddleware.js
+++ b/backend/src/middleware/permissionsMiddleware.js
@ -86,7 +86,8 @@ const permissions = shield({
    unshout: isAuthenticated,
    changePassword: isAuthenticated,
    enable: isModerator,
-    disable: isModerator
+    disable: isModerator,
+    CreateComment: isAuthenticated
    // CreateUser: allow,
  },
  User: {
--- a/backend/src/resolvers/comments.js
+++ b/backend/src/resolvers/comments.js
@ -5,7 +5,7 @@ export default {
    CreateComment: async (object, params, context, resolveInfo) => {
      const { postId } = params
      
-      const result = await neo4jgraphql(object, params, context, resolveInfo, true)
+      const comment = await neo4jgraphql(object, params, context, resolveInfo, true)
      
      const session = context.driver.session()
      const transactionRes = await session.run(`
@ -13,12 +13,9 @@ export default {
         MERGE (post)<-[:COMMENTS]-(comment)
         RETURN comment {.id, .content}`, {
          postId,
-          commentId: result.id
+          commentId: comment.id
        }
      )
-      const [comment] = transactionRes.records.map(record => {
-        return record.get('comment')
-      })

      session.close()

--- a/backend/src/resolvers/comments.spec.js
+++ b/backend/src/resolvers/comments.spec.js
@ -0,0 +1,64 @@
+import Factory from '../seed/factories'
+import { GraphQLClient } from 'graphql-request'
+import { host, login } from '../jest/helpers'
+
+const factory = Factory()
+let client
+let variables
+
+beforeEach(async () => {
+  await factory.create('User', {
+    email: 'test@example.org',
+    password: '1234'
+  })
+})
+
+afterEach(async () => {
+  await factory.cleanDatabase()
+})
+
+describe('CreateComment', () => {
+  const mutation = `
+    mutation($id: ID!, $postId: ID!, $content: String!) {
+      CreateComment(id: $id, postId: $postId, content: $content) {
+        id
+        content
+      }
+    }
+  `
+  describe('unauthenticated', () => {
+    it('throws authorization error', async () => {
+      variables = { 
+        id: 'c1', 
+        postId: 'p1', 
+        content: "I'm not authorised to comment"
+      }
+      client = new GraphQLClient(host)
+      await expect(client.request(mutation, variables)).rejects.toThrow('Not Authorised')
+    })
+  })
+
+  describe('authenticated', () => {
+    let headers
+    beforeEach(async () => {
+      headers = await login({ email: 'test@example.org', password: '1234' })
+      client = new GraphQLClient(host, { headers })
+    })
+
+    it('creates a post', async () => {
+      variables = { 
+        id: 'c1', 
+        postId: 'p1', 
+        content: "I'm authorised to comment" 
+      }
+      const expected = {
+        CreateComment: {
+          id: 'c1',
+          content: "I'm authorised to comment"
+        }
+      }
+      
+      await expect(client.request(mutation, variables)).resolves.toMatchObject(expected)
+    })
+  })
+})