1
0
Fork 0

Users list only available when use is authenticated

And has a special right
This commit is contained in:
Chocobozzz 2017-11-29 13:18:05 +01:00
parent 165cdc75bf
commit 86d13ec2aa
No known key found for this signature in database
GPG key ID: 583A612D890159BE
5 changed files with 35 additions and 9 deletions

View file

@ -77,7 +77,7 @@ app.use(morgan('combined', {
}))
// For body requests
app.use(bodyParser.json({
type: 'application/*+json',
type: [ 'application/json', 'application/*+json' ],
limit: '500kb'
}))
app.use(bodyParser.urlencoded({ extended: false }))

View file

@ -48,6 +48,8 @@ usersRouter.get('/me/videos/:videoId/rating',
)
usersRouter.get('/',
authenticate,
ensureUserHasRight(UserRight.MANAGE_USERS),
paginationValidator,
usersSortValidator,
setUsersSort,

View file

@ -67,6 +67,7 @@ describe('Test users API validators', function () {
.get(path)
.query({ start: 'hello' })
.set('Accept', 'application/json')
.set('Authorization', 'Bearer ' + server.accessToken)
.expect(400)
})
@ -75,6 +76,7 @@ describe('Test users API validators', function () {
.get(path)
.query({ count: 'hello' })
.set('Accept', 'application/json')
.set('Authorization', 'Bearer ' + server.accessToken)
.expect(400)
})
@ -83,8 +85,24 @@ describe('Test users API validators', function () {
.get(path)
.query({ sort: 'hello' })
.set('Accept', 'application/json')
.set('Authorization', 'Bearer ' + server.accessToken)
.expect(400)
})
it('Should fail with a non authenticated user', async function () {
await request(server.url)
.get(path)
.set('Accept', 'application/json')
.expect(401)
})
it('Should fail with a non admin user', async function () {
await request(server.url)
.get(path)
.set('Accept', 'application/json')
.set('Authorization', 'Bearer ' + userAccessToken)
.expect(403)
})
})
describe('When adding a new user', function () {
@ -354,7 +372,7 @@ describe('Test users API validators', function () {
describe('When updating a user', function () {
before(async function () {
const res = await getUsersList(server.url)
const res = await getUsersList(server.url, server.accessToken)
userId = res.body.data[1].id
rootId = res.body.data[2].id

View file

@ -1,4 +1,5 @@
/* tslint:disable:no-unused-expression */
import * as chai from 'chai'
import 'mocha'
import { UserRole } from '../../../shared'
@ -28,6 +29,7 @@ import {
} from '../utils'
import { follow } from '../utils/follows'
import { getMyVideos } from '../utils/videos'
import { setAccessTokensToServers } from '../utils/login'
const expect = chai.expect
@ -43,6 +45,8 @@ describe('Test users', function () {
await flushTests()
server = await runServer(1)
await setAccessTokensToServers([ server ])
})
it('Should create a new client')
@ -242,7 +246,7 @@ describe('Test users', function () {
})
it('Should list all the users', async function () {
const res = await getUsersList(server.url)
const res = await getUsersList(server.url, server.accessToken)
const result = res.body
const total = result.total
const users = result.data
@ -280,7 +284,7 @@ describe('Test users', function () {
})
it('Should list only the first user by username asc', async function () {
const res = await getUsersListPaginationAndSort(server.url, 0, 1, 'username')
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
const result = res.body
const total = result.total
@ -307,7 +311,7 @@ describe('Test users', function () {
})
it('Should list only the first user by username desc', async function () {
const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-username')
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
const result = res.body
const total = result.total
const users = result.data
@ -330,7 +334,7 @@ describe('Test users', function () {
})
it('Should list only the second user by createdAt desc', async function () {
const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-createdAt')
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
const result = res.body
const total = result.total
const users = result.data
@ -353,7 +357,7 @@ describe('Test users', function () {
})
it('Should list all the users by createdAt asc', async function () {
const res = await getUsersListPaginationAndSort(server.url, 0, 2, 'createdAt')
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
const result = res.body
const total = result.total
const users = result.data

View file

@ -76,17 +76,18 @@ function getUserVideoRating (url: string, accessToken: string, videoId: number)
.expect('Content-Type', /json/)
}
function getUsersList (url: string) {
function getUsersList (url: string, accessToken: string) {
const path = '/api/v1/users'
return request(url)
.get(path)
.set('Accept', 'application/json')
.set('Authorization', 'Bearer ' + accessToken)
.expect(200)
.expect('Content-Type', /json/)
}
function getUsersListPaginationAndSort (url: string, start: number, count: number, sort: string) {
function getUsersListPaginationAndSort (url: string, accessToken: string, start: number, count: number, sort: string) {
const path = '/api/v1/users'
return request(url)
@ -95,6 +96,7 @@ function getUsersListPaginationAndSort (url: string, start: number, count: numbe
.query({ count })
.query({ sort })
.set('Accept', 'application/json')
.set('Authorization', 'Bearer ' + accessToken)
.expect(200)
.expect('Content-Type', /json/)
}