Users list only available when use is authenticated
And has a special right
This commit is contained in:
parent
165cdc75bf
commit
86d13ec2aa
5 changed files with 35 additions and 9 deletions
|
@ -77,7 +77,7 @@ app.use(morgan('combined', {
|
|||
}))
|
||||
// For body requests
|
||||
app.use(bodyParser.json({
|
||||
type: 'application/*+json',
|
||||
type: [ 'application/json', 'application/*+json' ],
|
||||
limit: '500kb'
|
||||
}))
|
||||
app.use(bodyParser.urlencoded({ extended: false }))
|
||||
|
|
|
@ -48,6 +48,8 @@ usersRouter.get('/me/videos/:videoId/rating',
|
|||
)
|
||||
|
||||
usersRouter.get('/',
|
||||
authenticate,
|
||||
ensureUserHasRight(UserRight.MANAGE_USERS),
|
||||
paginationValidator,
|
||||
usersSortValidator,
|
||||
setUsersSort,
|
||||
|
|
|
@ -67,6 +67,7 @@ describe('Test users API validators', function () {
|
|||
.get(path)
|
||||
.query({ start: 'hello' })
|
||||
.set('Accept', 'application/json')
|
||||
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||
.expect(400)
|
||||
})
|
||||
|
||||
|
@ -75,6 +76,7 @@ describe('Test users API validators', function () {
|
|||
.get(path)
|
||||
.query({ count: 'hello' })
|
||||
.set('Accept', 'application/json')
|
||||
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||
.expect(400)
|
||||
})
|
||||
|
||||
|
@ -83,8 +85,24 @@ describe('Test users API validators', function () {
|
|||
.get(path)
|
||||
.query({ sort: 'hello' })
|
||||
.set('Accept', 'application/json')
|
||||
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||
.expect(400)
|
||||
})
|
||||
|
||||
it('Should fail with a non authenticated user', async function () {
|
||||
await request(server.url)
|
||||
.get(path)
|
||||
.set('Accept', 'application/json')
|
||||
.expect(401)
|
||||
})
|
||||
|
||||
it('Should fail with a non admin user', async function () {
|
||||
await request(server.url)
|
||||
.get(path)
|
||||
.set('Accept', 'application/json')
|
||||
.set('Authorization', 'Bearer ' + userAccessToken)
|
||||
.expect(403)
|
||||
})
|
||||
})
|
||||
|
||||
describe('When adding a new user', function () {
|
||||
|
@ -354,7 +372,7 @@ describe('Test users API validators', function () {
|
|||
describe('When updating a user', function () {
|
||||
|
||||
before(async function () {
|
||||
const res = await getUsersList(server.url)
|
||||
const res = await getUsersList(server.url, server.accessToken)
|
||||
|
||||
userId = res.body.data[1].id
|
||||
rootId = res.body.data[2].id
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
/* tslint:disable:no-unused-expression */
|
||||
|
||||
import * as chai from 'chai'
|
||||
import 'mocha'
|
||||
import { UserRole } from '../../../shared'
|
||||
|
@ -28,6 +29,7 @@ import {
|
|||
} from '../utils'
|
||||
import { follow } from '../utils/follows'
|
||||
import { getMyVideos } from '../utils/videos'
|
||||
import { setAccessTokensToServers } from '../utils/login'
|
||||
|
||||
const expect = chai.expect
|
||||
|
||||
|
@ -43,6 +45,8 @@ describe('Test users', function () {
|
|||
|
||||
await flushTests()
|
||||
server = await runServer(1)
|
||||
|
||||
await setAccessTokensToServers([ server ])
|
||||
})
|
||||
|
||||
it('Should create a new client')
|
||||
|
@ -242,7 +246,7 @@ describe('Test users', function () {
|
|||
})
|
||||
|
||||
it('Should list all the users', async function () {
|
||||
const res = await getUsersList(server.url)
|
||||
const res = await getUsersList(server.url, server.accessToken)
|
||||
const result = res.body
|
||||
const total = result.total
|
||||
const users = result.data
|
||||
|
@ -280,7 +284,7 @@ describe('Test users', function () {
|
|||
})
|
||||
|
||||
it('Should list only the first user by username asc', async function () {
|
||||
const res = await getUsersListPaginationAndSort(server.url, 0, 1, 'username')
|
||||
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
|
||||
|
||||
const result = res.body
|
||||
const total = result.total
|
||||
|
@ -307,7 +311,7 @@ describe('Test users', function () {
|
|||
})
|
||||
|
||||
it('Should list only the first user by username desc', async function () {
|
||||
const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-username')
|
||||
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
|
||||
const result = res.body
|
||||
const total = result.total
|
||||
const users = result.data
|
||||
|
@ -330,7 +334,7 @@ describe('Test users', function () {
|
|||
})
|
||||
|
||||
it('Should list only the second user by createdAt desc', async function () {
|
||||
const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-createdAt')
|
||||
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
|
||||
const result = res.body
|
||||
const total = result.total
|
||||
const users = result.data
|
||||
|
@ -353,7 +357,7 @@ describe('Test users', function () {
|
|||
})
|
||||
|
||||
it('Should list all the users by createdAt asc', async function () {
|
||||
const res = await getUsersListPaginationAndSort(server.url, 0, 2, 'createdAt')
|
||||
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
|
||||
const result = res.body
|
||||
const total = result.total
|
||||
const users = result.data
|
||||
|
|
|
@ -76,17 +76,18 @@ function getUserVideoRating (url: string, accessToken: string, videoId: number)
|
|||
.expect('Content-Type', /json/)
|
||||
}
|
||||
|
||||
function getUsersList (url: string) {
|
||||
function getUsersList (url: string, accessToken: string) {
|
||||
const path = '/api/v1/users'
|
||||
|
||||
return request(url)
|
||||
.get(path)
|
||||
.set('Accept', 'application/json')
|
||||
.set('Authorization', 'Bearer ' + accessToken)
|
||||
.expect(200)
|
||||
.expect('Content-Type', /json/)
|
||||
}
|
||||
|
||||
function getUsersListPaginationAndSort (url: string, start: number, count: number, sort: string) {
|
||||
function getUsersListPaginationAndSort (url: string, accessToken: string, start: number, count: number, sort: string) {
|
||||
const path = '/api/v1/users'
|
||||
|
||||
return request(url)
|
||||
|
@ -95,6 +96,7 @@ function getUsersListPaginationAndSort (url: string, start: number, count: numbe
|
|||
.query({ count })
|
||||
.query({ sort })
|
||||
.set('Accept', 'application/json')
|
||||
.set('Authorization', 'Bearer ' + accessToken)
|
||||
.expect(200)
|
||||
.expect('Content-Type', /json/)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue