mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-26 21:19:43 -08:00
29e7a98f3e
## Summary Provide details about your pull request and what it adds, fixes, or changes. Photos and videos are recommended. ... #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or **Linear ticket**: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > *(internal)* You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e).
682 lines
20 KiB
TypeScript
682 lines
20 KiB
TypeScript
import Container from 'typedi';
|
|
import { UserRepository } from '@db/repositories/user.repository';
|
|
|
|
import { UsersController } from '@/controllers/users.controller';
|
|
import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
|
|
import { SharedWorkflowRepository } from '@db/repositories/sharedWorkflow.repository';
|
|
|
|
import { getCredentialById, saveCredential } from './shared/db/credentials';
|
|
import { getCredentialOwnerRole, getWorkflowOwnerRole } from './shared/db/roles';
|
|
import { createAdmin, createMember, createOwner, getUserById } from './shared/db/users';
|
|
import { createWorkflow, getWorkflowById } from './shared/db/workflows';
|
|
import { SUCCESS_RESPONSE_BODY } from './shared/constants';
|
|
import { validateUser } from './shared/utils/users';
|
|
import { randomName } from './shared/random';
|
|
import * as utils from './shared/utils/';
|
|
import * as testDb from './shared/testDb';
|
|
|
|
import type { SuperAgentTest } from 'supertest';
|
|
import type { Role } from '@db/entities/Role';
|
|
import type { User } from '@db/entities/User';
|
|
|
|
const testServer = utils.setupTestServer({
|
|
endpointGroups: ['users'],
|
|
enabledFeatures: ['feat:advancedPermissions'],
|
|
});
|
|
|
|
describe('GET /users', () => {
|
|
let owner: User;
|
|
let member: User;
|
|
let ownerAgent: SuperAgentTest;
|
|
|
|
beforeAll(async () => {
|
|
await testDb.truncate(['User']);
|
|
|
|
owner = await createOwner();
|
|
member = await createMember();
|
|
await createMember();
|
|
|
|
ownerAgent = testServer.authAgentFor(owner);
|
|
});
|
|
|
|
test('should return all users', async () => {
|
|
const response = await ownerAgent.get('/users').expect(200);
|
|
|
|
expect(response.body.data).toHaveLength(3);
|
|
|
|
response.body.data.forEach(validateUser);
|
|
});
|
|
|
|
describe('list query options', () => {
|
|
describe('filter', () => {
|
|
test('should filter users by field: email', async () => {
|
|
const response = await ownerAgent
|
|
.get('/users')
|
|
.query(`filter={ "email": "${member.email}" }`)
|
|
.expect(200);
|
|
|
|
expect(response.body.data).toHaveLength(1);
|
|
|
|
const [user] = response.body.data;
|
|
|
|
expect(user.email).toBe(member.email);
|
|
|
|
const _response = await ownerAgent
|
|
.get('/users')
|
|
.query('filter={ "email": "non@existing.com" }')
|
|
.expect(200);
|
|
|
|
expect(_response.body.data).toHaveLength(0);
|
|
});
|
|
|
|
test('should filter users by field: firstName', async () => {
|
|
const response = await ownerAgent
|
|
.get('/users')
|
|
.query(`filter={ "firstName": "${member.firstName}" }`)
|
|
.expect(200);
|
|
|
|
expect(response.body.data).toHaveLength(1);
|
|
|
|
const [user] = response.body.data;
|
|
|
|
expect(user.email).toBe(member.email);
|
|
|
|
const _response = await ownerAgent
|
|
.get('/users')
|
|
.query('filter={ "firstName": "Non-Existing" }')
|
|
.expect(200);
|
|
|
|
expect(_response.body.data).toHaveLength(0);
|
|
});
|
|
|
|
test('should filter users by field: lastName', async () => {
|
|
const response = await ownerAgent
|
|
.get('/users')
|
|
.query(`filter={ "lastName": "${member.lastName}" }`)
|
|
.expect(200);
|
|
|
|
expect(response.body.data).toHaveLength(1);
|
|
|
|
const [user] = response.body.data;
|
|
|
|
expect(user.email).toBe(member.email);
|
|
|
|
const _response = await ownerAgent
|
|
.get('/users')
|
|
.query('filter={ "lastName": "Non-Existing" }')
|
|
.expect(200);
|
|
|
|
expect(_response.body.data).toHaveLength(0);
|
|
});
|
|
|
|
test('should filter users by computed field: isOwner', async () => {
|
|
const response = await ownerAgent
|
|
.get('/users')
|
|
.query('filter={ "isOwner": true }')
|
|
.expect(200);
|
|
|
|
expect(response.body.data).toHaveLength(1);
|
|
|
|
const [user] = response.body.data;
|
|
|
|
expect(user.isOwner).toBe(true);
|
|
|
|
const _response = await ownerAgent
|
|
.get('/users')
|
|
.query('filter={ "isOwner": false }')
|
|
.expect(200);
|
|
|
|
expect(_response.body.data).toHaveLength(2);
|
|
|
|
const [_user] = _response.body.data;
|
|
|
|
expect(_user.isOwner).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe('select', () => {
|
|
test('should select user field: id', async () => {
|
|
const response = await ownerAgent.get('/users').query('select=["id"]').expect(200);
|
|
|
|
expect(response.body).toEqual({
|
|
data: [
|
|
{ id: expect.any(String) },
|
|
{ id: expect.any(String) },
|
|
{ id: expect.any(String) },
|
|
],
|
|
});
|
|
});
|
|
|
|
test('should select user field: email', async () => {
|
|
const response = await ownerAgent.get('/users').query('select=["email"]').expect(200);
|
|
|
|
expect(response.body).toEqual({
|
|
data: [
|
|
{ email: expect.any(String) },
|
|
{ email: expect.any(String) },
|
|
{ email: expect.any(String) },
|
|
],
|
|
});
|
|
});
|
|
|
|
test('should select user field: firstName', async () => {
|
|
const response = await ownerAgent.get('/users').query('select=["firstName"]').expect(200);
|
|
|
|
expect(response.body).toEqual({
|
|
data: [
|
|
{ firstName: expect.any(String) },
|
|
{ firstName: expect.any(String) },
|
|
{ firstName: expect.any(String) },
|
|
],
|
|
});
|
|
});
|
|
|
|
test('should select user field: lastName', async () => {
|
|
const response = await ownerAgent.get('/users').query('select=["lastName"]').expect(200);
|
|
|
|
expect(response.body).toEqual({
|
|
data: [
|
|
{ lastName: expect.any(String) },
|
|
{ lastName: expect.any(String) },
|
|
{ lastName: expect.any(String) },
|
|
],
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('take', () => {
|
|
test('should return n users or less, without skip', async () => {
|
|
const response = await ownerAgent.get('/users').query('take=2').expect(200);
|
|
|
|
expect(response.body.data).toHaveLength(2);
|
|
|
|
response.body.data.forEach(validateUser);
|
|
|
|
const _response = await ownerAgent.get('/users').query('take=1').expect(200);
|
|
|
|
expect(_response.body.data).toHaveLength(1);
|
|
|
|
_response.body.data.forEach(validateUser);
|
|
});
|
|
|
|
test('should return n users or less, with skip', async () => {
|
|
const response = await ownerAgent.get('/users').query('take=1&skip=1').expect(200);
|
|
|
|
expect(response.body.data).toHaveLength(1);
|
|
|
|
response.body.data.forEach(validateUser);
|
|
});
|
|
});
|
|
|
|
describe('auxiliary fields', () => {
|
|
/**
|
|
* Some list query options require auxiliary fields:
|
|
*
|
|
* - `isOwner` requires `globalRole`
|
|
* - `select` with `take` requires `id` (for pagination)
|
|
*/
|
|
test('should support options that require auxiliary fields', async () => {
|
|
const response = await ownerAgent
|
|
.get('/users')
|
|
.query('filter={ "isOwner": true }&select=["firstName"]&take=1')
|
|
.expect(200);
|
|
|
|
expect(response.body).toEqual({ data: [{ firstName: expect.any(String) }] });
|
|
});
|
|
});
|
|
});
|
|
});
|
|
|
|
describe('DELETE /users/:id', () => {
|
|
let owner: User;
|
|
let member: User;
|
|
let ownerAgent: SuperAgentTest;
|
|
let workflowOwnerRole: Role;
|
|
let credentialOwnerRole: Role;
|
|
|
|
beforeAll(async () => {
|
|
await testDb.truncate(['User']);
|
|
|
|
owner = await createOwner();
|
|
member = await createMember();
|
|
ownerAgent = testServer.authAgentFor(owner);
|
|
|
|
workflowOwnerRole = await getWorkflowOwnerRole();
|
|
credentialOwnerRole = await getCredentialOwnerRole();
|
|
});
|
|
|
|
test('should delete user and their resources', async () => {
|
|
const savedWorkflow = await createWorkflow({ name: randomName() }, member);
|
|
|
|
const savedCredential = await saveCredential(
|
|
{ name: randomName(), type: '', data: {}, nodesAccess: [] },
|
|
{ user: member, role: credentialOwnerRole },
|
|
);
|
|
|
|
const response = await ownerAgent.delete(`/users/${member.id}`);
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
expect(response.body).toEqual(SUCCESS_RESPONSE_BODY);
|
|
|
|
const user = await Container.get(UserRepository).findOneBy({ id: member.id });
|
|
|
|
const sharedWorkflow = await Container.get(SharedWorkflowRepository).findOne({
|
|
relations: ['user'],
|
|
where: { userId: member.id, roleId: workflowOwnerRole.id },
|
|
});
|
|
|
|
const sharedCredential = await Container.get(SharedCredentialsRepository).findOne({
|
|
relations: ['user'],
|
|
where: { userId: member.id, roleId: credentialOwnerRole.id },
|
|
});
|
|
|
|
const workflow = await getWorkflowById(savedWorkflow.id);
|
|
|
|
const credential = await getCredentialById(savedCredential.id);
|
|
|
|
// @TODO: Include active workflow and check whether webhook has been removed
|
|
|
|
expect(user).toBeNull();
|
|
expect(sharedWorkflow).toBeNull();
|
|
expect(sharedCredential).toBeNull();
|
|
expect(workflow).toBeNull();
|
|
expect(credential).toBeNull();
|
|
|
|
// restore
|
|
|
|
member = await createMember();
|
|
});
|
|
|
|
test('should delete user and transfer their resources', async () => {
|
|
const [savedWorkflow, savedCredential] = await Promise.all([
|
|
await createWorkflow({ name: randomName() }, member),
|
|
await saveCredential(
|
|
{ name: randomName(), type: '', data: {}, nodesAccess: [] },
|
|
{
|
|
user: member,
|
|
role: credentialOwnerRole,
|
|
},
|
|
),
|
|
]);
|
|
|
|
const response = await ownerAgent.delete(`/users/${member.id}`).query({
|
|
transferId: owner.id,
|
|
});
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
|
|
const [user, sharedWorkflow, sharedCredential] = await Promise.all([
|
|
await Container.get(UserRepository).findOneBy({ id: member.id }),
|
|
await Container.get(SharedWorkflowRepository).findOneOrFail({
|
|
relations: ['workflow'],
|
|
where: { userId: owner.id },
|
|
}),
|
|
await Container.get(SharedCredentialsRepository).findOneOrFail({
|
|
relations: ['credentials'],
|
|
where: { userId: owner.id },
|
|
}),
|
|
]);
|
|
|
|
expect(user).toBeNull();
|
|
expect(sharedWorkflow.workflow.id).toBe(savedWorkflow.id);
|
|
expect(sharedCredential.credentials.id).toBe(savedCredential.id);
|
|
});
|
|
|
|
test('should fail to delete self', async () => {
|
|
const response = await ownerAgent.delete(`/users/${owner.id}`);
|
|
|
|
expect(response.statusCode).toBe(400);
|
|
|
|
const user = await getUserById(owner.id);
|
|
|
|
expect(user).toBeDefined();
|
|
});
|
|
|
|
test('should fail to delete if user to delete is transferee', async () => {
|
|
const response = await ownerAgent.delete(`/users/${member.id}`).query({
|
|
transferId: member.id,
|
|
});
|
|
|
|
expect(response.statusCode).toBe(400);
|
|
|
|
const user = await Container.get(UserRepository).findOneBy({ id: member.id });
|
|
|
|
expect(user).toBeDefined();
|
|
});
|
|
});
|
|
|
|
describe('PATCH /users/:id/role', () => {
|
|
let owner: User;
|
|
let admin: User;
|
|
let otherAdmin: User;
|
|
let member: User;
|
|
let otherMember: User;
|
|
|
|
let ownerAgent: SuperAgentTest;
|
|
let adminAgent: SuperAgentTest;
|
|
let memberAgent: SuperAgentTest;
|
|
let authlessAgent: SuperAgentTest;
|
|
|
|
const {
|
|
MISSING_NEW_ROLE_KEY,
|
|
MISSING_NEW_ROLE_VALUE,
|
|
NO_ADMIN_ON_OWNER,
|
|
NO_USER_TO_OWNER,
|
|
NO_USER,
|
|
NO_OWNER_ON_OWNER,
|
|
NO_ADMIN_IF_UNLICENSED,
|
|
} = UsersController.ERROR_MESSAGES.CHANGE_ROLE;
|
|
|
|
const UNAUTHORIZED = 'Unauthorized';
|
|
|
|
beforeAll(async () => {
|
|
await testDb.truncate(['User']);
|
|
|
|
[owner, admin, otherAdmin, member, otherMember] = await Promise.all([
|
|
await createOwner(),
|
|
await createAdmin(),
|
|
await createAdmin(),
|
|
await createMember(),
|
|
await createMember(),
|
|
]);
|
|
|
|
ownerAgent = testServer.authAgentFor(owner);
|
|
adminAgent = testServer.authAgentFor(admin);
|
|
memberAgent = testServer.authAgentFor(member);
|
|
authlessAgent = testServer.authlessAgent;
|
|
});
|
|
|
|
describe('unauthenticated user', () => {
|
|
test('should receive 401', async () => {
|
|
const response = await authlessAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(401);
|
|
});
|
|
});
|
|
|
|
describe('member', () => {
|
|
test('should fail to demote owner to member', async () => {
|
|
const response = await memberAgent.patch(`/users/${owner.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(UNAUTHORIZED);
|
|
});
|
|
|
|
test('should fail to demote owner to admin', async () => {
|
|
const response = await memberAgent.patch(`/users/${owner.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(UNAUTHORIZED);
|
|
});
|
|
|
|
test('should fail to demote admin to member', async () => {
|
|
const response = await memberAgent.patch(`/users/${admin.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(UNAUTHORIZED);
|
|
});
|
|
|
|
test('should fail to promote other member to owner', async () => {
|
|
const response = await memberAgent.patch(`/users/${otherMember.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'owner' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(UNAUTHORIZED);
|
|
});
|
|
|
|
test('should fail to promote other member to admin', async () => {
|
|
const response = await memberAgent.patch(`/users/${otherMember.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(UNAUTHORIZED);
|
|
});
|
|
|
|
test('should fail to promote self to admin', async () => {
|
|
const response = await memberAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(UNAUTHORIZED);
|
|
});
|
|
|
|
test('should fail to promote self to owner', async () => {
|
|
const response = await memberAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'owner' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(UNAUTHORIZED);
|
|
});
|
|
});
|
|
|
|
describe('admin', () => {
|
|
test('should receive 400 on invalid payload', async () => {
|
|
const response = await adminAgent.patch(`/users/${member.id}/role`).send({});
|
|
|
|
expect(response.statusCode).toBe(400);
|
|
expect(response.body.message).toBe(MISSING_NEW_ROLE_KEY);
|
|
|
|
const _response = await adminAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: {},
|
|
});
|
|
|
|
expect(_response.statusCode).toBe(400);
|
|
expect(_response.body.message).toBe(MISSING_NEW_ROLE_VALUE);
|
|
});
|
|
|
|
test('should receive 404 on unknown target user', async () => {
|
|
const response = await adminAgent
|
|
.patch('/users/c2317ff3-7a9f-4fd4-ad2b-7331f6359260/role')
|
|
.send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(404);
|
|
expect(response.body.message).toBe(NO_USER);
|
|
});
|
|
|
|
test('should fail to demote owner to admin', async () => {
|
|
const response = await adminAgent.patch(`/users/${owner.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_ADMIN_ON_OWNER);
|
|
});
|
|
|
|
test('should fail to demote owner to member', async () => {
|
|
const response = await adminAgent.patch(`/users/${owner.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_ADMIN_ON_OWNER);
|
|
});
|
|
|
|
test('should fail to promote member to owner', async () => {
|
|
const response = await adminAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'owner' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_USER_TO_OWNER);
|
|
});
|
|
|
|
test('should fail to promote admin to owner', async () => {
|
|
const response = await adminAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'owner' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_USER_TO_OWNER);
|
|
});
|
|
|
|
test('should fail to promote member to admin if not licensed', async () => {
|
|
testServer.license.disable('feat:advancedPermissions');
|
|
|
|
const response = await adminAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_ADMIN_IF_UNLICENSED);
|
|
});
|
|
|
|
test('should be able to demote admin to member', async () => {
|
|
const response = await adminAgent.patch(`/users/${otherAdmin.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
expect(response.body.data).toStrictEqual({ success: true });
|
|
|
|
const user = await getUserById(otherAdmin.id);
|
|
|
|
expect(user.globalRole.scope).toBe('global');
|
|
expect(user.globalRole.name).toBe('member');
|
|
|
|
// restore other admin
|
|
|
|
otherAdmin = await createAdmin();
|
|
adminAgent = testServer.authAgentFor(otherAdmin);
|
|
});
|
|
|
|
test('should be able to demote self to member', async () => {
|
|
const response = await adminAgent.patch(`/users/${admin.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
expect(response.body.data).toStrictEqual({ success: true });
|
|
|
|
const user = await getUserById(admin.id);
|
|
|
|
expect(user.globalRole.scope).toBe('global');
|
|
expect(user.globalRole.name).toBe('member');
|
|
|
|
// restore admin
|
|
|
|
admin = await createAdmin();
|
|
adminAgent = testServer.authAgentFor(admin);
|
|
});
|
|
|
|
test('should be able to promote member to admin if licensed', async () => {
|
|
const response = await adminAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
expect(response.body.data).toStrictEqual({ success: true });
|
|
|
|
const user = await getUserById(admin.id);
|
|
|
|
expect(user.globalRole.scope).toBe('global');
|
|
expect(user.globalRole.name).toBe('admin');
|
|
|
|
// restore member
|
|
|
|
member = await createMember();
|
|
memberAgent = testServer.authAgentFor(member);
|
|
});
|
|
});
|
|
|
|
describe('owner', () => {
|
|
test('should fail to demote self to admin', async () => {
|
|
const response = await ownerAgent.patch(`/users/${owner.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_OWNER_ON_OWNER);
|
|
});
|
|
|
|
test('should fail to demote self to member', async () => {
|
|
const response = await ownerAgent.patch(`/users/${owner.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_OWNER_ON_OWNER);
|
|
});
|
|
|
|
test('should fail to promote admin to owner', async () => {
|
|
const response = await ownerAgent.patch(`/users/${admin.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'owner' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_USER_TO_OWNER);
|
|
});
|
|
|
|
test('should fail to promote member to owner', async () => {
|
|
const response = await ownerAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'owner' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_USER_TO_OWNER);
|
|
});
|
|
|
|
test('should fail to promote member to admin if not licensed', async () => {
|
|
testServer.license.disable('feat:advancedPermissions');
|
|
|
|
const response = await ownerAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
expect(response.body.message).toBe(NO_ADMIN_IF_UNLICENSED);
|
|
});
|
|
|
|
test('should be able to promote member to admin if licensed', async () => {
|
|
const response = await ownerAgent.patch(`/users/${member.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'admin' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
expect(response.body.data).toStrictEqual({ success: true });
|
|
|
|
const user = await getUserById(admin.id);
|
|
|
|
expect(user.globalRole.scope).toBe('global');
|
|
expect(user.globalRole.name).toBe('admin');
|
|
|
|
// restore member
|
|
|
|
member = await createMember();
|
|
memberAgent = testServer.authAgentFor(member);
|
|
});
|
|
|
|
test('should be able to demote admin to member', async () => {
|
|
const response = await ownerAgent.patch(`/users/${admin.id}/role`).send({
|
|
newRole: { scope: 'global', name: 'member' },
|
|
});
|
|
|
|
expect(response.statusCode).toBe(200);
|
|
expect(response.body.data).toStrictEqual({ success: true });
|
|
|
|
const user = await getUserById(admin.id);
|
|
|
|
expect(user.globalRole.scope).toBe('global');
|
|
expect(user.globalRole.name).toBe('member');
|
|
|
|
// restore admin
|
|
|
|
admin = await createAdmin();
|
|
adminAgent = testServer.authAgentFor(admin);
|
|
});
|
|
});
|
|
});
|