Users list only available when use is authenticated
And has a special right
This commit is contained in:
parent
165cdc75bf
commit
86d13ec2aa
|
@ -77,7 +77,7 @@ app.use(morgan('combined', {
|
||||||
}))
|
}))
|
||||||
// For body requests
|
// For body requests
|
||||||
app.use(bodyParser.json({
|
app.use(bodyParser.json({
|
||||||
type: 'application/*+json',
|
type: [ 'application/json', 'application/*+json' ],
|
||||||
limit: '500kb'
|
limit: '500kb'
|
||||||
}))
|
}))
|
||||||
app.use(bodyParser.urlencoded({ extended: false }))
|
app.use(bodyParser.urlencoded({ extended: false }))
|
||||||
|
|
|
@ -48,6 +48,8 @@ usersRouter.get('/me/videos/:videoId/rating',
|
||||||
)
|
)
|
||||||
|
|
||||||
usersRouter.get('/',
|
usersRouter.get('/',
|
||||||
|
authenticate,
|
||||||
|
ensureUserHasRight(UserRight.MANAGE_USERS),
|
||||||
paginationValidator,
|
paginationValidator,
|
||||||
usersSortValidator,
|
usersSortValidator,
|
||||||
setUsersSort,
|
setUsersSort,
|
||||||
|
|
|
@ -67,6 +67,7 @@ describe('Test users API validators', function () {
|
||||||
.get(path)
|
.get(path)
|
||||||
.query({ start: 'hello' })
|
.query({ start: 'hello' })
|
||||||
.set('Accept', 'application/json')
|
.set('Accept', 'application/json')
|
||||||
|
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||||
.expect(400)
|
.expect(400)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -75,6 +76,7 @@ describe('Test users API validators', function () {
|
||||||
.get(path)
|
.get(path)
|
||||||
.query({ count: 'hello' })
|
.query({ count: 'hello' })
|
||||||
.set('Accept', 'application/json')
|
.set('Accept', 'application/json')
|
||||||
|
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||||
.expect(400)
|
.expect(400)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -83,8 +85,24 @@ describe('Test users API validators', function () {
|
||||||
.get(path)
|
.get(path)
|
||||||
.query({ sort: 'hello' })
|
.query({ sort: 'hello' })
|
||||||
.set('Accept', 'application/json')
|
.set('Accept', 'application/json')
|
||||||
|
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||||
.expect(400)
|
.expect(400)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('Should fail with a non authenticated user', async function () {
|
||||||
|
await request(server.url)
|
||||||
|
.get(path)
|
||||||
|
.set('Accept', 'application/json')
|
||||||
|
.expect(401)
|
||||||
|
})
|
||||||
|
|
||||||
|
it('Should fail with a non admin user', async function () {
|
||||||
|
await request(server.url)
|
||||||
|
.get(path)
|
||||||
|
.set('Accept', 'application/json')
|
||||||
|
.set('Authorization', 'Bearer ' + userAccessToken)
|
||||||
|
.expect(403)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
||||||
describe('When adding a new user', function () {
|
describe('When adding a new user', function () {
|
||||||
|
@ -354,7 +372,7 @@ describe('Test users API validators', function () {
|
||||||
describe('When updating a user', function () {
|
describe('When updating a user', function () {
|
||||||
|
|
||||||
before(async function () {
|
before(async function () {
|
||||||
const res = await getUsersList(server.url)
|
const res = await getUsersList(server.url, server.accessToken)
|
||||||
|
|
||||||
userId = res.body.data[1].id
|
userId = res.body.data[1].id
|
||||||
rootId = res.body.data[2].id
|
rootId = res.body.data[2].id
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
/* tslint:disable:no-unused-expression */
|
/* tslint:disable:no-unused-expression */
|
||||||
|
|
||||||
import * as chai from 'chai'
|
import * as chai from 'chai'
|
||||||
import 'mocha'
|
import 'mocha'
|
||||||
import { UserRole } from '../../../shared'
|
import { UserRole } from '../../../shared'
|
||||||
|
@ -28,6 +29,7 @@ import {
|
||||||
} from '../utils'
|
} from '../utils'
|
||||||
import { follow } from '../utils/follows'
|
import { follow } from '../utils/follows'
|
||||||
import { getMyVideos } from '../utils/videos'
|
import { getMyVideos } from '../utils/videos'
|
||||||
|
import { setAccessTokensToServers } from '../utils/login'
|
||||||
|
|
||||||
const expect = chai.expect
|
const expect = chai.expect
|
||||||
|
|
||||||
|
@ -43,6 +45,8 @@ describe('Test users', function () {
|
||||||
|
|
||||||
await flushTests()
|
await flushTests()
|
||||||
server = await runServer(1)
|
server = await runServer(1)
|
||||||
|
|
||||||
|
await setAccessTokensToServers([ server ])
|
||||||
})
|
})
|
||||||
|
|
||||||
it('Should create a new client')
|
it('Should create a new client')
|
||||||
|
@ -242,7 +246,7 @@ describe('Test users', function () {
|
||||||
})
|
})
|
||||||
|
|
||||||
it('Should list all the users', async function () {
|
it('Should list all the users', async function () {
|
||||||
const res = await getUsersList(server.url)
|
const res = await getUsersList(server.url, server.accessToken)
|
||||||
const result = res.body
|
const result = res.body
|
||||||
const total = result.total
|
const total = result.total
|
||||||
const users = result.data
|
const users = result.data
|
||||||
|
@ -280,7 +284,7 @@ describe('Test users', function () {
|
||||||
})
|
})
|
||||||
|
|
||||||
it('Should list only the first user by username asc', async function () {
|
it('Should list only the first user by username asc', async function () {
|
||||||
const res = await getUsersListPaginationAndSort(server.url, 0, 1, 'username')
|
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username')
|
||||||
|
|
||||||
const result = res.body
|
const result = res.body
|
||||||
const total = result.total
|
const total = result.total
|
||||||
|
@ -307,7 +311,7 @@ describe('Test users', function () {
|
||||||
})
|
})
|
||||||
|
|
||||||
it('Should list only the first user by username desc', async function () {
|
it('Should list only the first user by username desc', async function () {
|
||||||
const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-username')
|
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username')
|
||||||
const result = res.body
|
const result = res.body
|
||||||
const total = result.total
|
const total = result.total
|
||||||
const users = result.data
|
const users = result.data
|
||||||
|
@ -330,7 +334,7 @@ describe('Test users', function () {
|
||||||
})
|
})
|
||||||
|
|
||||||
it('Should list only the second user by createdAt desc', async function () {
|
it('Should list only the second user by createdAt desc', async function () {
|
||||||
const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-createdAt')
|
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt')
|
||||||
const result = res.body
|
const result = res.body
|
||||||
const total = result.total
|
const total = result.total
|
||||||
const users = result.data
|
const users = result.data
|
||||||
|
@ -353,7 +357,7 @@ describe('Test users', function () {
|
||||||
})
|
})
|
||||||
|
|
||||||
it('Should list all the users by createdAt asc', async function () {
|
it('Should list all the users by createdAt asc', async function () {
|
||||||
const res = await getUsersListPaginationAndSort(server.url, 0, 2, 'createdAt')
|
const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt')
|
||||||
const result = res.body
|
const result = res.body
|
||||||
const total = result.total
|
const total = result.total
|
||||||
const users = result.data
|
const users = result.data
|
||||||
|
|
|
@ -76,17 +76,18 @@ function getUserVideoRating (url: string, accessToken: string, videoId: number)
|
||||||
.expect('Content-Type', /json/)
|
.expect('Content-Type', /json/)
|
||||||
}
|
}
|
||||||
|
|
||||||
function getUsersList (url: string) {
|
function getUsersList (url: string, accessToken: string) {
|
||||||
const path = '/api/v1/users'
|
const path = '/api/v1/users'
|
||||||
|
|
||||||
return request(url)
|
return request(url)
|
||||||
.get(path)
|
.get(path)
|
||||||
.set('Accept', 'application/json')
|
.set('Accept', 'application/json')
|
||||||
|
.set('Authorization', 'Bearer ' + accessToken)
|
||||||
.expect(200)
|
.expect(200)
|
||||||
.expect('Content-Type', /json/)
|
.expect('Content-Type', /json/)
|
||||||
}
|
}
|
||||||
|
|
||||||
function getUsersListPaginationAndSort (url: string, start: number, count: number, sort: string) {
|
function getUsersListPaginationAndSort (url: string, accessToken: string, start: number, count: number, sort: string) {
|
||||||
const path = '/api/v1/users'
|
const path = '/api/v1/users'
|
||||||
|
|
||||||
return request(url)
|
return request(url)
|
||||||
|
@ -95,6 +96,7 @@ function getUsersListPaginationAndSort (url: string, start: number, count: numbe
|
||||||
.query({ count })
|
.query({ count })
|
||||||
.query({ sort })
|
.query({ sort })
|
||||||
.set('Accept', 'application/json')
|
.set('Accept', 'application/json')
|
||||||
|
.set('Authorization', 'Bearer ' + accessToken)
|
||||||
.expect(200)
|
.expect(200)
|
||||||
.expect('Content-Type', /json/)
|
.expect('Content-Type', /json/)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue