Server: forbid to remove the root user

This commit is contained in:
Chocobozzz 2016-10-07 15:32:09 +02:00
parent b9ab2e25fd
commit af1068ce1d
2 changed files with 11 additions and 0 deletions

View File

@ -47,6 +47,8 @@ function usersRemove (req, res, next) {
if (!user) return res.status(404).send('User not found') if (!user) return res.status(404).send('User not found')
if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
next() next()
}) })
}) })

View File

@ -497,6 +497,7 @@ describe('Test parameters validator', function () {
describe('Of the users API', function () { describe('Of the users API', function () {
const path = '/api/v1/users/' const path = '/api/v1/users/'
let userId = null let userId = null
let rootId = null
describe('When listing users', function () { describe('When listing users', function () {
it('Should fail with a bad start pagination', function (done) { it('Should fail with a bad start pagination', function (done) {
@ -626,6 +627,7 @@ describe('Test parameters validator', function () {
if (err) throw err if (err) throw err
userId = res.body.data[1].id userId = res.body.data[1].id
rootId = res.body.data[2].id
done() done()
}) })
}) })
@ -691,6 +693,13 @@ describe('Test parameters validator', function () {
.expect(400, done) .expect(400, done)
}) })
it('Should fail with the root user', function (done) {
request(server.url)
.delete(path + rootId)
.set('Authorization', 'Bearer ' + server.accessToken)
.expect(400, done)
})
it('Should return 404 with a non existing id', function (done) { it('Should return 404 with a non existing id', function (done) {
request(server.url) request(server.url)
.delete(path + '579f982228c99c221d8092b8') .delete(path + '579f982228c99c221d8092b8')