diff --git a/api/src/controllers/permission.ts b/api/src/controllers/permission.ts index 2eb6e1d..7431cd8 100644 --- a/api/src/controllers/permission.ts +++ b/api/src/controllers/permission.ts @@ -49,7 +49,7 @@ interface UpdatePermissionPayload { setting: string } -interface PermissionDetailsResponse { +export interface PermissionDetailsResponse { permissionId: number uri: string setting: string diff --git a/api/src/controllers/user.ts b/api/src/controllers/user.ts index 9aa66b9..1324128 100644 --- a/api/src/controllers/user.ts +++ b/api/src/controllers/user.ts @@ -21,7 +21,7 @@ export interface UserResponse { displayName: string } -interface UserDetailsResponse { +export interface UserDetailsResponse { id: number displayName: string username: string diff --git a/api/src/routes/api/spec/permission.spec.ts b/api/src/routes/api/spec/permission.spec.ts index 19c2f8c..03ece1f 100644 --- a/api/src/routes/api/spec/permission.spec.ts +++ b/api/src/routes/api/spec/permission.spec.ts @@ -6,8 +6,13 @@ import appPromise from '../../../app' import { UserController, GroupController, - ClientController + ClientController, + PermissionController } from '../../../controllers/' +import { + UserDetailsResponse, + PermissionDetailsResponse +} from '../../../controllers' import { generateAccessToken, saveTokensInDB } from '../../../utils' const clientId = 'someclientID' @@ -41,6 +46,7 @@ const group = { const userController = new UserController() const groupController = new GroupController() const clientController = new ClientController() +const permissionController = new PermissionController() describe('permission', () => { let app: Express @@ -70,11 +76,10 @@ describe('permission', () => { it('should respond with new permission when principalType is user', async () => { const dbUser = await userController.createUser(user) - permission.principalId = dbUser.id const res = await request(app) .post('/SASjsApi/permission') .auth(adminAccessToken, { type: 'bearer' }) - .send(permission) + .send({ ...permission, principalId: dbUser.id }) .expect(200) expect(res.body.permissionId).toBeTruthy() @@ -248,6 +253,72 @@ describe('permission', () => { expect(res.body).toEqual({}) }) }) + + describe('update', () => { + let dbUser: UserDetailsResponse | undefined + let dbPermission: PermissionDetailsResponse | undefined + beforeAll(async () => { + dbUser = await userController.createUser({ + ...user, + username: 'updated username' + }) + dbPermission = await permissionController.createPermission({ + ...permission, + principalId: dbUser.id + }) + }) + + afterEach(async () => { + await deleteAllPermissions() + }) + + it('should respond with updated permission', async () => { + const res = await request(app) + .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`) + .auth(adminAccessToken, { type: 'bearer' }) + .send({ setting: 'Deny' }) + .expect(200) + + expect(res.body.setting).toEqual('Deny') + }) + + it('should respond with Unauthorized if access token is not present', async () => { + const res = await request(app) + .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`) + .send(permission) + .expect(401) + + expect(res.text).toEqual('Unauthorized') + expect(res.body).toEqual({}) + }) + + it('should respond with Unauthorized if access token is not of an admin account', async () => { + const accessToken = await generateSaveTokenAndCreateUser({ + ...user, + username: 'update' + user.username + }) + + const res = await request(app) + .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`) + .auth(accessToken, { type: 'bearer' }) + .send() + .expect(401) + + expect(res.text).toEqual('Admin account required') + expect(res.body).toEqual({}) + }) + + it('should respond with Bad Request if setting is missing', async () => { + const res = await request(app) + .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`) + .auth(adminAccessToken, { type: 'bearer' }) + .send() + .expect(400) + + expect(res.text).toEqual(`"setting" is required`) + expect(res.body).toEqual({}) + }) + }) }) const generateSaveTokenAndCreateUser = async (