Allow guilds edit (#8800)

* test: test that admin users can update guilds * test: test admin removeMember privileges * fix: allow admins to edit guilds * fix: add edit guild options for admins * test: test that admin can't remove current leader * Add error msg for removing current leader * Taskwoods Quest Line (#8156) * feat(content): Gold Quest 2016-10 * chore(news): Bailey * chore(i18n): update locales * chore(sprites): compile * 3.49.0 * chore: update express * Fix for the ReDOS vulnerability habitica is currently affected by the high-severity [ReDOS vulnerability](https://snyk.io/vuln/npm:tough-cookie:20160722). Vulnerable module: `tough-cookie` Introduced through: ` request` This PR fixes the ReDOS vulnerability by upgrading ` request` to version 2.74.0 Check out the [Snyk test report](https://snyk.io/test/github/HabitRPG/habitica) to review other vulnerabilities that affect this repo. [Watch the repo](https://snyk.io/add) to * get alerts if newly disclosed vulnerabilities affect this repo in the future. * generate pull requests with the fixes you want, or let us do the work: when a newly disclosed vulnerability affects you, we'll submit a fix to you right away. Stay secure, The Snyk team * Documentation - coupon closes #8109 * fix(client): Allow member hp to be clickable fixes #8016 closes #8155 * chore(npm): shrinkwrap * test: test isAbleToEditGroup * Add isAbleToEditGroup to groupsCtrl * Remove unnecessary ternary * Fix linting * Move edit permission logic out to groupsCtrl * fix: change ternary to boolean * Fix linting * Fixed merge issues
2025-12-15 21:57:22 +01:00 · 2017-06-08 13:45:24 -07:00
parent 4d3a0c0571
commit 1999e1098e
7 changed files with 106 additions and 22 deletions
--- a/test/api/v3/integration/groups/PUT-groups.test.js
+++ b/test/api/v3/integration/groups/PUT-groups.test.js
@@ -1,10 +1,11 @@
 import {
  createAndPopulateGroup,
+  generateUser,
  translate as t,
 } from '../../../../helpers/api-v3-integration.helper';

 describe('PUT /group', () => {
-  let leader, nonLeader, groupToUpdate;
+  let leader, nonLeader, groupToUpdate, adminUser;
  let groupName = 'Test Public Guild';
  let groupType = 'guild';
  let groupUpdatedName = 'Test Public Guild Updated';
@@ -18,13 +19,13 @@ describe('PUT /group', () => {
      },
      members: 1,
    });
-
+    adminUser = await generateUser({ 'contributor.admin': true });
    groupToUpdate = group;
    leader = groupLeader;
    nonLeader = members[0];
  });

-  it('returns an error when a non group leader tries to update', async () => {
+  it('returns an error when a user that is not an admin or group leader tries to update', async () => {
    await expect(nonLeader.put(`/groups/${groupToUpdate._id}`, {
      name: groupUpdatedName,
    })).to.eventually.be.rejected.and.eql({
@@ -44,6 +45,15 @@ describe('PUT /group', () => {
    expect(updatedGroup.name).to.equal(groupUpdatedName);
  });

+  it('allows an admin to update a guild', async () => {
+    let updatedGroup = await adminUser.put(`/groups/${groupToUpdate._id}`, {
+      name: groupUpdatedName,
+    });
+    expect(updatedGroup.leader._id).to.eql(leader._id);
+    expect(updatedGroup.leader.profile.name).to.eql(leader.profile.name);
+    expect(updatedGroup.name).to.equal(groupUpdatedName);
+  });
+
  it('allows a leader to change leaders', async () => {
    let updatedGroup = await leader.put(`/groups/${groupToUpdate._id}`, {
      name: groupUpdatedName,