API v4 (WIP) (#10453)

API v4

test/api/unit/middlewares/ensureAccessRight.test.js

@@ -0,0 +1,62 @@
+/* eslint-disable global-require */
+import {
+  generateRes,
+  generateReq,
+  generateNext,
+} from '../../../helpers/api-unit.helper';
+import i18n from '../../../../website/common/script/i18n';
+import { ensureAdmin, ensureSudo } from '../../../../website/server/middlewares/ensureAccessRight';
+import { NotAuthorized } from '../../../../website/server/libs/errors';
+import apiError from '../../../../website/server/libs/apiError';
+
+describe('ensure access middlewares', () => {
+  let res, req, next;
+
+  beforeEach(() => {
+    res = generateRes();
+    req = generateReq();
+    next = generateNext();
+  });
+
+  context('ensure admin', () => {
+    it('returns not authorized when user is not an admin', () => {
+      res.locals = {user: {contributor: {admin: false}}};
+
+      ensureAdmin(req, res, next);
+
+      const calledWith = next.getCall(0).args;
+      expect(calledWith[0].message).to.equal(i18n.t('noAdminAccess'));
+      expect(calledWith[0] instanceof NotAuthorized).to.equal(true);
+    });
+
+    it('passes when user is an admin', () => {
+      res.locals = {user: {contributor: {admin: true}}};
+
+      ensureAdmin(req, res, next);
+
+      expect(next).to.be.calledOnce;
+      expect(next.args[0]).to.be.empty;
+    });
+  });
+
+  context('ensure sudo', () => {
+    it('returns not authorized when user is not a sudo user', () => {
+      res.locals = {user: {contributor: {sudo: false}}};
+
+      ensureSudo(req, res, next);
+
+      const calledWith = next.getCall(0).args;
+      expect(calledWith[0].message).to.equal(apiError('noSudoAccess'));
+      expect(calledWith[0] instanceof NotAuthorized).to.equal(true);
+    });
+
+    it('passes when user is a sudo user', () => {
+      res.locals = {user: {contributor: {sudo: true}}};
+
+      ensureSudo(req, res, next);
+
+      expect(next).to.be.calledOnce;
+      expect(next.args[0]).to.be.empty;
+    });
+  });
+});