mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-17 14:47:53 +01:00
c26696a9eb
* move translatable string to apiMessages * use apiMessages instead of res.t for groupIdRequired / keepOrRemove * move pageMustBeNumber to apiMessages * change apimessages * move missingKeyParam to apiMessages * move more strings to apiMessages * fix lint * revert lodash imports to fix tests * fix webhook test * fix test * rollback key change of `keepOrRemove` * remove unneeded `req.language` param * extract more messages from i18n * add missing `missingTypeParam` message * Split api- and commonMessages * fix test * fix sanity * merge messages to an object, rename commonMessage to errorMessage * apiMessages -> apiError, commonMessages -> errorMessage, extract messages to separate objects * fix test * module.exports
63 lines
1.8 KiB
JavaScript
63 lines
1.8 KiB
JavaScript
/* eslint-disable global-require */
|
|
import {
|
|
generateRes,
|
|
generateReq,
|
|
generateNext,
|
|
} from '../../../../helpers/api-unit.helper';
|
|
import i18n from '../../../../../website/common/script/i18n';
|
|
import { ensureAdmin, ensureSudo } from '../../../../../website/server/middlewares/ensureAccessRight';
|
|
import { NotAuthorized } from '../../../../../website/server/libs/errors';
|
|
import apiError from '../../../../../website/server/libs/apiError';
|
|
|
|
describe('ensure access middlewares', () => {
|
|
let res, req, next;
|
|
|
|
beforeEach(() => {
|
|
res = generateRes();
|
|
req = generateReq();
|
|
next = generateNext();
|
|
});
|
|
|
|
context('ensure admin', () => {
|
|
it('returns not authorized when user is not an admin', () => {
|
|
res.locals = {user: {contributor: {admin: false}}};
|
|
|
|
ensureAdmin(req, res, next);
|
|
|
|
const calledWith = next.getCall(0).args;
|
|
expect(calledWith[0].message).to.equal(i18n.t('noAdminAccess'));
|
|
expect(calledWith[0] instanceof NotAuthorized).to.equal(true);
|
|
});
|
|
|
|
it('passes when user is an admin', () => {
|
|
res.locals = {user: {contributor: {admin: true}}};
|
|
|
|
ensureAdmin(req, res, next);
|
|
|
|
expect(next).to.be.calledOnce;
|
|
expect(next.args[0]).to.be.empty;
|
|
});
|
|
});
|
|
|
|
context('ensure sudo', () => {
|
|
it('returns not authorized when user is not a sudo user', () => {
|
|
res.locals = {user: {contributor: {sudo: false}}};
|
|
|
|
ensureSudo(req, res, next);
|
|
|
|
const calledWith = next.getCall(0).args;
|
|
expect(calledWith[0].message).to.equal(apiError('noSudoAccess'));
|
|
expect(calledWith[0] instanceof NotAuthorized).to.equal(true);
|
|
});
|
|
|
|
it('passes when user is a sudo user', () => {
|
|
res.locals = {user: {contributor: {sudo: true}}};
|
|
|
|
ensureSudo(req, res, next);
|
|
|
|
expect(next).to.be.calledOnce;
|
|
expect(next.args[0]).to.be.empty;
|
|
});
|
|
});
|
|
});
|