diff options
author | Chocobozzz <me@florianbigard.com> | 2019-07-30 09:59:19 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2019-07-30 09:59:19 +0200 |
commit | a95a4cc89155f448e6f9ca0957170f3c72a9d964 (patch) | |
tree | f390fa3eccef0991db5694ef58d6716228a7f67a /server/tests/api/check-params | |
parent | dc8902634864841be7ca483b8e1c0f5afa609c32 (diff) | |
download | PeerTube-a95a4cc89155f448e6f9ca0957170f3c72a9d964.tar.gz PeerTube-a95a4cc89155f448e6f9ca0957170f3c72a9d964.tar.zst PeerTube-a95a4cc89155f448e6f9ca0957170f3c72a9d964.zip |
Moderators can only manage users
Diffstat (limited to 'server/tests/api/check-params')
-rw-r--r-- | server/tests/api/check-params/users.ts | 166 |
1 files changed, 136 insertions, 30 deletions
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 5b788e328..939b919ed 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts | |||
@@ -3,7 +3,7 @@ | |||
3 | import { omit } from 'lodash' | 3 | import { omit } from 'lodash' |
4 | import 'mocha' | 4 | import 'mocha' |
5 | import { join } from 'path' | 5 | import { join } from 'path' |
6 | import { UserRole, VideoImport, VideoImportState } from '../../../../shared' | 6 | import { User, UserRole, VideoImport, VideoImportState } from '../../../../shared' |
7 | 7 | ||
8 | import { | 8 | import { |
9 | addVideoChannel, | 9 | addVideoChannel, |
@@ -44,35 +44,79 @@ describe('Test users API validators', function () { | |||
44 | const path = '/api/v1/users/' | 44 | const path = '/api/v1/users/' |
45 | let userId: number | 45 | let userId: number |
46 | let rootId: number | 46 | let rootId: number |
47 | let moderatorId: number | ||
47 | let videoId: number | 48 | let videoId: number |
48 | let server: ServerInfo | 49 | let server: ServerInfo |
49 | let serverWithRegistrationDisabled: ServerInfo | 50 | let serverWithRegistrationDisabled: ServerInfo |
50 | let userAccessToken = '' | 51 | let userAccessToken = '' |
52 | let moderatorAccessToken = '' | ||
51 | let channelId: number | 53 | let channelId: number |
52 | const user = { | ||
53 | username: 'user1', | ||
54 | password: 'my super password' | ||
55 | } | ||
56 | 54 | ||
57 | // --------------------------------------------------------------- | 55 | // --------------------------------------------------------------- |
58 | 56 | ||
59 | before(async function () { | 57 | before(async function () { |
60 | this.timeout(30000) | 58 | this.timeout(30000) |
61 | 59 | ||
62 | server = await flushAndRunServer(1) | 60 | { |
63 | serverWithRegistrationDisabled = await flushAndRunServer(2) | 61 | const res = await Promise.all([ |
62 | flushAndRunServer(1, { signup: { limit: 7 } }), | ||
63 | flushAndRunServer(2) | ||
64 | ]) | ||
64 | 65 | ||
65 | await setAccessTokensToServers([ server ]) | 66 | server = res[0] |
67 | serverWithRegistrationDisabled = res[1] | ||
66 | 68 | ||
67 | const videoQuota = 42000000 | 69 | await setAccessTokensToServers([ server ]) |
68 | await createUser({ | 70 | } |
69 | url: server.url, | 71 | |
70 | accessToken: server.accessToken, | 72 | { |
71 | username: user.username, | 73 | const user = { |
72 | password: user.password, | 74 | username: 'user1', |
73 | videoQuota: videoQuota | 75 | password: 'my super password' |
74 | }) | 76 | } |
75 | userAccessToken = await userLogin(server, user) | 77 | |
78 | const videoQuota = 42000000 | ||
79 | await createUser({ | ||
80 | url: server.url, | ||
81 | accessToken: server.accessToken, | ||
82 | username: user.username, | ||
83 | password: user.password, | ||
84 | videoQuota: videoQuota | ||
85 | }) | ||
86 | userAccessToken = await userLogin(server, user) | ||
87 | } | ||
88 | |||
89 | { | ||
90 | const moderator = { | ||
91 | username: 'moderator1', | ||
92 | password: 'super password' | ||
93 | } | ||
94 | |||
95 | await createUser({ | ||
96 | url: server.url, | ||
97 | accessToken: server.accessToken, | ||
98 | username: moderator.username, | ||
99 | password: moderator.password, | ||
100 | role: UserRole.MODERATOR | ||
101 | }) | ||
102 | |||
103 | moderatorAccessToken = await userLogin(server, moderator) | ||
104 | } | ||
105 | |||
106 | { | ||
107 | const moderator = { | ||
108 | username: 'moderator2', | ||
109 | password: 'super password' | ||
110 | } | ||
111 | |||
112 | await createUser({ | ||
113 | url: server.url, | ||
114 | accessToken: server.accessToken, | ||
115 | username: moderator.username, | ||
116 | password: moderator.password, | ||
117 | role: UserRole.MODERATOR | ||
118 | }) | ||
119 | } | ||
76 | 120 | ||
77 | { | 121 | { |
78 | const res = await getMyUserInformation(server.url, server.accessToken) | 122 | const res = await getMyUserInformation(server.url, server.accessToken) |
@@ -83,6 +127,15 @@ describe('Test users API validators', function () { | |||
83 | const res = await uploadVideo(server.url, server.accessToken, {}) | 127 | const res = await uploadVideo(server.url, server.accessToken, {}) |
84 | videoId = res.body.video.id | 128 | videoId = res.body.video.id |
85 | } | 129 | } |
130 | |||
131 | { | ||
132 | const res = await getUsersList(server.url, server.accessToken) | ||
133 | const users: User[] = res.body.data | ||
134 | |||
135 | userId = users.find(u => u.username === 'user1').id | ||
136 | rootId = users.find(u => u.username === 'root').id | ||
137 | moderatorId = users.find(u => u.username === 'moderator2').id | ||
138 | } | ||
86 | }) | 139 | }) |
87 | 140 | ||
88 | describe('When listing users', function () { | 141 | describe('When listing users', function () { |
@@ -251,6 +304,32 @@ describe('Test users API validators', function () { | |||
251 | }) | 304 | }) |
252 | }) | 305 | }) |
253 | 306 | ||
307 | it('Should fail to create a moderator or an admin with a moderator', async function () { | ||
308 | for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) { | ||
309 | const fields = immutableAssign(baseCorrectParams, { role }) | ||
310 | |||
311 | await makePostBodyRequest({ | ||
312 | url: server.url, | ||
313 | path, | ||
314 | token: moderatorAccessToken, | ||
315 | fields, | ||
316 | statusCodeExpected: 403 | ||
317 | }) | ||
318 | } | ||
319 | }) | ||
320 | |||
321 | it('Should succeed to create a user with a moderator', async function () { | ||
322 | const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER }) | ||
323 | |||
324 | await makePostBodyRequest({ | ||
325 | url: server.url, | ||
326 | path, | ||
327 | token: moderatorAccessToken, | ||
328 | fields, | ||
329 | statusCodeExpected: 200 | ||
330 | }) | ||
331 | }) | ||
332 | |||
254 | it('Should succeed with the correct params', async function () { | 333 | it('Should succeed with the correct params', async function () { |
255 | await makePostBodyRequest({ | 334 | await makePostBodyRequest({ |
256 | url: server.url, | 335 | url: server.url, |
@@ -468,11 +547,6 @@ describe('Test users API validators', function () { | |||
468 | }) | 547 | }) |
469 | 548 | ||
470 | describe('When getting a user', function () { | 549 | describe('When getting a user', function () { |
471 | before(async function () { | ||
472 | const res = await getUsersList(server.url, server.accessToken) | ||
473 | |||
474 | userId = res.body.data[1].id | ||
475 | }) | ||
476 | 550 | ||
477 | it('Should fail with an non authenticated user', async function () { | 551 | it('Should fail with an non authenticated user', async function () { |
478 | await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) | 552 | await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) |
@@ -489,13 +563,6 @@ describe('Test users API validators', function () { | |||
489 | 563 | ||
490 | describe('When updating a user', function () { | 564 | describe('When updating a user', function () { |
491 | 565 | ||
492 | before(async function () { | ||
493 | const res = await getUsersList(server.url, server.accessToken) | ||
494 | |||
495 | userId = res.body.data[1].id | ||
496 | rootId = res.body.data[2].id | ||
497 | }) | ||
498 | |||
499 | it('Should fail with an invalid email attribute', async function () { | 566 | it('Should fail with an invalid email attribute', async function () { |
500 | const fields = { | 567 | const fields = { |
501 | email: 'blabla' | 568 | email: 'blabla' |
@@ -565,7 +632,35 @@ describe('Test users API validators', function () { | |||
565 | it('Should fail with invalid admin flags', async function () { | 632 | it('Should fail with invalid admin flags', async function () { |
566 | const fields = { adminFlags: 'toto' } | 633 | const fields = { adminFlags: 'toto' } |
567 | 634 | ||
568 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 635 | await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
636 | }) | ||
637 | |||
638 | it('Should fail to update an admin with a moderator', async function () { | ||
639 | const fields = { | ||
640 | videoQuota: 42 | ||
641 | } | ||
642 | |||
643 | await makePutBodyRequest({ | ||
644 | url: server.url, | ||
645 | path: path + moderatorId, | ||
646 | token: moderatorAccessToken, | ||
647 | fields, | ||
648 | statusCodeExpected: 403 | ||
649 | }) | ||
650 | }) | ||
651 | |||
652 | it('Should succeed to update a user with a moderator', async function () { | ||
653 | const fields = { | ||
654 | videoQuota: 42 | ||
655 | } | ||
656 | |||
657 | await makePutBodyRequest({ | ||
658 | url: server.url, | ||
659 | path: path + userId, | ||
660 | token: moderatorAccessToken, | ||
661 | fields, | ||
662 | statusCodeExpected: 204 | ||
663 | }) | ||
569 | }) | 664 | }) |
570 | 665 | ||
571 | it('Should succeed with the correct params', async function () { | 666 | it('Should succeed with the correct params', async function () { |
@@ -664,6 +759,17 @@ describe('Test users API validators', function () { | |||
664 | await blockUser(server.url, userId, userAccessToken, 403) | 759 | await blockUser(server.url, userId, userAccessToken, 403) |
665 | await unblockUser(server.url, userId, userAccessToken, 403) | 760 | await unblockUser(server.url, userId, userAccessToken, 403) |
666 | }) | 761 | }) |
762 | |||
763 | it('Should fail on a moderator with a moderator', async function () { | ||
764 | await removeUser(server.url, moderatorId, moderatorAccessToken, 403) | ||
765 | await blockUser(server.url, moderatorId, moderatorAccessToken, 403) | ||
766 | await unblockUser(server.url, moderatorId, moderatorAccessToken, 403) | ||
767 | }) | ||
768 | |||
769 | it('Should succeed on a user with a moderator', async function () { | ||
770 | await blockUser(server.url, userId, moderatorAccessToken) | ||
771 | await unblockUser(server.url, userId, moderatorAccessToken) | ||
772 | }) | ||
667 | }) | 773 | }) |
668 | 774 | ||
669 | describe('When deleting our account', function () { | 775 | describe('When deleting our account', function () { |