aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2019-07-30 09:59:19 +0200
committerChocobozzz <me@florianbigard.com>2019-07-30 09:59:19 +0200
commita95a4cc89155f448e6f9ca0957170f3c72a9d964 (patch)
treef390fa3eccef0991db5694ef58d6716228a7f67a /server/tests/api
parentdc8902634864841be7ca483b8e1c0f5afa609c32 (diff)
downloadPeerTube-a95a4cc89155f448e6f9ca0957170f3c72a9d964.tar.gz
PeerTube-a95a4cc89155f448e6f9ca0957170f3c72a9d964.tar.zst
PeerTube-a95a4cc89155f448e6f9ca0957170f3c72a9d964.zip
Moderators can only manage users
Diffstat (limited to 'server/tests/api')
-rw-r--r--server/tests/api/check-params/users.ts166
1 files changed, 136 insertions, 30 deletions
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 5b788e328..939b919ed 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -3,7 +3,7 @@
3import { omit } from 'lodash' 3import { omit } from 'lodash'
4import 'mocha' 4import 'mocha'
5import { join } from 'path' 5import { join } from 'path'
6import { UserRole, VideoImport, VideoImportState } from '../../../../shared' 6import { User, UserRole, VideoImport, VideoImportState } from '../../../../shared'
7 7
8import { 8import {
9 addVideoChannel, 9 addVideoChannel,
@@ -44,35 +44,79 @@ describe('Test users API validators', function () {
44 const path = '/api/v1/users/' 44 const path = '/api/v1/users/'
45 let userId: number 45 let userId: number
46 let rootId: number 46 let rootId: number
47 let moderatorId: number
47 let videoId: number 48 let videoId: number
48 let server: ServerInfo 49 let server: ServerInfo
49 let serverWithRegistrationDisabled: ServerInfo 50 let serverWithRegistrationDisabled: ServerInfo
50 let userAccessToken = '' 51 let userAccessToken = ''
52 let moderatorAccessToken = ''
51 let channelId: number 53 let channelId: number
52 const user = {
53 username: 'user1',
54 password: 'my super password'
55 }
56 54
57 // --------------------------------------------------------------- 55 // ---------------------------------------------------------------
58 56
59 before(async function () { 57 before(async function () {
60 this.timeout(30000) 58 this.timeout(30000)
61 59
62 server = await flushAndRunServer(1) 60 {
63 serverWithRegistrationDisabled = await flushAndRunServer(2) 61 const res = await Promise.all([
62 flushAndRunServer(1, { signup: { limit: 7 } }),
63 flushAndRunServer(2)
64 ])
64 65
65 await setAccessTokensToServers([ server ]) 66 server = res[0]
67 serverWithRegistrationDisabled = res[1]
66 68
67 const videoQuota = 42000000 69 await setAccessTokensToServers([ server ])
68 await createUser({ 70 }
69 url: server.url, 71
70 accessToken: server.accessToken, 72 {
71 username: user.username, 73 const user = {
72 password: user.password, 74 username: 'user1',
73 videoQuota: videoQuota 75 password: 'my super password'
74 }) 76 }
75 userAccessToken = await userLogin(server, user) 77
78 const videoQuota = 42000000
79 await createUser({
80 url: server.url,
81 accessToken: server.accessToken,
82 username: user.username,
83 password: user.password,
84 videoQuota: videoQuota
85 })
86 userAccessToken = await userLogin(server, user)
87 }
88
89 {
90 const moderator = {
91 username: 'moderator1',
92 password: 'super password'
93 }
94
95 await createUser({
96 url: server.url,
97 accessToken: server.accessToken,
98 username: moderator.username,
99 password: moderator.password,
100 role: UserRole.MODERATOR
101 })
102
103 moderatorAccessToken = await userLogin(server, moderator)
104 }
105
106 {
107 const moderator = {
108 username: 'moderator2',
109 password: 'super password'
110 }
111
112 await createUser({
113 url: server.url,
114 accessToken: server.accessToken,
115 username: moderator.username,
116 password: moderator.password,
117 role: UserRole.MODERATOR
118 })
119 }
76 120
77 { 121 {
78 const res = await getMyUserInformation(server.url, server.accessToken) 122 const res = await getMyUserInformation(server.url, server.accessToken)
@@ -83,6 +127,15 @@ describe('Test users API validators', function () {
83 const res = await uploadVideo(server.url, server.accessToken, {}) 127 const res = await uploadVideo(server.url, server.accessToken, {})
84 videoId = res.body.video.id 128 videoId = res.body.video.id
85 } 129 }
130
131 {
132 const res = await getUsersList(server.url, server.accessToken)
133 const users: User[] = res.body.data
134
135 userId = users.find(u => u.username === 'user1').id
136 rootId = users.find(u => u.username === 'root').id
137 moderatorId = users.find(u => u.username === 'moderator2').id
138 }
86 }) 139 })
87 140
88 describe('When listing users', function () { 141 describe('When listing users', function () {
@@ -251,6 +304,32 @@ describe('Test users API validators', function () {
251 }) 304 })
252 }) 305 })
253 306
307 it('Should fail to create a moderator or an admin with a moderator', async function () {
308 for (const role of [ UserRole.MODERATOR, UserRole.ADMINISTRATOR ]) {
309 const fields = immutableAssign(baseCorrectParams, { role })
310
311 await makePostBodyRequest({
312 url: server.url,
313 path,
314 token: moderatorAccessToken,
315 fields,
316 statusCodeExpected: 403
317 })
318 }
319 })
320
321 it('Should succeed to create a user with a moderator', async function () {
322 const fields = immutableAssign(baseCorrectParams, { username: 'a4656', email: 'a4656@example.com', role: UserRole.USER })
323
324 await makePostBodyRequest({
325 url: server.url,
326 path,
327 token: moderatorAccessToken,
328 fields,
329 statusCodeExpected: 200
330 })
331 })
332
254 it('Should succeed with the correct params', async function () { 333 it('Should succeed with the correct params', async function () {
255 await makePostBodyRequest({ 334 await makePostBodyRequest({
256 url: server.url, 335 url: server.url,
@@ -468,11 +547,6 @@ describe('Test users API validators', function () {
468 }) 547 })
469 548
470 describe('When getting a user', function () { 549 describe('When getting a user', function () {
471 before(async function () {
472 const res = await getUsersList(server.url, server.accessToken)
473
474 userId = res.body.data[1].id
475 })
476 550
477 it('Should fail with an non authenticated user', async function () { 551 it('Should fail with an non authenticated user', async function () {
478 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) 552 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
@@ -489,13 +563,6 @@ describe('Test users API validators', function () {
489 563
490 describe('When updating a user', function () { 564 describe('When updating a user', function () {
491 565
492 before(async function () {
493 const res = await getUsersList(server.url, server.accessToken)
494
495 userId = res.body.data[1].id
496 rootId = res.body.data[2].id
497 })
498
499 it('Should fail with an invalid email attribute', async function () { 566 it('Should fail with an invalid email attribute', async function () {
500 const fields = { 567 const fields = {
501 email: 'blabla' 568 email: 'blabla'
@@ -565,7 +632,35 @@ describe('Test users API validators', function () {
565 it('Should fail with invalid admin flags', async function () { 632 it('Should fail with invalid admin flags', async function () {
566 const fields = { adminFlags: 'toto' } 633 const fields = { adminFlags: 'toto' }
567 634
568 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 635 await makePutBodyRequest({ url: server.url, path, token: server.accessToken, fields })
636 })
637
638 it('Should fail to update an admin with a moderator', async function () {
639 const fields = {
640 videoQuota: 42
641 }
642
643 await makePutBodyRequest({
644 url: server.url,
645 path: path + moderatorId,
646 token: moderatorAccessToken,
647 fields,
648 statusCodeExpected: 403
649 })
650 })
651
652 it('Should succeed to update a user with a moderator', async function () {
653 const fields = {
654 videoQuota: 42
655 }
656
657 await makePutBodyRequest({
658 url: server.url,
659 path: path + userId,
660 token: moderatorAccessToken,
661 fields,
662 statusCodeExpected: 204
663 })
569 }) 664 })
570 665
571 it('Should succeed with the correct params', async function () { 666 it('Should succeed with the correct params', async function () {
@@ -664,6 +759,17 @@ describe('Test users API validators', function () {
664 await blockUser(server.url, userId, userAccessToken, 403) 759 await blockUser(server.url, userId, userAccessToken, 403)
665 await unblockUser(server.url, userId, userAccessToken, 403) 760 await unblockUser(server.url, userId, userAccessToken, 403)
666 }) 761 })
762
763 it('Should fail on a moderator with a moderator', async function () {
764 await removeUser(server.url, moderatorId, moderatorAccessToken, 403)
765 await blockUser(server.url, moderatorId, moderatorAccessToken, 403)
766 await unblockUser(server.url, moderatorId, moderatorAccessToken, 403)
767 })
768
769 it('Should succeed on a user with a moderator', async function () {
770 await blockUser(server.url, userId, moderatorAccessToken)
771 await unblockUser(server.url, userId, moderatorAccessToken)
772 })
667 }) 773 })
668 774
669 describe('When deleting our account', function () { 775 describe('When deleting our account', function () {