aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--client/src/app/core/auth/auth-user.model.ts2
-rw-r--r--client/src/app/shared/forms/form-validators/user.ts2
-rw-r--r--server/initializers/migrations/0085-user-role.ts1
-rw-r--r--server/tests/api/check-params/users.ts72
-rw-r--r--server/tests/api/users.ts21
-rw-r--r--server/tests/utils/users.ts16
6 files changed, 92 insertions, 22 deletions
diff --git a/client/src/app/core/auth/auth-user.model.ts b/client/src/app/core/auth/auth-user.model.ts
index 085b763ec..7b6c8816f 100644
--- a/client/src/app/core/auth/auth-user.model.ts
+++ b/client/src/app/core/auth/auth-user.model.ts
@@ -123,7 +123,7 @@ export class AuthUser extends User {
123 this.tokens.refreshToken = refreshToken 123 this.tokens.refreshToken = refreshToken
124 } 124 }
125 125
126 hasRight(right: UserRight) { 126 hasRight (right: UserRight) {
127 return hasUserRight(this.role, right) 127 return hasUserRight(this.role, right)
128 } 128 }
129 129
diff --git a/client/src/app/shared/forms/form-validators/user.ts b/client/src/app/shared/forms/form-validators/user.ts
index e7473b75b..9d200649c 100644
--- a/client/src/app/shared/forms/form-validators/user.ts
+++ b/client/src/app/shared/forms/form-validators/user.ts
@@ -32,6 +32,6 @@ export const USER_VIDEO_QUOTA = {
32export const USER_ROLE = { 32export const USER_ROLE = {
33 VALIDATORS: [ Validators.required ], 33 VALIDATORS: [ Validators.required ],
34 MESSAGES: { 34 MESSAGES: {
35 'required': 'User role is required.', 35 'required': 'User role is required.'
36 } 36 }
37} 37}
diff --git a/server/initializers/migrations/0085-user-role.ts b/server/initializers/migrations/0085-user-role.ts
index e67c5ca24..de75faec2 100644
--- a/server/initializers/migrations/0085-user-role.ts
+++ b/server/initializers/migrations/0085-user-role.ts
@@ -1,5 +1,4 @@
1import * as Sequelize from 'sequelize' 1import * as Sequelize from 'sequelize'
2import * as uuidv4 from 'uuid/v4'
3 2
4async function up (utils: { 3async function up (utils: {
5 transaction: Sequelize.Transaction, 4 transaction: Sequelize.Transaction,
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index ef78c8262..687999c09 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -19,6 +19,7 @@ import {
19 makePostBodyRequest, 19 makePostBodyRequest,
20 getUserAccessToken 20 getUserAccessToken
21} from '../../utils' 21} from '../../utils'
22import { UserRole } from '../../../../shared'
22 23
23describe('Test users API validators', function () { 24describe('Test users API validators', function () {
24 const path = '/api/v1/users/' 25 const path = '/api/v1/users/'
@@ -92,6 +93,7 @@ describe('Test users API validators', function () {
92 username: 'ji', 93 username: 'ji',
93 email: 'test@example.com', 94 email: 'test@example.com',
94 password: 'my_super_password', 95 password: 'my_super_password',
96 role: UserRole.USER,
95 videoQuota: 42000000 97 videoQuota: 42000000
96 } 98 }
97 99
@@ -103,7 +105,8 @@ describe('Test users API validators', function () {
103 username: 'my_super_username_which_is_very_long', 105 username: 'my_super_username_which_is_very_long',
104 email: 'test@example.com', 106 email: 'test@example.com',
105 password: 'my_super_password', 107 password: 'my_super_password',
106 videoQuota: 42000000 108 videoQuota: 42000000,
109 role: UserRole.USER
107 } 110 }
108 111
109 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 112 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -114,7 +117,8 @@ describe('Test users API validators', function () {
114 username: 'my username', 117 username: 'my username',
115 email: 'test@example.com', 118 email: 'test@example.com',
116 password: 'my_super_password', 119 password: 'my_super_password',
117 videoQuota: 42000000 120 videoQuota: 42000000,
121 role: UserRole.USER
118 } 122 }
119 123
120 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 124 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -124,7 +128,8 @@ describe('Test users API validators', function () {
124 const fields = { 128 const fields = {
125 username: 'ji', 129 username: 'ji',
126 password: 'my_super_password', 130 password: 'my_super_password',
127 videoQuota: 42000000 131 videoQuota: 42000000,
132 role: UserRole.USER
128 } 133 }
129 134
130 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 135 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -135,7 +140,8 @@ describe('Test users API validators', function () {
135 username: 'my_super_username_which_is_very_long', 140 username: 'my_super_username_which_is_very_long',
136 email: 'test_example.com', 141 email: 'test_example.com',
137 password: 'my_super_password', 142 password: 'my_super_password',
138 videoQuota: 42000000 143 videoQuota: 42000000,
144 role: UserRole.USER
139 } 145 }
140 146
141 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 147 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -146,7 +152,8 @@ describe('Test users API validators', function () {
146 username: 'my_username', 152 username: 'my_username',
147 email: 'test@example.com', 153 email: 'test@example.com',
148 password: 'bla', 154 password: 'bla',
149 videoQuota: 42000000 155 videoQuota: 42000000,
156 role: UserRole.USER
150 } 157 }
151 158
152 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 159 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -159,7 +166,8 @@ describe('Test users API validators', function () {
159 password: 'my super long password which is very very very very very very very very very very very very very very' + 166 password: 'my super long password which is very very very very very very very very very very very very very very' +
160 'very very very very very very very very very very very very very very very veryv very very very very' + 167 'very very very very very very very very very very very very very very very veryv very very very very' +
161 'very very very very very very very very very very very very very very very very very very very very long', 168 'very very very very very very very very very very very very very very very very very very very very long',
162 videoQuota: 42000000 169 videoQuota: 42000000,
170 role: UserRole.USER
163 } 171 }
164 172
165 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 173 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -170,7 +178,8 @@ describe('Test users API validators', function () {
170 username: 'my_username', 178 username: 'my_username',
171 email: 'test@example.com', 179 email: 'test@example.com',
172 password: 'my super password', 180 password: 'my super password',
173 videoQuota: 42000000 181 videoQuota: 42000000,
182 role: UserRole.USER
174 } 183 }
175 184
176 await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 }) 185 await makePostBodyRequest({ url: server.url, path, token: 'super token', fields, statusCodeExpected: 401 })
@@ -181,7 +190,8 @@ describe('Test users API validators', function () {
181 username: 'user1', 190 username: 'user1',
182 email: 'test@example.com', 191 email: 'test@example.com',
183 password: 'my super password', 192 password: 'my super password',
184 videoQuota: 42000000 193 videoQuota: 42000000,
194 role: UserRole.USER
185 } 195 }
186 196
187 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) 197 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
@@ -192,7 +202,8 @@ describe('Test users API validators', function () {
192 username: 'my_username', 202 username: 'my_username',
193 email: 'user1@example.com', 203 email: 'user1@example.com',
194 password: 'my super password', 204 password: 'my super password',
195 videoQuota: 42000000 205 videoQuota: 42000000,
206 role: UserRole.USER
196 } 207 }
197 208
198 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 }) 209 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 409 })
@@ -202,7 +213,8 @@ describe('Test users API validators', function () {
202 const fields = { 213 const fields = {
203 username: 'my_username', 214 username: 'my_username',
204 email: 'user1@example.com', 215 email: 'user1@example.com',
205 password: 'my super password' 216 password: 'my super password',
217 role: UserRole.USER
206 } 218 }
207 219
208 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 220 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -213,7 +225,31 @@ describe('Test users API validators', function () {
213 username: 'my_username', 225 username: 'my_username',
214 email: 'user1@example.com', 226 email: 'user1@example.com',
215 password: 'my super password', 227 password: 'my super password',
216 videoQuota: -5 228 videoQuota: -5,
229 role: UserRole.USER
230 }
231
232 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
233 })
234
235 it('Should fail without a user role', async function () {
236 const fields = {
237 username: 'my_username',
238 email: 'user1@example.com',
239 password: 'my super password',
240 videoQuota: 0
241 }
242
243 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
244 })
245
246 it('Should fail with an invalid user role', async function () {
247 const fields = {
248 username: 'my_username',
249 email: 'user1@example.com',
250 password: 'my super password',
251 videoQuota: 0,
252 role: 88989
217 } 253 }
218 254
219 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) 255 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields })
@@ -224,7 +260,8 @@ describe('Test users API validators', function () {
224 username: 'user2', 260 username: 'user2',
225 email: 'test@example.com', 261 email: 'test@example.com',
226 password: 'my super password', 262 password: 'my super password',
227 videoQuota: -1 263 videoQuota: -1,
264 role: UserRole.USER
228 } 265 }
229 266
230 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 }) 267 await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields, statusCodeExpected: 204 })
@@ -327,6 +364,14 @@ describe('Test users API validators', function () {
327 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields }) 364 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
328 }) 365 })
329 366
367 it('Should fail with an invalid user role attribute', async function () {
368 const fields = {
369 role: 54878
370 }
371
372 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields })
373 })
374
330 it('Should fail with an non authenticated user', async function () { 375 it('Should fail with an non authenticated user', async function () {
331 const fields = { 376 const fields = {
332 videoQuota: 42 377 videoQuota: 42
@@ -338,7 +383,8 @@ describe('Test users API validators', function () {
338 it('Should succeed with the correct params', async function () { 383 it('Should succeed with the correct params', async function () {
339 const fields = { 384 const fields = {
340 email: 'email@example.com', 385 email: 'email@example.com',
341 videoQuota: 42 386 videoQuota: 42,
387 role: UserRole.MODERATOR
342 } 388 }
343 389
344 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 }) 390 await makePutBodyRequest({ url: server.url, path: path + userId, token: server.accessToken, fields, statusCodeExpected: 204 })
diff --git a/server/tests/api/users.ts b/server/tests/api/users.ts
index dbf0801f3..bdef62c46 100644
--- a/server/tests/api/users.ts
+++ b/server/tests/api/users.ts
@@ -25,10 +25,12 @@ import {
25 updateUser, 25 updateUser,
26 updateMyUser, 26 updateMyUser,
27 registerUser, 27 registerUser,
28 removeUser 28 removeUser,
29 killallServers,
30 getUserInformation,
31 getBlacklistedVideosList
29} from '../utils' 32} from '../utils'
30import { killallServers } from '../utils/servers' 33import { UserRole } from '../../../shared'
31import { getUserInformation } from '../utils/users'
32 34
33describe('Test users', function () { 35describe('Test users', function () {
34 let server: ServerInfo 36 let server: ServerInfo
@@ -188,6 +190,7 @@ describe('Test users', function () {
188 expect(user.email).to.equal('user_1@example.com') 190 expect(user.email).to.equal('user_1@example.com')
189 expect(user.displayNSFW).to.be.false 191 expect(user.displayNSFW).to.be.false
190 expect(user.videoQuota).to.equal(2 * 1024 * 1024) 192 expect(user.videoQuota).to.equal(2 * 1024 * 1024)
193 expect(user.roleLabel).to.equal('User')
191 expect(user.id).to.be.a('number') 194 expect(user.id).to.be.a('number')
192 }) 195 })
193 196
@@ -234,6 +237,7 @@ describe('Test users', function () {
234 const user = users[0] 237 const user = users[0]
235 expect(user.username).to.equal('root') 238 expect(user.username).to.equal('root')
236 expect(user.email).to.equal('admin1@example.com') 239 expect(user.email).to.equal('admin1@example.com')
240 expect(user.roleLabel).to.equal('Administrator')
237 expect(user.displayNSFW).to.be.false 241 expect(user.displayNSFW).to.be.false
238 }) 242 })
239 243
@@ -319,7 +323,7 @@ describe('Test users', function () {
319 }) 323 })
320 324
321 it('Should be able to update another user', async function () { 325 it('Should be able to update another user', async function () {
322 await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42) 326 await updateUser(server.url, userId, accessToken, 'updated2@example.com', 42, UserRole.MODERATOR)
323 327
324 const res = await getUserInformation(server.url, accessToken, userId) 328 const res = await getUserInformation(server.url, accessToken, userId)
325 const user = res.body 329 const user = res.body
@@ -328,9 +332,18 @@ describe('Test users', function () {
328 expect(user.email).to.equal('updated2@example.com') 332 expect(user.email).to.equal('updated2@example.com')
329 expect(user.displayNSFW).to.be.ok 333 expect(user.displayNSFW).to.be.ok
330 expect(user.videoQuota).to.equal(42) 334 expect(user.videoQuota).to.equal(42)
335 expect(user.roleLabel).to.equal('Moderator')
331 expect(user.id).to.be.a('number') 336 expect(user.id).to.be.a('number')
332 }) 337 })
333 338
339 it('Should not be able to delete a user by a moderator', async function () {
340 await removeUser(server.url, 2, accessTokenUser, 403)
341 })
342
343 it('Should be able to list video blacklist by a moderator', async function () {
344 await getBlacklistedVideosList(server.url, accessTokenUser)
345 })
346
334 it('Should be able to remove this user', async function () { 347 it('Should be able to remove this user', async function () {
335 await removeUser(server.url, userId, accessToken) 348 await removeUser(server.url, userId, accessToken)
336 }) 349 })
diff --git a/server/tests/utils/users.ts b/server/tests/utils/users.ts
index e5f3eb1b3..12569dd42 100644
--- a/server/tests/utils/users.ts
+++ b/server/tests/utils/users.ts
@@ -1,10 +1,21 @@
1import * as request from 'supertest' 1import * as request from 'supertest'
2 2
3function createUser (url: string, accessToken: string, username: string, password: string, videoQuota = 1000000, specialStatus = 204) { 3import { UserRole } from '../../../shared'
4
5function createUser (
6 url: string,
7 accessToken: string,
8 username: string,
9 password: string,
10 videoQuota = 1000000,
11 role: UserRole = UserRole.USER,
12 specialStatus = 204
13) {
4 const path = '/api/v1/users' 14 const path = '/api/v1/users'
5 const body = { 15 const body = {
6 username, 16 username,
7 password, 17 password,
18 role,
8 email: username + '@example.com', 19 email: username + '@example.com',
9 videoQuota 20 videoQuota
10 } 21 }
@@ -114,12 +125,13 @@ function updateMyUser (url: string, accessToken: string, newPassword: string, di
114 .expect(204) 125 .expect(204)
115} 126}
116 127
117function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number) { 128function updateUser (url: string, userId: number, accessToken: string, email: string, videoQuota: number, role: UserRole) {
118 const path = '/api/v1/users/' + userId 129 const path = '/api/v1/users/' + userId
119 130
120 const toSend = {} 131 const toSend = {}
121 if (email !== undefined && email !== null) toSend['email'] = email 132 if (email !== undefined && email !== null) toSend['email'] = email
122 if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota 133 if (videoQuota !== undefined && videoQuota !== null) toSend['videoQuota'] = videoQuota
134 if (role !== undefined && role !== null) toSend['role'] = role
123 135
124 return request(url) 136 return request(url)
125 .put(path) 137 .put(path)