diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/api/users.ts | 2 | ||||
-rw-r--r-- | server/tests/api/check-params/users.ts | 20 |
2 files changed, 22 insertions, 0 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 5e96d789e..abe6b3ff7 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts | |||
@@ -88,6 +88,8 @@ usersRouter.get('/', | |||
88 | ) | 88 | ) |
89 | 89 | ||
90 | usersRouter.get('/:id', | 90 | usersRouter.get('/:id', |
91 | authenticate, | ||
92 | ensureUserHasRight(UserRight.MANAGE_USERS), | ||
91 | asyncMiddleware(usersGetValidator), | 93 | asyncMiddleware(usersGetValidator), |
92 | getUser | 94 | getUser |
93 | ) | 95 | ) |
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index ee591d620..a3e415b94 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts | |||
@@ -308,6 +308,26 @@ describe('Test users API validators', function () { | |||
308 | }) | 308 | }) |
309 | }) | 309 | }) |
310 | 310 | ||
311 | describe('When getting a user', function () { | ||
312 | before(async function () { | ||
313 | const res = await getUsersList(server.url, server.accessToken) | ||
314 | |||
315 | userId = res.body.data[1].id | ||
316 | }) | ||
317 | |||
318 | it('Should fail with an non authenticated user', async function () { | ||
319 | await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 }) | ||
320 | }) | ||
321 | |||
322 | it('Should fail with a non admin user', async function () { | ||
323 | await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 }) | ||
324 | }) | ||
325 | |||
326 | it('Should succeed with the correct params', async function () { | ||
327 | await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 }) | ||
328 | }) | ||
329 | }) | ||
330 | |||
311 | describe('When updating a user', function () { | 331 | describe('When updating a user', function () { |
312 | 332 | ||
313 | before(async function () { | 333 | before(async function () { |