aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/users.ts2
-rw-r--r--server/tests/api/check-params/users.ts20
2 files changed, 22 insertions, 0 deletions
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts
index 5e96d789e..abe6b3ff7 100644
--- a/server/controllers/api/users.ts
+++ b/server/controllers/api/users.ts
@@ -88,6 +88,8 @@ usersRouter.get('/',
88) 88)
89 89
90usersRouter.get('/:id', 90usersRouter.get('/:id',
91 authenticate,
92 ensureUserHasRight(UserRight.MANAGE_USERS),
91 asyncMiddleware(usersGetValidator), 93 asyncMiddleware(usersGetValidator),
92 getUser 94 getUser
93) 95)
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index ee591d620..a3e415b94 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -308,6 +308,26 @@ describe('Test users API validators', function () {
308 }) 308 })
309 }) 309 })
310 310
311 describe('When getting a user', function () {
312 before(async function () {
313 const res = await getUsersList(server.url, server.accessToken)
314
315 userId = res.body.data[1].id
316 })
317
318 it('Should fail with an non authenticated user', async function () {
319 await makeGetRequest({ url: server.url, path: path + userId, token: 'super token', statusCodeExpected: 401 })
320 })
321
322 it('Should fail with a non admin user', async function () {
323 await makeGetRequest({ url: server.url, path, token: userAccessToken, statusCodeExpected: 403 })
324 })
325
326 it('Should succeed with the correct params', async function () {
327 await makeGetRequest({ url: server.url, path: path + userId, token: server.accessToken, statusCodeExpected: 200 })
328 })
329 })
330
311 describe('When updating a user', function () { 331 describe('When updating a user', function () {
312 332
313 before(async function () { 333 before(async function () {