forked from andyburke/autonomous.contact
feature: require invites
This commit is contained in:
parent
8b70172493
commit
a3302d2eff
22 changed files with 385 additions and 482 deletions
|
|
@ -1,101 +0,0 @@
|
|||
import { api, API_CLIENT } from '../../../utils/api.ts';
|
||||
import * as asserts from '@std/assert';
|
||||
import { EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, set_user_permissions } from '../../helpers.ts';
|
||||
import { generateTotp } from '../../../utils/totp.ts';
|
||||
import { clear_topic_events_cache } from '../../../models/event.ts';
|
||||
|
||||
Deno.test({
|
||||
name: 'API - TOPICS - Update',
|
||||
permissions: {
|
||||
env: true,
|
||||
read: true,
|
||||
write: true,
|
||||
net: true
|
||||
},
|
||||
fn: async () => {
|
||||
let test_server_info: EPHEMERAL_SERVER | null = null;
|
||||
try {
|
||||
test_server_info = await get_ephemeral_listen_server();
|
||||
const client: API_CLIENT = api({
|
||||
prefix: '/api',
|
||||
hostname: test_server_info.hostname,
|
||||
port: test_server_info.port
|
||||
});
|
||||
|
||||
const user_info = await get_new_user(client);
|
||||
|
||||
await set_user_permissions(client, user_info.user, user_info.session, [...user_info.user.permissions, 'topics.create']);
|
||||
|
||||
const new_topic = await client.fetch('/topics', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'x-session_id': user_info.session.id,
|
||||
'x-totp': await generateTotp(user_info.session.secret)
|
||||
},
|
||||
json: {
|
||||
name: 'test update topic'
|
||||
}
|
||||
});
|
||||
|
||||
asserts.assert(new_topic);
|
||||
|
||||
const other_user_info = await get_new_user(client);
|
||||
|
||||
try {
|
||||
const _permission_denied_topic = await client.fetch(`/topics/${new_topic.id}`, {
|
||||
method: 'PUT',
|
||||
headers: {
|
||||
'x-session_id': other_user_info.session.id,
|
||||
'x-totp': await generateTotp(other_user_info.session.secret)
|
||||
},
|
||||
json: {
|
||||
name: 'this should not be allowed'
|
||||
}
|
||||
});
|
||||
|
||||
asserts.fail('allowed updating a topic owned by someone else');
|
||||
} catch (error) {
|
||||
asserts.assertEquals((error as Error).cause, 'permission_denied');
|
||||
}
|
||||
|
||||
const updated_by_owner_topic = await client.fetch(`/topics/${new_topic.id}`, {
|
||||
method: 'PUT',
|
||||
headers: {
|
||||
'x-session_id': user_info.session.id,
|
||||
'x-totp': await generateTotp(user_info.session.secret)
|
||||
},
|
||||
json: {
|
||||
topic: 'this is a new topic',
|
||||
permissions: {
|
||||
...new_topic.permissions,
|
||||
write: [...new_topic.permissions.write, other_user_info.user.id]
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
asserts.assert(updated_by_owner_topic);
|
||||
asserts.assertEquals(updated_by_owner_topic.topic, 'this is a new topic');
|
||||
asserts.assertEquals(updated_by_owner_topic.permissions.write, [user_info.user.id, other_user_info.user.id]);
|
||||
|
||||
const updated_by_other_user_topic = await client.fetch(`/topics/${new_topic.id}`, {
|
||||
method: 'PUT',
|
||||
headers: {
|
||||
'x-session_id': other_user_info.session.id,
|
||||
'x-totp': await generateTotp(other_user_info.session.secret)
|
||||
},
|
||||
json: {
|
||||
topic: 'this is a newer topic'
|
||||
}
|
||||
});
|
||||
|
||||
asserts.assert(updated_by_other_user_topic);
|
||||
asserts.assertEquals(updated_by_other_user_topic.topic, 'this is a newer topic');
|
||||
asserts.assertEquals(updated_by_other_user_topic.permissions.write, [user_info.user.id, other_user_info.user.id]);
|
||||
} finally {
|
||||
clear_topic_events_cache();
|
||||
if (test_server_info) {
|
||||
await test_server_info?.server?.stop();
|
||||
}
|
||||
}
|
||||
}
|
||||
});
|
||||
Loading…
Add table
Add a link
Reference in a new issue