From 9fe9ab086911d1eae68ac91599346a19e2c32bfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Fri, 24 Sep 2021 21:28:54 -0400 Subject: [PATCH] test: add tests for admin privileges --- test/controllers-admin.js | 40 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/test/controllers-admin.js b/test/controllers-admin.js index 3e720094f2..bbea21300c 100644 --- a/test/controllers-admin.js +++ b/test/controllers-admin.js @@ -1,7 +1,7 @@ 'use strict'; const async = require('async'); -const assert = require('assert'); +const assert = require('assert'); const nconf = require('nconf'); const request = require('request'); @@ -719,4 +719,42 @@ describe('Admin Controllers', () => { }); }); }); + + describe('admin page privileges', () => { + let userJar; + let uid; + const privileges = require('../src/privileges'); + before((done) => { + user.create({ username: 'regularjoe', password: 'barbar' }, (err, _uid) => { + assert.ifError(err); + uid = _uid; + helpers.loginUser('regularjoe', 'barbar', (err, _jar) => { + assert.ifError(err); + userJar = _jar; + done(); + }); + }); + }); + + it('should allow normal user access to admin pages', async () => { + function makeRequest(url) { + return new Promise((resolve, reject) => { + request(url, { jar: userJar, json: true }, (err, res, body) => { + if (err) reject(err); + else resolve(res); + }); + }); + } + for (const route of Object.keys(privileges.admin.routeMap)) { + /* eslint-disable no-await-in-loop */ + await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); + let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`); + assert.strictEqual(res.statusCode, 403); + + await privileges.admin.give([privileges.admin.routeMap[route]], uid); + res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`); + assert.strictEqual(res.statusCode, 200); + } + }); + }); });