mirror of
https://github.com/wassname/talk.git
synced 2026-07-01 21:15:47 +08:00
[v4] Allow MODERATORS to close asset on stream. (#2921)
* Allow MODERATORS to close asset on stream. MODERATORS can close asset on Admin side, but on Stream when they click to close, got an unathorized error. Change it to make consistency about what actions can be done. * Fix tests
This commit is contained in:
@@ -143,7 +143,7 @@ router.put(
|
||||
|
||||
router.put(
|
||||
'/:asset_id/status',
|
||||
authorization.needed('ADMIN'),
|
||||
authorization.needed('ADMIN', 'MODERATOR'),
|
||||
async (req, res, next) => {
|
||||
const { closedAt, closedMessage } = req.body;
|
||||
|
||||
|
||||
@@ -155,7 +155,7 @@ describe('/api/v1/assets', () => {
|
||||
.and.to.not.equal(null);
|
||||
});
|
||||
|
||||
it('should require ADMIN role', async () => {
|
||||
it('should require ADMIN or MODERATOR role', async () => {
|
||||
const today = Date.now();
|
||||
|
||||
const asset = await AssetsService.findOrCreateByUrl('http://test.com');
|
||||
@@ -165,7 +165,7 @@ describe('/api/v1/assets', () => {
|
||||
const promise = chai
|
||||
.request(app)
|
||||
.put(`/api/v1/assets/${asset.id}/status`)
|
||||
.set(passport.inject({ role: 'MODERATOR' }))
|
||||
.set(passport.inject({ role: 'COMMENTER' }))
|
||||
.send({ closedAt: today });
|
||||
await expect(promise).to.eventually.be.rejected;
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user