diff --git a/routes/api/v1/assets.js b/routes/api/v1/assets.js index a8b043946..bc4ef254d 100644 --- a/routes/api/v1/assets.js +++ b/routes/api/v1/assets.js @@ -143,7 +143,7 @@ router.put( router.put( '/:asset_id/status', - authorization.needed('ADMIN'), + authorization.needed('ADMIN', 'MODERATOR'), async (req, res, next) => { const { closedAt, closedMessage } = req.body; diff --git a/test/server/routes/api/assets/index.js b/test/server/routes/api/assets/index.js index 526d303c8..282ce6fa2 100644 --- a/test/server/routes/api/assets/index.js +++ b/test/server/routes/api/assets/index.js @@ -155,7 +155,7 @@ describe('/api/v1/assets', () => { .and.to.not.equal(null); }); - it('should require ADMIN role', async () => { + it('should require ADMIN or MODERATOR role', async () => { const today = Date.now(); const asset = await AssetsService.findOrCreateByUrl('http://test.com'); @@ -165,7 +165,7 @@ describe('/api/v1/assets', () => { const promise = chai .request(app) .put(`/api/v1/assets/${asset.id}/status`) - .set(passport.inject({ role: 'MODERATOR' })) + .set(passport.inject({ role: 'COMMENTER' })) .send({ closedAt: today }); await expect(promise).to.eventually.be.rejected; });