From 8d183915fa7b85b95f8a5df2f37bfd94a377f8b3 Mon Sep 17 00:00:00 2001 From: Leandro Date: Mon, 13 Apr 2020 23:37:50 +0200 Subject: [PATCH] [v4] Allow MODERATORS to close asset on stream. (#2921) * Allow MODERATORS to close asset on stream. MODERATORS can close asset on Admin side, but on Stream when they click to close, got an unathorized error. Change it to make consistency about what actions can be done. * Fix tests --- routes/api/v1/assets.js | 2 +- test/server/routes/api/assets/index.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/routes/api/v1/assets.js b/routes/api/v1/assets.js index a8b043946..bc4ef254d 100644 --- a/routes/api/v1/assets.js +++ b/routes/api/v1/assets.js @@ -143,7 +143,7 @@ router.put( router.put( '/:asset_id/status', - authorization.needed('ADMIN'), + authorization.needed('ADMIN', 'MODERATOR'), async (req, res, next) => { const { closedAt, closedMessage } = req.body; diff --git a/test/server/routes/api/assets/index.js b/test/server/routes/api/assets/index.js index 526d303c8..282ce6fa2 100644 --- a/test/server/routes/api/assets/index.js +++ b/test/server/routes/api/assets/index.js @@ -155,7 +155,7 @@ describe('/api/v1/assets', () => { .and.to.not.equal(null); }); - it('should require ADMIN role', async () => { + it('should require ADMIN or MODERATOR role', async () => { const today = Date.now(); const asset = await AssetsService.findOrCreateByUrl('http://test.com'); @@ -165,7 +165,7 @@ describe('/api/v1/assets', () => { const promise = chai .request(app) .put(`/api/v1/assets/${asset.id}/status`) - .set(passport.inject({ role: 'MODERATOR' })) + .set(passport.inject({ role: 'COMMENTER' })) .send({ closedAt: today }); await expect(promise).to.eventually.be.rejected; });