From 115d19945be7cc8a2927bba77be74933a8303397 Mon Sep 17 00:00:00 2001 From: riley Date: Thu, 15 Dec 2016 15:43:22 -0700 Subject: [PATCH 1/3] add tests for comment stream for non-admins --- tests/routes/api/comments/index.js | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/routes/api/comments/index.js b/tests/routes/api/comments/index.js index fdd4e4bbe..f07610bbd 100644 --- a/tests/routes/api/comments/index.js +++ b/tests/routes/api/comments/index.js @@ -85,6 +85,29 @@ describe('/api/v1/comments', () => { ]); }); + it('should return only the owner’s comments if the user is not an admin', () => { + return chai.request(app) + .get('/api/v1/comments?user_id=456') + .set(passport.inject({id: '456', roles: []})) + .then(res => { + expect(res).to.have.status(200); + expect(res.body.comments).to.have.length(2); + expect(res.body.comments[0]).to.have.property('id', comments[1].id); + }); + }); + + it('should fail if a non-admin requests comments not owned by them', () => { + return chai.request(app) + .get('/api/v1/comments?user_id=456') + .set(passport.inject({id: '123', roles: []})) + .then((res) => { + expect(res).to.be.empty; + }) + .catch((err) => { + expect(err).to.have.property('status', 401); + }); + }); + it('should return all the comments', () => { return chai.request(app) .get('/api/v1/comments') From 833094b6dddb1210604a074465c335ea290adbfc Mon Sep 17 00:00:00 2001 From: riley Date: Thu, 15 Dec 2016 15:53:47 -0700 Subject: [PATCH 2/3] check the author_id instead of comment.id --- tests/routes/api/comments/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/routes/api/comments/index.js b/tests/routes/api/comments/index.js index f07610bbd..8e5632d26 100644 --- a/tests/routes/api/comments/index.js +++ b/tests/routes/api/comments/index.js @@ -92,7 +92,7 @@ describe('/api/v1/comments', () => { .then(res => { expect(res).to.have.status(200); expect(res.body.comments).to.have.length(2); - expect(res.body.comments[0]).to.have.property('id', comments[1].id); + expect(res.body.comments[0]).to.have.property('author_id', '456'); }); }); From 64ac1610ebf7da3589b2fd76a736d99ec0e48c9a Mon Sep 17 00:00:00 2001 From: Riley Davis Date: Thu, 15 Dec 2016 15:58:56 -0700 Subject: [PATCH 3/3] address different comment in result --- tests/routes/api/comments/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/routes/api/comments/index.js b/tests/routes/api/comments/index.js index 8e5632d26..1d7ad5321 100644 --- a/tests/routes/api/comments/index.js +++ b/tests/routes/api/comments/index.js @@ -92,7 +92,7 @@ describe('/api/v1/comments', () => { .then(res => { expect(res).to.have.status(200); expect(res.body.comments).to.have.length(2); - expect(res.body.comments[0]).to.have.property('author_id', '456'); + expect(res.body.comments[1]).to.have.property('author_id', '456'); }); });