Skip to content

Commit c987432

Browse files
jessicaschellyjessicaschelly
authored
test: custom user status API tests with authentication and permission (RocketChat#39330)
1 parent 0cb6a96 commit c987432

1 file changed

Lines changed: 298 additions & 3 deletions

File tree

apps/meteor/tests/end-to-end/api/custom-user-status.ts

Lines changed: 298 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,14 @@
11
import { expect } from 'chai';
2-
import { after, before, describe, it } from 'mocha';
2+
import { after, afterEach, before, describe, it } from 'mocha';
3+
import type { Response } from 'supertest';
34

45
import { getCredentials, api, request, credentials } from '../../data/api-data';
6+
import { updatePermission } from '../../data/permissions.helper';
7+
import { password } from '../../data/user';
8+
import { createUser, deleteUser, login } from '../../data/users.helper';
59

6-
async function createCustomUserStatus(name: string): Promise<string> {
7-
const res = await request.post(api('custom-user-status.create')).set(credentials).send({ name }).expect(200);
10+
async function createCustomUserStatus(name: string, statusType?: string): Promise<string> {
11+
const res = await request.post(api('custom-user-status.create')).set(credentials).send({ name, statusType }).expect(200);
812
return res.body.customUserStatus._id;
913
}
1014

@@ -13,10 +17,20 @@ async function deleteCustomUserStatus(id: string): Promise<void> {
1317
}
1418

1519
describe('[CustomUserStatus]', () => {
20+
let unauthorizedUser: any;
21+
let unauthorizedUserCredentials: any;
22+
1623
before((done) => {
1724
getCredentials(done);
1825
});
1926

27+
before(async () => {
28+
unauthorizedUser = await createUser();
29+
unauthorizedUserCredentials = await login(unauthorizedUser.username, password);
30+
});
31+
32+
after(() => Promise.all([updatePermission('manage-user-status', ['admin']), deleteUser(unauthorizedUser)]));
33+
2034
describe('[/custom-user-status.list]', () => {
2135
let customUserStatusId: string;
2236
let customUserStatusName: string;
@@ -113,4 +127,285 @@ describe('[CustomUserStatus]', () => {
113127
.end(done);
114128
});
115129
});
130+
131+
describe('[/custom-user-status.create]', () => {
132+
let customUserStatusId: string;
133+
134+
afterEach(async () => {
135+
await updatePermission('manage-user-status', ['admin']);
136+
137+
if (customUserStatusId) {
138+
await deleteCustomUserStatus(customUserStatusId);
139+
customUserStatusId = '';
140+
}
141+
});
142+
143+
it('should throw an error if not authenticated', async () => {
144+
await request
145+
.post(api('custom-user-status.create'))
146+
.send({ name: 'test-status' })
147+
.expect('Content-Type', 'application/json')
148+
.expect(401)
149+
.expect((res: Response) => {
150+
expect(res.body).to.have.property('status', 'error');
151+
});
152+
});
153+
154+
it('should throw an error if user does not have manage-user-status permission', async () => {
155+
await updatePermission('manage-user-status', []);
156+
157+
await request
158+
.post(api('custom-user-status.create'))
159+
.set(unauthorizedUserCredentials)
160+
.send({ name: 'test-status' })
161+
.expect('Content-Type', 'application/json')
162+
.expect(400)
163+
.expect((res: Response) => {
164+
expect(res.body).to.have.property('success', false);
165+
expect(res.body).to.have.property('errorType', 'not_authorized');
166+
});
167+
});
168+
169+
it('should create a custom user status successfully', async () => {
170+
const statusName = `test-create-${Date.now()}`;
171+
172+
await request
173+
.post(api('custom-user-status.create'))
174+
.set(credentials)
175+
.send({ name: statusName, statusType: 'busy' })
176+
.expect('Content-Type', 'application/json')
177+
.expect(200)
178+
.expect((res: Response) => {
179+
expect(res.body).to.have.property('success', true);
180+
expect(res.body).to.have.property('customUserStatus');
181+
expect(res.body.customUserStatus).to.have.property('_id');
182+
expect(res.body.customUserStatus).to.have.property('name', statusName);
183+
expect(res.body.customUserStatus).to.have.property('statusType', 'busy');
184+
customUserStatusId = res.body.customUserStatus._id;
185+
});
186+
});
187+
188+
it('should throw an error if name already exists', async () => {
189+
const statusName = `test-duplicate-${Date.now()}`;
190+
customUserStatusId = await createCustomUserStatus(statusName);
191+
192+
await request
193+
.post(api('custom-user-status.create'))
194+
.set(credentials)
195+
.send({ name: statusName })
196+
.expect('Content-Type', 'application/json')
197+
.expect(400)
198+
.expect((res: Response) => {
199+
expect(res.body).to.have.property('success', false);
200+
expect(res.body).to.have.property('errorType', 'Custom_User_Status_Error_Name_Already_In_Use');
201+
});
202+
});
203+
204+
it('should throw an error if statusType is invalid', async () => {
205+
await request
206+
.post(api('custom-user-status.create'))
207+
.set(credentials)
208+
.send({ name: `test-invalid-status-type-${Date.now()}`, statusType: 'invalid' })
209+
.expect('Content-Type', 'application/json')
210+
.expect(400)
211+
.expect((res: Response) => {
212+
expect(res.body).to.have.property('success', false);
213+
expect(res.body).to.have.property('errorType', 'error-input-is-not-a-valid-field');
214+
});
215+
});
216+
});
217+
218+
describe('[/custom-user-status.update]', () => {
219+
let customUserStatusId: string;
220+
let customUserStatusName: string;
221+
222+
before(async () => {
223+
customUserStatusName = `test-update-${Date.now()}`;
224+
customUserStatusId = await createCustomUserStatus(customUserStatusName);
225+
});
226+
227+
afterEach(async () => {
228+
await updatePermission('manage-user-status', ['admin']);
229+
});
230+
231+
after(async () => {
232+
if (customUserStatusId) {
233+
await deleteCustomUserStatus(customUserStatusId);
234+
}
235+
await updatePermission('manage-user-status', ['admin']);
236+
});
237+
238+
it('should throw an error if not authenticated', async () => {
239+
await request
240+
.post(api('custom-user-status.update'))
241+
.send({ _id: customUserStatusId, name: 'updated-name' })
242+
.expect('Content-Type', 'application/json')
243+
.expect(401)
244+
.expect((res: Response) => {
245+
expect(res.body).to.have.property('status', 'error');
246+
});
247+
});
248+
249+
it('should throw an error if user does not have manage-user-status permission', async () => {
250+
await updatePermission('manage-user-status', []);
251+
252+
await request
253+
.post(api('custom-user-status.update'))
254+
.set(unauthorizedUserCredentials)
255+
.send({ _id: customUserStatusId, name: 'updated-name' })
256+
.expect('Content-Type', 'application/json')
257+
.expect(400)
258+
.expect((res: Response) => {
259+
expect(res.body).to.have.property('success', false);
260+
expect(res.body).to.have.property('errorType', 'not_authorized');
261+
});
262+
});
263+
264+
it('should throw an error if custom user status does not exist', async () => {
265+
await request
266+
.post(api('custom-user-status.update'))
267+
.set(credentials)
268+
.send({ _id: 'invalid-id', name: 'updated-name' })
269+
.expect('Content-Type', 'application/json')
270+
.expect(400)
271+
.expect((res: Response) => {
272+
expect(res.body).to.have.property('success', false);
273+
});
274+
});
275+
276+
it('should update custom user status successfully', async () => {
277+
const newName = `test-updated-${Date.now()}`;
278+
279+
await request
280+
.post(api('custom-user-status.update'))
281+
.set(credentials)
282+
.send({ _id: customUserStatusId, name: newName, statusType: 'away' })
283+
.expect('Content-Type', 'application/json')
284+
.expect(200)
285+
.expect((res: Response) => {
286+
expect(res.body).to.have.property('success', true);
287+
expect(res.body).to.have.property('customUserStatus');
288+
expect(res.body.customUserStatus).to.have.property('_id', customUserStatusId);
289+
expect(res.body.customUserStatus).to.have.property('name', newName);
290+
expect(res.body.customUserStatus).to.have.property('statusType', 'away');
291+
});
292+
293+
customUserStatusName = newName;
294+
});
295+
296+
it('should throw an error if status name already exists', async () => {
297+
const existingStatusName = `test-update-duplicate-${Date.now()}`;
298+
const existingStatusId = await createCustomUserStatus(existingStatusName);
299+
300+
await request
301+
.post(api('custom-user-status.update'))
302+
.set(credentials)
303+
.send({ _id: customUserStatusId, name: existingStatusName })
304+
.expect('Content-Type', 'application/json')
305+
.expect(400)
306+
.expect((res: Response) => {
307+
expect(res.body).to.have.property('success', false);
308+
expect(res.body).to.have.property('errorType', 'Custom_User_Status_Error_Name_Already_In_Use');
309+
});
310+
311+
await deleteCustomUserStatus(existingStatusId);
312+
});
313+
314+
it('should throw an error if statusType is invalid', async () => {
315+
await request
316+
.post(api('custom-user-status.update'))
317+
.set(credentials)
318+
.send({ _id: customUserStatusId, name: customUserStatusName, statusType: 'invalid' })
319+
.expect('Content-Type', 'application/json')
320+
.expect(400)
321+
.expect((res: Response) => {
322+
expect(res.body).to.have.property('success', false);
323+
expect(res.body).to.have.property('errorType', 'error-input-is-not-a-valid-field');
324+
});
325+
});
326+
});
327+
328+
describe('[/custom-user-status.delete]', () => {
329+
let customUserStatusId: string;
330+
331+
beforeEach(async () => {
332+
const statusName = `test-delete-${Date.now()}`;
333+
customUserStatusId = await createCustomUserStatus(statusName);
334+
});
335+
336+
afterEach(async () => {
337+
await updatePermission('manage-user-status', ['admin']);
338+
339+
if (customUserStatusId) {
340+
await deleteCustomUserStatus(customUserStatusId);
341+
customUserStatusId = '';
342+
}
343+
});
344+
345+
it('should throw an error if not authenticated', async () => {
346+
await request
347+
.post(api('custom-user-status.delete'))
348+
.send({ customUserStatusId })
349+
.expect('Content-Type', 'application/json')
350+
.expect(401)
351+
.expect((res: Response) => {
352+
expect(res.body).to.have.property('status', 'error');
353+
});
354+
});
355+
356+
it('should throw an error if user does not have manage-user-status permission', async () => {
357+
await updatePermission('manage-user-status', []);
358+
359+
await request
360+
.post(api('custom-user-status.delete'))
361+
.set(unauthorizedUserCredentials)
362+
.send({ customUserStatusId })
363+
.expect('Content-Type', 'application/json')
364+
.expect(400)
365+
.expect((res: Response) => {
366+
expect(res.body).to.have.property('success', false);
367+
expect(res.body).to.have.property('errorType', 'not_authorized');
368+
});
369+
});
370+
371+
it('should throw an error if customUserStatusId is not provided', async () => {
372+
await request
373+
.post(api('custom-user-status.delete'))
374+
.set(credentials)
375+
.send({})
376+
.expect('Content-Type', 'application/json')
377+
.expect(400)
378+
.expect((res: Response) => {
379+
expect(res.body).to.have.property('success', false);
380+
expect(res.body).to.have.property('error', 'The "customUserStatusId" params is required!');
381+
});
382+
});
383+
384+
it('should throw an error if custom user status does not exist', async () => {
385+
await request
386+
.post(api('custom-user-status.delete'))
387+
.set(credentials)
388+
.send({ customUserStatusId: 'invalid-id' })
389+
.expect('Content-Type', 'application/json')
390+
.expect(400)
391+
.expect((res: Response) => {
392+
expect(res.body).to.have.property('success', false);
393+
expect(res.body).to.have.property('errorType', 'Custom_User_Status_Error_Invalid_User_Status');
394+
});
395+
});
396+
397+
it('should delete custom user status successfully', async () => {
398+
await request
399+
.post(api('custom-user-status.delete'))
400+
.set(credentials)
401+
.send({ customUserStatusId })
402+
.expect('Content-Type', 'application/json')
403+
.expect(200)
404+
.expect((res: Response) => {
405+
expect(res.body).to.have.property('success', true);
406+
});
407+
408+
customUserStatusId = '';
409+
});
410+
});
116411
});

0 commit comments

Comments
 (0)