Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-05-06 06:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
ToolJet/server/test/controllers/organization_users.e2e-spec.ts
Midhun G S 0545528504
Support for multiple workspaces 🚀 (#2778) 
* multi org changes

* Initial changes

* changes

* manage sso page

* Multi-organization changes

* Multi organization changes

* multi-org changes

* multi-org changes

* multi-org changes

* multi-org fixes

* env variables app.json changes

* multi-org-fix

* user invitation token fix

* multi-org group permission fix

* multi-org app privilege

* google oauth fix

* Remove enable signup for form login

* Multi organization fixes

* multi-org user invite flow changes

* multi-org sign up fix

* rebase and multi-org fixes

* revert testing logs

* test logs revert

* migration changes

* migration file fix

* error message changes

* git login for private email fix

* dropdown fix

* test cases

* e2e test cases added

* test cases fix

* documentation changes

* testcases fix

* testcases added

* replace findOne with findOneOrFail

* accept invite testcases

* login page fixes

* added encrypted tag

* review comments

* migration fixes

* improvements

* manage sso loading fix

* review comments

* migration file changes

* new organization creation bug fix

* added e2e testcases

* added testcases

* Update data_sources.controller.ts
2022-05-05 12:38:42 +05:30

218 lines
7.5 KiB
TypeScript
Raw Blame History

/* eslint-disable @typescript-eslint/no-unused-vars */
import * as request from 'supertest';
import { BadRequestException, INestApplication } from '@nestjs/common';
import { authHeaderForUser, clearDB, createUser, createNestAppInstance } from '../test.helper';
describe('organization users controller', () => {
let app: INestApplication;
beforeEach(async () => {
await clearDB();
});
beforeAll(async () => {
app = await createNestAppInstance();
});
it('should allow only admin to be able to invite new users', async () => {
// setup a pre existing user of different organization
await createUser(app, {
email: 'someUser@tooljet.io',
groups: ['admin', 'all_users'],
});
// setup organization and user setup to test against
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['admin', 'all_users'],
});
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['developer', 'all_users'],
organization,
});
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['viewer', 'all_users'],
organization,
});
await request(app.getHttpServer())
.post(`/api/organization_users/`)
.set('Authorization', authHeaderForUser(adminUserData.user))
.send({ email: 'test@tooljet.io' })
.expect(201);
await request(app.getHttpServer())
.post(`/api/organization_users/`)
.set('Authorization', authHeaderForUser(developerUserData.user))
.send({ email: 'test2@tooljet.io' })
.expect(403);
await request(app.getHttpServer())
.post(`/api/organization_users/`)
.set('Authorization', authHeaderForUser(viewerUserData.user))
.send({ email: 'test3@tooljet.io' })
.expect(403);
});
describe('POST /api/organization_users/:id/archive', () => {
it('should allow only authenticated users to archive org users', async () => {
await request(app.getHttpServer()).post('/api/organization_users/random-id/archive/').expect(401);
});
it('should throw error when trying to remove last active admin', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['admin', 'all_users'],
status: 'active',
});
const organization = adminUserData.organization;
const anotherAdminUserData = await createUser(app, {
email: 'another-admin@tooljet.io',
groups: ['admin', 'all_users'],
status: 'active',
organization,
});
const _archivedAdmin = await createUser(app, {
email: 'archived-admin@tooljet.io',
groups: ['admin', 'all_users'],
status: 'archived',
organization,
});
await request(app.getHttpServer())
.post(`/api/organization_users/${anotherAdminUserData.orgUser.id}/archive/`)
.set('Authorization', authHeaderForUser(adminUserData.user))
.expect(201);
const response = await request(app.getHttpServer())
.post(`/api/organization_users/${adminUserData.orgUser.id}/archive/`)
.set('Authorization', authHeaderForUser(adminUserData.user));
expect(response.statusCode).toEqual(400);
expect(response.body.message).toEqual('Atleast one active admin is required.');
});
it('should allow only admin users to archive org users', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['admin', 'all_users'],
});
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['developer', 'all_users'],
organization,
});
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['viewer', 'all_users'],
organization,
status: 'invited',
});
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`)
.set('Authorization', authHeaderForUser(developerUserData.user))
.expect(403);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('invited');
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/archive/`)
.set('Authorization', authHeaderForUser(adminUserData.user))
.expect(201);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('archived');
});
});
describe('POST /api/organization_users/:id/unarchive', () => {
it('should allow only authenticated users to unarchive org users', async () => {
await request(app.getHttpServer()).post('/api/organization_users/random-id/unarchive/').expect(401);
});
it('should allow only admin users to unarchive org users', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
status: 'active',
groups: ['admin', 'all_users'],
});
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
status: 'active',
groups: ['developer', 'all_users'],
organization,
});
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
status: 'archived',
groups: ['viewer', 'all_users'],
organization,
});
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
.set('Authorization', authHeaderForUser(developerUserData.user))
.expect(403);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('archived');
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
.set('Authorization', authHeaderForUser(developerUserData.user))
.expect(403);
await viewerUserData.orgUser.reload();
expect(viewerUserData.orgUser.status).toBe('archived');
await request(app.getHttpServer())
.post(`/api/organization_users/${viewerUserData.orgUser.id}/unarchive/`)
.set('Authorization', authHeaderForUser(adminUserData.user))
.expect(201);
await viewerUserData.orgUser.reload();
await viewerUserData.user.reload();
expect(viewerUserData.orgUser.status).toBe('invited');
expect(viewerUserData.user.invitationToken).not.toBe('');
expect(viewerUserData.user.password).not.toBe('old-password');
});
it('should allow unarchive if user is already archived', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
status: 'active',
groups: ['admin', 'all_users'],
});
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
status: 'active',
groups: ['developer', 'all_users'],
organization,
});
await request(app.getHttpServer())
.post(`/api/organization_users/${developerUserData.orgUser.id}/unarchive/`)
.set('Authorization', authHeaderForUser(adminUserData.user))
.expect(201);
await developerUserData.orgUser.reload();
expect(developerUserData.orgUser.status).toBe('active');
});
});
afterAll(async () => {
await app.close();
});
});
Reference in a new issue View git blame Copy permalink