Add rule update tests to SecurityController

MrBartusek · Apr 14, 2024 · ab702d2 · ab702d2
1 parent db3f04f
commit ab702d2
Showing 1 changed file with 68 additions and 1 deletion.
diff --git a/apps/api/src/security/security.controller.spec.ts b/apps/api/src/security/security.controller.spec.ts
@@ -7,13 +7,20 @@ import { MockSecurityPipe } from '../mocks/mock-security.pipe';
 import { CreateSecurityRuleDto } from './dto/create-security-rule.dto';
 import { Types } from 'mongoose';
 import { HasOrganizationAccessPipe } from './pipes/has-organization-access.pipe';
-import { BadRequestException, NotFoundException } from '@nestjs/common';
+import { BadRequestException, ForbiddenException, NotFoundException } from '@nestjs/common';
+import { describe } from 'node:test';
+import { UpdateSecurityRuleDto } from './dto/update-security-rule.dto';
+import { OrganizationSecurityRole } from 'shared-types';
+import { mockUserRequest } from '../mocks/mock-user-request';
+import e from 'express';
 
 describe('SecurityController', () => {
 	let controller: SecurityController;
 
 	const mockSecurityService = {
 		addRule: jest.fn(),
+		getUserRole: jest.fn(),
+		updateRule: jest.fn(),
 	};
 
 	const mockUserService = {
@@ -73,4 +80,64 @@ describe('SecurityController', () => {
 			expect(result).rejects.toThrowError(NotFoundException);
 		});
 	});
+
+	describe('Update security rule', () => {
+		it('should update security rule', async () => {
+			const orgId = new Types.ObjectId();
+			const targetId = new Types.ObjectId();
+			const request = mockUserRequest;
+			const requester = new Types.ObjectId(request.user.id);
+
+			mockSecurityService.getUserRole.mockImplementation((org, user) => {
+				console.log(user);
+				if (targetId.equals(user)) {
+					return OrganizationSecurityRole.MEMBER;
+				} else if (requester.equals(user)) {
+					return OrganizationSecurityRole.OWNER;
+				}
+				return null;
+			});
+
+			const dto: UpdateSecurityRuleDto = {
+				organization: orgId.toString(),
+				user: targetId.toString(),
+				role: OrganizationSecurityRole.ADMIN,
+			};
+
+			await controller.update(request, dto);
+
+			expect(mockSecurityService.updateRule).toHaveBeenCalledWith(
+				orgId,
+				targetId,
+				OrganizationSecurityRole.ADMIN,
+			);
+		});
+
+		it('should not update security rule of user with higher order role', async () => {
+			const orgId = new Types.ObjectId();
+			const targetId = new Types.ObjectId();
+			const request = mockUserRequest;
+			const requester = new Types.ObjectId(request.user.id);
+
+			mockSecurityService.getUserRole.mockImplementation((org, user) => {
+				console.log(user);
+				if (targetId.equals(user)) {
+					return OrganizationSecurityRole.OWNER;
+				} else if (requester.equals(user)) {
+					return OrganizationSecurityRole.MEMBER;
+				}
+				return null;
+			});
+
+			const dto: UpdateSecurityRuleDto = {
+				organization: orgId.toString(),
+				user: targetId.toString(),
+				role: OrganizationSecurityRole.ADMIN,
+			};
+
+			const result = controller.update(request, dto);
+
+			expect(result).rejects.toThrow(ForbiddenException);
+		});
+	});
 });