Remove redundant requireAdmin

We already hand out scopes based on the user's access control
2018-04-27 21:47:11 -07:00
parent 9789966017
commit bc4f9cf596
7 changed files with 116 additions and 109 deletions
--- a/src/routes/test/eventlog-test.js
+++ b/src/routes/test/eventlog-test.js
@@ -6,7 +6,8 @@

 'use strict';

-var async = require('async'),
+var accesscontrol = require('../../accesscontrol.js'),
+    async = require('async'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
@@ -62,7 +63,7 @@ function setup(done) {
            token_1 = tokendb.generateToken();

            // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-            tokendb.add(token_1, USER_1_ID, 'test-client-id',  Date.now() + 100000, '*', callback);
+            tokendb.add(token_1, USER_1_ID, 'test-client-id',  Date.now() + 100000, accesscontrol.SCOPE_PROFILE, callback);
        }

    ], done);
--- a/src/routes/test/groups-test.js
+++ b/src/routes/test/groups-test.js
@@ -6,7 +6,8 @@

 'use strict';

-var async = require('async'),
+var accesscontrol = require('../../accesscontrol.js'),
+    async = require('async'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
@@ -69,7 +70,7 @@ function setup(done) {
                    userId_1 = result.body.id;

                    // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                    tokendb.add(token_1, userId_1, 'test-client-id',  Date.now() + 100000, '*', callback);
+                    tokendb.add(token_1, userId_1, 'test-client-id',  Date.now() + 100000, accesscontrol.SCOPE_PROFILE, callback);
                });
        }
    ], done);
@@ -279,6 +280,20 @@ describe('Groups API', function () {
                });
        });

+        it('can add user_1 to admin', function (done) {
+            superagent.put(SERVER_URL + '/api/v1/users/' + userId_1 + '/groups')
+                .query({ access_token: token })
+                .send({ groupIds: [ 'admin' ]})
+                .end(function (error, result) {
+                    expect(result.statusCode).to.equal(204);
+
+                    token_1 = tokendb.generateToken();
+
+                    // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
+                    tokendb.add(token_1, userId_1, 'test-client-id',  Date.now() + 100000, accesscontrol.SCOPE_ANY, done);
+                });
+        });
+
        it('remove activation user from admin', function (done) {
            superagent.put(SERVER_URL + '/api/v1/users/' + userId + '/groups')
                .query({ access_token: token_1 })
--- a/src/routes/test/users-test.js
+++ b/src/routes/test/users-test.js
@@ -5,7 +5,8 @@

 'use strict';

-var async = require('async'),
+var accesscontrol = require('../../accesscontrol.js'),
+    async = require('async'),
    config = require('../../config.js'),
    constants = require('../../constants.js'),
    database = require('../../database.js'),
@@ -174,7 +175,7 @@ describe('Users API', function () {
        var token = tokendb.generateToken();
        var expires = Date.now() + 2000; // 1 sec

-        tokendb.add(token, user_0.id, null, expires, '*', function (error) {
+        tokendb.add(token, user_0.id, null, expires, accesscontrol.SCOPE_PROFILE, function (error) {
            expect(error).to.not.be.ok();

            setTimeout(function () {
@@ -270,7 +271,7 @@ describe('Users API', function () {
                expect(error).to.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
-        });
+            });
    });

    it('create second user succeeds', function (done) {
@@ -287,7 +288,7 @@ describe('Users API', function () {

                checkMails(2, function () {
                    // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-                    tokendb.add(token_1, user_1.id, 'test-client-id',  Date.now() + 10000, '*', done);
+                    tokendb.add(token_1, user_1.id, 'test-client-id',  Date.now() + 10000, accesscontrol.SCOPE_PROFILE, done);
                });
            });
    });
@@ -681,7 +682,7 @@ describe('Users API', function () {
                expect(error).to.be.ok();
                expect(result.statusCode).to.equal(400);
                done();
-        });
+            });
    });

    it('can create user with a password', function (done) {
@@ -697,7 +698,7 @@ describe('Users API', function () {
                token = tokendb.generateToken();
                var expires = Date.now() + 2000; // 1 sec

-                tokendb.add(token, user_4.id, null, expires, '*', done);
+                tokendb.add(token, user_4.id, null, expires, accesscontrol.SCOPE_PROFILE, done);
            });
    });