Add route to set the users groups

2016-02-09 15:47:02 -08:00
parent 2b0791f4a3
commit f413bfb3a0
7 changed files with 186 additions and 16 deletions
@@ -11,6 +11,7 @@ var appdb = require('../../appdb.js'),
    config = require('../../config.js'),
    database = require('../../database.js'),
    expect = require('expect.js'),
+    groups = require('../../groups.js'),
    superagent = require('superagent'),
    server = require('../../server.js'),
    settings = require('../../settings.js'),
@@ -168,4 +169,43 @@ describe('Groups API', function () {
            });
        });
    });
+
+    describe('Set groups', function () {
+        before(function (done) {
+            async.series([
+                groups.create.bind(null, 'group0'),
+                groups.create.bind(null, 'group1')
+            ], done);
+        });
+
+        it('cannot add user to invalid group', function (done) {
+            superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME + '/set_groups')
+                  .query({ access_token: token })
+                  .send({ groupIds: [ 'admin', 'something' ]})
+                  .end(function (error, result) {
+                expect(result.statusCode).to.equal(404);
+                done();
+            });
+        });
+
+        it('can add user to valid group', function (done) {
+            superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME + '/set_groups')
+                  .query({ access_token: token })
+                  .send({ groupIds: [ 'admin', 'group0', 'group1' ]})
+                  .end(function (error, result) {
+                expect(result.statusCode).to.equal(204);
+                done();
+            });
+        });
+
+        it('can remove last user from admin', function (done) {
+            superagent.put(SERVER_URL + '/api/v1/users/' + USERNAME + '/set_groups')
+                  .query({ access_token: token })
+                  .send({ groupIds: [ 'group0', 'group1' ]})
+                  .end(function (error, result) {
+                expect(result.statusCode).to.equal(403); // not allowed
+                done();
+            });
+        });
+    });
 });
@@ -13,7 +13,8 @@ exports = module.exports = {
    remove: removeUser,
    verifyPassword: verifyPassword,
    requireAdmin: requireAdmin,
-    sendInvite: sendInvite
+    sendInvite: sendInvite,
+    setGroups: setGroups
 };

 var assert = require('assert'),
@@ -226,3 +227,18 @@ function sendInvite(req, res, next) {
        next(new HttpSuccess(200, {}));
    });
 }
+
+function setGroups(req, res, next) {
+    assert.strictEqual(typeof req.body, 'object');
+    assert.strictEqual(typeof req.params.userId, 'string');
+
+    if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
+
+    user.setGroups(req.params.userId, req.body.groupIds, function (error) {
+        if (error && error.reason === UserError.NOT_FOUND) return next(new HttpError(404, 'One or more groups not found'));
+        if (error && error.reason === UserError.NOT_ALLOWED) return next(new HttpError(403, 'Last admin'));
+        if (error) return next(new HttpError(500, error));
+
+        next(new HttpSuccess(204));
+    });
+}