add test that only owner can open tickets

src/routes/test/common.js

@@ -31,6 +31,14 @@ exports = module.exports = {
         token: null
     },
 
+    admin: {
+        id: null,
+        username: 'administrator',
+        password: 'Foobar?1339',
+        email: 'admin@cloudron.local',
+        token: null
+    },
+
     user: {
         id: null,
         username: 'user',
@@ -54,7 +62,7 @@ async function setupServer() {
 }
 
 async function setup() {
-    const owner = exports.owner, serverUrl = exports.serverUrl, user = exports.user;
+    const owner = exports.owner, serverUrl = exports.serverUrl, user = exports.user, admin = exports.admin;
 
     await setupServer();
     await safe(fs.promises.unlink(support._sshInfo().filePath));
@@ -74,6 +82,16 @@ async function setup() {
     owner.token = response.body.token;
     owner.id = response.body.userId;
 
+    // create an admin
+    response = await superagent.post(`${serverUrl}/api/v1/users`)
+        .query({ access_token: owner.token })
+        .send({ username: admin.username, email: admin.email, password: admin.password });
+    expect(response.status).to.equal(201);
+    admin.id = response.body.id;
+    // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
+    const token1 = await tokens.add({ identifier: admin.id, clientId: 'test-client-id', expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
+    admin.token = token1.accessToken;
+
     // create user
     response = await superagent.post(`${serverUrl}/api/v1/users`)
         .query({ access_token: owner.token })
@@ -81,8 +99,8 @@ async function setup() {
     expect(response.status).to.equal(201);
     user.id = response.body.id;
     // HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
-    const token = await tokens.add({ identifier: user.id, clientId: 'test-client-id', expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
-    user.token = token.accessToken;
+    const token2 = await tokens.add({ identifier: user.id, clientId: 'test-client-id', expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
+    user.token = token2.accessToken;
 
     await settings._set(settings.APPSTORE_API_TOKEN_KEY, exports.appstoreToken); // appstore token
 }