From 680763399b261174750172334f5065341cc830f6 Mon Sep 17 00:00:00 2001 From: tkt <37575408+tktcorporation@users.noreply.github.com> Date: Mon, 10 Oct 2022 13:37:58 +0000 Subject: [PATCH] :sparkles: finish https://redwoodjs.com/docs/tutorial/chapter7/rbac#roles-on-the-api-side --- api/src/graphql/comments.sdl.ts | 2 +- api/src/services/comments/comments.test.ts | 60 ++++++++++++++++++---- 2 files changed, 51 insertions(+), 11 deletions(-) diff --git a/api/src/graphql/comments.sdl.ts b/api/src/graphql/comments.sdl.ts index 16a41ebc5..f12855ad7 100644 --- a/api/src/graphql/comments.sdl.ts +++ b/api/src/graphql/comments.sdl.ts @@ -27,6 +27,6 @@ export const schema = gql` type Mutation { createComment(input: CreateCommentInput!): Comment! @skipAuth - deleteComment(id: Int!): Comment! @requireAuth + deleteComment(id: Int!): Comment! @requireAuth(roles: "moderator") } ` diff --git a/api/src/services/comments/comments.test.ts b/api/src/services/comments/comments.test.ts index 076f061a5..ec689dc03 100644 --- a/api/src/services/comments/comments.test.ts +++ b/api/src/services/comments/comments.test.ts @@ -1,20 +1,15 @@ -import { db } from 'src/lib/db' +import { AuthenticationError, ForbiddenError } from '@redwoodjs/graphql-server' -import { comments, createComment } from './comments' -import type { StandardScenario, PostOnlyScenario } from './comments.scenarios' +import { db } from 'src/lib/db' -// Generated boilerplate tests do not account for all circumstances -// and can fail without adjustments, e.g. Float and DateTime types. -// Please refer to the RedwoodJS Testing Docs: -// https://redwoodjs.com/docs/testing#testing-services -// https://redwoodjs.com/docs/testing#jest-expect-type-considerations +import { comments, createComment, deleteComment } from './comments' +import type { PostOnlyScenario, StandardScenario } from './comments.scenarios' describe('comments', () => { scenario( 'returns all comments for a single post from the database', - async (scenario: StandardScenario) => { + async (scenario) => { const result = await comments({ postId: scenario.comment.jane.postId }) - const post = await db.post.findUnique({ where: { id: scenario.comment.jane.postId }, include: { comments: true }, @@ -43,4 +38,49 @@ describe('comments', () => { expect(comment.createdAt).not.toEqual(null) } ) + + scenario( + 'allows a moderator to delete a comment', + async (scenario: StandardScenario) => { + mockCurrentUser({ + roles: 'moderator', + id: 1, + email: 'moderator@moderator.com', + }) + + const comment = await deleteComment({ + id: scenario.comment.jane.id, + }) + expect(comment.id).toEqual(scenario.comment.jane.id) + + const result = await comments({ postId: scenario.comment.jane.id }) + expect(result.length).toEqual(0) + } + ) + + scenario( + 'does not allow a non-moderator to delete a comment', + async (scenario: StandardScenario) => { + mockCurrentUser({ roles: 'user', id: 1, email: 'user@user.com' }) + + expect(() => + deleteComment({ + id: scenario.comment.jane.id, + }) + ).toThrow(ForbiddenError) + } + ) + + scenario( + 'does not allow a logged out user to delete a comment', + async (scenario: StandardScenario) => { + mockCurrentUser(null) + + expect(() => + deleteComment({ + id: scenario.comment.jane.id, + }) + ).toThrow(AuthenticationError) + } + ) })