Skip to content

Commit 7f44c9e

Browse files
ptitjesptitjes
committed
feat(putUser): take roles in account
Closes #114 Roles can now be modified via putUser by passing ops.roles.
1 parent b1ea26a commit 7f44c9e

File tree

2 files changed

+49
-1
lines changed

2 files changed

+49
-1
lines changed

src/index.js

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,10 @@ function putUser(db, user, opts, callback) {
4444
user = assign(user, opts.metadata);
4545
}
4646

47+
if (opts.roles) {
48+
user = assign(user, {roles: opts.roles});
49+
}
50+
4751
var url = getUsersUrl(db) + '/' + encodeURIComponent(user._id);
4852
var ajaxOpts = assign({
4953
method : 'PUT',
@@ -80,7 +84,7 @@ plugin.# = toPromise(function (username, password, opts, callback) {
8084
var user = {
8185
name : username,
8286
password : password,
83-
roles : opts.roles || [],
87+
roles : [],
8488
type : 'user',
8589
_id : userId
8690
};

test/test.js

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,50 @@ testCases.forEach(function (testCase) {
208208
});
209209
});
210210

211+
it('Test that admin can change roles', function () {
212+
var roles = ['sidekick'];
213+
var newRoles = ['superhero', 'villain'];
214+
return db.#('robin', 'dickgrayson', {roles: roles}).then(function (res) {
215+
res.ok.should.equal(true);
216+
return db.getUser('robin');
217+
}).then(function (user) {
218+
user.roles.should.deep.equal(roles);
219+
}).then(function () {
220+
return db.putUser('robin', {roles: newRoles});
221+
}).then(function (res) {
222+
res.ok.should.equal(true);
223+
return db.getUser('robin');
224+
}).then(function (user) {
225+
user.roles.should.deep.equal(newRoles);
226+
}).catch(function (err) {
227+
should.not.exist(err);
228+
});
229+
});
230+
231+
it('Test that user cannot change roles', function () {
232+
var roles = ['sidekick'];
233+
var newRoles = ['superhero', 'villain'];
234+
// We can't test for initial roles as we are in admin party
235+
// Let us have faith in CouchDB
236+
return db.#('robin', 'dickgrayson', {roles: roles}).then(function (res) {
237+
res.ok.should.equal(true);
238+
return db.login('robin', 'dickgrayson');
239+
}).then(function () {
240+
return db.getUser('robin');
241+
}).then(function (user) {
242+
user.roles.should.deep.equal(roles);
243+
}).then(function () {
244+
return db.putUser('robin', {roles: newRoles});
245+
}).then(function (res) {
246+
res.ok.should.not.equal(true);
247+
return db.getUser('robin').then(function (user) {
248+
user.roles.should.deep.equal(roles);
249+
});
250+
}).catch(function (err) {
251+
should.exist(err);
252+
});
253+
});
254+
211255
it('Test wrong user for getUser', function () {
212256
return db.#('robin', 'dickgrayson').then(function (res) {
213257
return db.#('aquaman', 'sleeps_with_fishes');

0 commit comments

Comments
 (0)