const models = require('vn-loopback/server/server').models; const ForbiddenError = require('vn-loopback/util/forbiddenError'); describe('loopback model VnUser', () => { it('should return true if the user has the given role', async() => { let result = await models.VnUser.hasRole(1, 'employee'); expect(result).toBeTruthy(); }); it('should return false if the user doesnt have the given role', async() => { let result = await models.VnUser.hasRole(1, 'administrator'); expect(result).toBeFalsy(); }); describe('userSecurity', () => { const itManagementId = 115; const hrId = 37; const employeeId = 1; it('should check if you are the same user', async() => { const ctx = {options: {accessToken: {userId: employeeId}}}; await models.VnUser.userSecurity(ctx, employeeId); }); it('should check for higher privileges', async() => { const ctx = {options: {accessToken: {userId: itManagementId}}}; await models.VnUser.userSecurity(ctx, employeeId); }); it('should check if you have medium privileges and the user email is not verified', async() => { const ctx = {options: {accessToken: {userId: hrId}}}; await models.VnUser.userSecurity(ctx, employeeId); }); it('should throw an error when update emailVerified field if you have medium privileges and the users email is verified', async() => { const tx = await models.VnUser.beginTransaction({}); const ctx = {options: {accessToken: {userId: hrId}}}; try { const options = {transaction: tx}; const userToUpdate = await models.VnUser.findById(1, null, options); userToUpdate.updateAttribute('emailVerified', 1, options); await models.VnUser.userSecurity(ctx, employeeId, options); await tx.rollback(); } catch (error) { await tx.rollback(); expect(error).toEqual(new ForbiddenError()); } }); it('should throw an error when update recoveryPhone if you have medium privileges and the users email is verified', async() => { const tx = await models.VnUser.beginTransaction({}); const ctx = {options: {accessToken: {userId: hrId}}}; try { const options = {transaction: tx}; const userToUpdate = await models.VnUser.findById(1, null, options); userToUpdate.updateAttribute('recoveryPhone', 123456789, options); await models.VnUser.userSecurity(ctx, employeeId, options); await tx.rollback(); } catch (error) { await tx.rollback(); expect(error).toEqual(new ForbiddenError()); } }); it('should update recoveryPhone if you are the same user', async() => { const ctx = {options: {accessToken: {userId: employeeId}}}; const newRecoveryPhone = 123456789; const userToUpdate = await models.VnUser.findById(1, null); userToUpdate.updateAttribute('recoveryPhone', newRecoveryPhone); await models.VnUser.userSecurity(ctx, employeeId); }); }); });