Skip to content

Commit

Permalink
chore!: Improve permissions check on teams endpoints (#32351)
Browse files Browse the repository at this point in the history
  • Loading branch information
@matheusbsilva137 @ggazzo
matheusbsilva137 authored and ggazzo committed Jun 24, 2024
1 parent 76951f5 commit c76ea33
Showing 1 changed file with 6 additions and 14 deletions.
20 changes: 6 additions & 14 deletions apps/meteor/tests/end-to-end/api/25-teams.js
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { TEAM_TYPE } from '@rocket.chat/core-typings';
import { expect } from 'chai';
import { after, afterEach, before, beforeEach, describe, it } from 'mocha';
import { before, after, describe, it } from 'mocha';

import { getCredentials, api, request, credentials, methodCall } from '../../data/api-data';
import { updatePermission, updateSetting } from '../../data/permissions.helper';
Expand All @@ -13,15 +13,6 @@ describe('[Teams]', () => {
before((done) => getCredentials(done));

describe('/teams.create', () => {
const name = `test-team-create-${Date.now()}`;
const createdTeams = [];
let testUser;

before(async () => {
testUser = await createUser();
});

after(() => Promise.all([...createdTeams.map((team) => deleteTeam(credentials, team.name)), deleteUser(testUser)]));
before(async () => {
return updatePermission('create-team', ['admin', 'user']);
});
Expand Down Expand Up @@ -560,17 +551,18 @@ describe('[Teams]', () => {
});

describe('/teams.listAll', () => {
let teamName;
before(async () => {
await updatePermission('view-all-teams', ['admin']);
teamName = `test-team-${Date.now()}`;
const teamName = `test-team-${Date.now()}`;
await request.post(api('teams.create')).set(credentials).send({
name: teamName,
type: 0,
});
});

after(() => Promise.all([deleteTeam(credentials, teamName), updatePermission('view-all-teams', ['admin'])]));
after(async () => {
return updatePermission('view-all-teams', ['admin']);
});

it('should list all teams', async () => {
await request
Expand All @@ -584,7 +576,7 @@ describe('[Teams]', () => {
expect(res.body).to.have.property('offset', 0);
expect(res.body).to.have.property('total');
expect(res.body).to.have.property('teams');
expect(res.body.teams).to.be.an('array').that.is.not.empty;
expect(res.body.teams).to.have.length.greaterThan(1);
expect(res.body.teams[0]).to.include.property('_id');
expect(res.body.teams[0]).to.include.property('_updatedAt');
expect(res.body.teams[0]).to.include.property('name');
Expand Down

0 comments on commit c76ea33

Please sign in to comment.