17dbb634ca
A user should not be able to delete their account if they are the last admin of a workspace. It means that if a user wants to sign out of twenty, they should delete their workspace, not their account
56 lines
1.6 KiB
TypeScript
56 lines
1.6 KiB
TypeScript
import request from 'supertest';
|
|
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
|
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
|
|
|
import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
|
|
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
|
|
|
const client = request(`http://localhost:${APP_PORT}`);
|
|
|
|
describe('deleteUser', () => {
|
|
beforeAll(async () => {
|
|
const enablePermissionsQuery = updateFeatureFlagFactory(
|
|
SEED_APPLE_WORKSPACE_ID,
|
|
'IsPermissionsEnabled',
|
|
true,
|
|
);
|
|
|
|
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
|
});
|
|
|
|
afterAll(async () => {
|
|
const disablePermissionsQuery = updateFeatureFlagFactory(
|
|
SEED_APPLE_WORKSPACE_ID,
|
|
'IsPermissionsEnabled',
|
|
false,
|
|
);
|
|
|
|
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
|
});
|
|
|
|
it('should not allow to delete user if they are the unique admin of a workspace', async () => {
|
|
const query = {
|
|
query: `
|
|
mutation DeleteUser {
|
|
deleteUser {
|
|
id
|
|
}
|
|
}
|
|
`,
|
|
};
|
|
|
|
await client
|
|
.post('/graphql')
|
|
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
|
|
.send(query)
|
|
.expect((res) => {
|
|
expect(res.body.data).toBeNull();
|
|
expect(res.body.errors).toBeDefined();
|
|
expect(res.body.errors[0].message).toBe(
|
|
'Cannot delete account: user is the unique admin of a workspace',
|
|
);
|
|
expect(res.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
|
});
|
|
});
|
|
});
|