LeadMagnet/leadchat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

chore: Ensure privilege validations for API endpoints (#2224)

Browse Source 
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
This commit is contained in:
Sojan Jose
2021-06-11 11:44:31 +05:30
committed by GitHub
parent 5a95c74bf6
commit 534acfbf96
27 changed files with 335 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb
View File

@@ -15,9 +15,13 @@ RSpec.describe 'Conversation Messages API', type: :request do
end
end
context 'when it is an authenticated user' do
context 'when it is an authenticated user with access to conversation' do
let(:agent) { create(:user, account: account, role: :agent) }
before do
create(:inbox_member, inbox: conversation.inbox, user: agent)
end
it 'creates a new outgoing message' do
params = { content: 'test-message', private: true }
@@ -124,9 +128,13 @@ RSpec.describe 'Conversation Messages API', type: :request do
end
end
context 'when it is an authenticated user' do
context 'when it is an authenticated user with access to conversation' do
let(:agent) { create(:user, account: account, role: :agent) }
before do
create(:inbox_member, inbox: conversation.inbox, user: agent)
end
it 'shows the conversation' do
get "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/messages",
headers: agent.create_new_auth_token,
@@ -149,9 +157,13 @@ RSpec.describe 'Conversation Messages API', type: :request do
end
end
context 'when it is an authenticated user' do
context 'when it is an authenticated user with access to conversation' do
let(:agent) { create(:user, account: account, role: :agent) }
before do
create(:inbox_member, inbox: conversation.inbox, user: agent)
end
it 'deletes the message' do
delete "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/messages/#{message.id}",
headers: agent.create_new_auth_token,
@@ -166,6 +178,10 @@ RSpec.describe 'Conversation Messages API', type: :request do
context 'when the message id is invalid' do
let(:agent) { create(:user, account: account, role: :agent) }
before do
create(:inbox_member, inbox: conversation.inbox, user: agent)
end
it 'returns not found error' do
delete "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/messages/99999",
headers: agent.create_new_auth_token,