From 007f37412acf4bf7e4d91f7ca1cc0ccb58e4c4dc Mon Sep 17 00:00:00 2001 From: Wonwoo Choi Date: Thu, 28 Sep 2023 23:09:09 +0900 Subject: [PATCH] =?UTF-8?q?=ED=85=8C=EC=8A=A4=ED=8A=B8=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/api/handlers/groups.ts | 8 ++++---- test/api/groups.test.ts | 38 +++++++++++++++++++------------------- test/api/users.test.ts | 2 +- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/api/handlers/groups.ts b/src/api/handlers/groups.ts index 3380211..dbef10f 100644 --- a/src/api/handlers/groups.ts +++ b/src/api/handlers/groups.ts @@ -65,7 +65,7 @@ export function listMembers(model: Model): IMiddleware { } if (!owner) { - ctx.status = 401; + ctx.status = 403; return; } @@ -108,7 +108,7 @@ export function listPending(model: Model): IMiddleware { } if (!owner) { - ctx.status = 401; + ctx.status = 403; return; } @@ -180,7 +180,7 @@ export function acceptGroup(model: Model): IMiddleware { const owner = await model.groups.checkOwner(tr, group.idx, ctx.state.userIdx); if (!owner) { - ctx.status = 401; + ctx.status = 403; return; } @@ -224,7 +224,7 @@ export function rejectGroup(model: Model): IMiddleware { const owner = await model.groups.checkOwner(tr, group.idx, ctx.state.userIdx); if (!owner) { - ctx.status = 401; + ctx.status = 403; return; } diff --git a/test/api/groups.test.ts b/test/api/groups.test.ts index 6892ace..62614ca 100644 --- a/test/api/groups.test.ts +++ b/test/api/groups.test.ts @@ -144,7 +144,7 @@ test('pending listing', async t => { t.is(response.status, 200); response = await agent.get(`/api/group/${groupIdx}/pending`); - t.is(response.status, 401); + t.is(response.status, 403); await model.pgDo(async tr => { await model.users.addUserMembership(tr, userIdx, groupIdx); @@ -236,6 +236,13 @@ test('accept group requests', async t => { let response; response = await agent.post(`/api/group/${groupIdx}/accept`).send([]); + t.is(response.status, 400); + + await model.pgDo(async tr => { + await model.users.addPendingUserMembership(tr, memberIdx, groupIdx); + }); + + response = await agent.post(`/api/group/${groupIdx}/accept`).send([memberIdx]); t.is(response.status, 401); response = await agent.post('/api/login').send({ @@ -244,20 +251,13 @@ test('accept group requests', async t => { }); t.is(response.status, 200); - response = await agent.post(`/api/group/${groupIdx}/accept`).send([]); - t.is(response.status, 401); + response = await agent.post(`/api/group/${groupIdx}/accept`).send([memberIdx]); + t.is(response.status, 403); await model.pgDo(async tr => { await model.groups.setOwnerGroup(tr, groupIdx, ownerGroupIdx); }); - response = await agent.post(`/api/group/${groupIdx}/accept`).send([]); - t.is(response.status, 200); - - await model.pgDo(async tr => { - await model.users.addPendingUserMembership(tr, memberIdx, groupIdx); - }); - response = await agent.post(`/api/group/${groupIdx}/accept`).send([memberIdx]); t.is(response.status, 200); @@ -288,6 +288,13 @@ test('reject group requests', async t => { let response; response = await agent.post(`/api/group/${groupIdx}/reject`).send([]); + t.is(response.status, 400); + + await model.pgDo(async tr => { + await model.users.addPendingUserMembership(tr, memberIdx, groupIdx); + }); + + response = await agent.post(`/api/group/${groupIdx}/reject`).send([memberIdx]); t.is(response.status, 401); response = await agent.post('/api/login').send({ @@ -296,20 +303,13 @@ test('reject group requests', async t => { }); t.is(response.status, 200); - response = await agent.post(`/api/group/${groupIdx}/reject`).send([]); - t.is(response.status, 401); + response = await agent.post(`/api/group/${groupIdx}/reject`).send([memberIdx]); + t.is(response.status, 403); await model.pgDo(async tr => { await model.groups.setOwnerGroup(tr, groupIdx, ownerGroupIdx); }); - response = await agent.post(`/api/group/${groupIdx}/reject`).send([]); - t.is(response.status, 200); - - await model.pgDo(async tr => { - await model.users.addPendingUserMembership(tr, memberIdx, groupIdx); - }); - response = await agent.post(`/api/group/${groupIdx}/reject`).send([memberIdx]); t.is(response.status, 200); diff --git a/test/api/users.test.ts b/test/api/users.test.ts index c72a050..11075f7 100644 --- a/test/api/users.test.ts +++ b/test/api/users.test.ts @@ -44,7 +44,7 @@ test('create user step by step', async t => { studentNumbers, }); // request without session token will be fail - t.is(response.status, 401); + t.is(response.status, 400); response = await agent.post('/api/email/check-token').send({ token,