Fx: users and roles needs login for admin only to be accessed

atlp-rwanda · Jul 4, 2024 · 4313392 · 4313392
1 parent 71be085
commit 4313392
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 18 deletions.
diff --git a/__test__/user.test.ts b/__test__/user.test.ts
@@ -196,15 +196,6 @@ describe("Testing user Routes", () => {
 
       expect(response.status).toBe(400);
    })
-
-  test("should return all users in db --> given '/api/v1/users'", async () => {
-    const spy = jest.spyOn(User, "findAll");
-    const spy2 = jest.spyOn(userServices, "getAllUsers");
-    const response = await request(app).get("/api/v1/users");
-    expect(spy).toHaveBeenCalled();
-    expect(spy2).toHaveBeenCalled();
-  }, 20000);
-
   test("Should return status 401 to indicate Unauthorized user", async () => {
     const loggedInUser = {
       email: userData.email,
@@ -241,6 +232,19 @@ describe("Testing user Routes", () => {
             expect(response.status).toBe(200)
             expect(response.body.message).toBe('User verified successfully.')
     },60000)
+
+    test("should return 200 when all roles are fetched", async () => {
+      const response = await request(app)
+        .get("/api/v1/roles").set('Authorization', `Bearer ${adminToken}`);
+      expect(response.status).toBe(200);
+    });
+    test("should return all users in db --> given '/api/v1/users'", async () => {
+      const spy = jest.spyOn(User, "findAll");
+      const spy2 = jest.spyOn(userServices, "getAllUsers");
+      const response = await request(app).get("/api/v1/users").set('Authorization', `Bearer ${adminToken}`);;
+      expect(spy).toHaveBeenCalled();
+      expect(spy2).toHaveBeenCalled();
+    }, 20000);
 
   test("should update dummyseller's role to seller", async () => {
     const logDummySeller = await request(app).post("/api/v1/users/login").send({
@@ -471,13 +475,6 @@ describe("Admin should be able to CRUD roles", () => {
       .set("Authorization", "Bearer " + adminToken);
     expect(response.status).toBe(404);
   })
-
-  test("should return 200 when all roles are fetched", async () => {
-    const response = await request(app)
-      .get("/api/v1/roles")
-    expect(response.status).toBe(200);
-  });
-
   test("should return 200 when a role is updated", async () => {
     const response = await request(app)
       .patch("/api/v1/roles/" + newRoleId)
@@ -611,6 +608,8 @@ describe("Verifying user account",()=>{
 
 })
 
+
+
 afterAll(async () => {
   try {
     await sequelize.query('TRUNCATE TABLE profiles, users CASCADE');

diff --git a/src/routes/roleRoutes.ts b/src/routes/roleRoutes.ts
@@ -9,7 +9,7 @@ import { isPasswordOutOfDate } from '../middlewares/isPasswordOutOfDate';
 const RoleRouter = express.Router();
 
 RoleRouter.post('/', isLoggedIn,isPasswordOutOfDate, isAdmin, validateSchema(roleSchema), roleController.createRole);
-RoleRouter.get('/',roleController.getRoles);
+RoleRouter.get('/',isLoggedIn,isAdmin,roleController.getRoles);
 RoleRouter.patch('/:id', isLoggedIn,isPasswordOutOfDate, isAdmin, validateSchema(roleSchema),roleController.updateRole);
 RoleRouter.delete('/:id', isLoggedIn,isPasswordOutOfDate, isAdmin, roleController.deleteRole);
 

diff --git a/src/routes/userRoutes.ts b/src/routes/userRoutes.ts
@@ -19,7 +19,7 @@ import { isPasswordOutOfDate } from "../middlewares/isPasswordOutOfDate";
 import { isVerified } from "../middlewares/isVerified";
 const userRoutes = Router();
 
-userRoutes.get("/", fetchAllUsers);
+userRoutes.get("/",isLoggedIn,isAdmin, fetchAllUsers);
 userRoutes.put("/passwordupdate", isLoggedIn, validateSchema(passwordUpdateSchema), updatePassword)
 userRoutes.post("/login", emailValidation,validateSchema(logInSchema),isDisabled,isVerified,userLogin);
 userRoutes.post("/register", emailValidation, validateSchema(signUpSchema), createUserController);