admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 18:12:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): Ensure member and admin cannot be promoted to owner (#7830)

Browse Source 
https://linear.app/n8n/issue/PAY-985/add-user-role-modification-endpoint#comment-62355f6b
This commit is contained in:
Iván Ovejero
2023-11-27 17:35:58 +01:00
committed by GitHub
parent ac744d6702
commit 9b87a596ca
2 changed files with 43 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
packages/cli/test/integration/users.api.test.ts
View File

@@ -359,7 +359,7 @@ describe('PATCH /users/:id/role', () => {
MISSING_NEW_ROLE_KEY,
MISSING_NEW_ROLE_VALUE,
NO_ADMIN_ON_OWNER,
NO_ADMIN_TO_OWNER,
NO_USER_TO_OWNER,
NO_USER,
NO_OWNER_ON_OWNER,
} = UsersController.ERROR_MESSAGES.CHANGE_ROLE;
@@ -506,7 +506,7 @@ describe('PATCH /users/:id/role', () => {
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_ADMIN_TO_OWNER);
expect(response.body.message).toBe(NO_USER_TO_OWNER);
});
test('should fail to promote admin to owner', async () => {
@@ -515,7 +515,7 @@ describe('PATCH /users/:id/role', () => {
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_ADMIN_TO_OWNER);
expect(response.body.message).toBe(NO_USER_TO_OWNER);
});
test('should be able to demote admin to member', async () => {
@@ -577,6 +577,42 @@ describe('PATCH /users/:id/role', () => {
});
describe('owner', () => {
test('should fail to demote self to admin', async () => {
const response = await ownerAgent.patch(`/users/${owner.id}/role`).send({
newRole: { scope: 'global', name: 'admin' },
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_OWNER_ON_OWNER);
});
test('should fail to demote self to member', async () => {
const response = await ownerAgent.patch(`/users/${owner.id}/role`).send({
newRole: { scope: 'global', name: 'member' },
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_OWNER_ON_OWNER);
});
test('should fail to promote admin to owner', async () => {
const response = await ownerAgent.patch(`/users/${admin.id}/role`).send({
newRole: { scope: 'global', name: 'owner' },
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_USER_TO_OWNER);
});
test('should fail to promote member to owner', async () => {
const response = await ownerAgent.patch(`/users/${member.id}/role`).send({
newRole: { scope: 'global', name: 'owner' },
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_USER_TO_OWNER);
});
test('should be able to promote member to admin', async () => {
const response = await ownerAgent.patch(`/users/${member.id}/role`).send({
newRole: { scope: 'global', name: 'admin' },
@@ -614,23 +650,5 @@ describe('PATCH /users/:id/role', () => {
admin = await createAdmin();
adminAgent = testServer.authAgentFor(admin);
});
test('should fail to demote self to admin', async () => {
const response = await ownerAgent.patch(`/users/${owner.id}/role`).send({
newRole: { scope: 'global', name: 'admin' },
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_OWNER_ON_OWNER);
});
test('should fail to demote self to member', async () => {
const response = await ownerAgent.patch(`/users/${owner.id}/role`).send({
newRole: { scope: 'global', name: 'member' },
});
expect(response.statusCode).toBe(403);
expect(response.body.message).toBe(NO_OWNER_ON_OWNER);
});
});
});