Skip to content

Commit

Permalink
test: team settings and propertied cannot be changeds by foreign team…
Browse files Browse the repository at this point in the history 
… owner (#3866)
  • Loading branch information
@stefanwire
stefanwire authored Feb 1, 2024
1 parent 13aa3fb commit 2c8eea3
Showing 1 changed file with 20 additions and 10 deletions.
30 changes: 20 additions & 10 deletions integration/test/Test/TeamSettings.hs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,28 +25,38 @@ import Testlib.Prelude

testTeamSettingsUpdate :: HasCallStack => App ()
testTeamSettingsUpdate = do
(owner, tid, [mem]) <- createTeam OwnDomain 2
partner <- createTeamMemberWithRole owner tid "partner"
(ownerA, tidA, [mem]) <- createTeam OwnDomain 2
partner <- createTeamMemberWithRole ownerA tidA "partner"

bindResponse (putAppLockSettings tid owner def) $ \resp -> do
bindResponse (putAppLockSettings tidA ownerA def) $ \resp -> do
resp.status `shouldMatchInt` 200
bindResponse (putAppLockSettings tid mem def) $ \resp -> do
bindResponse (putAppLockSettings tidA mem def) $ \resp -> do
resp.status `shouldMatchInt` 403
resp.json %. "label" `shouldMatch` "operation-denied"
bindResponse (putAppLockSettings tid partner def) $ \resp -> do
bindResponse (putAppLockSettings tidA partner def) $ \resp -> do
resp.status `shouldMatchInt` 403
resp.json %. "label" `shouldMatch` "operation-denied"

(ownerB, _tidB, []) <- createTeam OwnDomain 1
bindResponse (putAppLockSettings tidA ownerB def) $ \resp -> do
resp.status `shouldMatchInt` 403
resp.json %. "label" `shouldMatch` "no-team-member"

testTeamPropertiesUpdate :: HasCallStack => App ()
testTeamPropertiesUpdate = do
(owner, tid, [mem]) <- createTeam OwnDomain 2
partner <- createTeamMemberWithRole owner tid "partner"
(ownerA, tidA, [mem]) <- createTeam OwnDomain 2
partner <- createTeamMemberWithRole ownerA tidA "partner"

bindResponse (putTeamProperties tid owner def) $ \resp -> do
bindResponse (putTeamProperties tidA ownerA def) $ \resp -> do
resp.status `shouldMatchInt` 200
bindResponse (putTeamProperties tid mem def) $ \resp -> do
bindResponse (putTeamProperties tidA mem def) $ \resp -> do
resp.status `shouldMatchInt` 403
resp.json %. "label" `shouldMatch` "operation-denied"
bindResponse (putTeamProperties tid partner def) $ \resp -> do
bindResponse (putTeamProperties tidA partner def) $ \resp -> do
resp.status `shouldMatchInt` 403
resp.json %. "label" `shouldMatch` "operation-denied"

(ownerB, _tidB, []) <- createTeam OwnDomain 1
bindResponse (putTeamProperties tidA ownerB def) $ \resp -> do
resp.status `shouldMatchInt` 403
resp.json %. "label" `shouldMatch` "no-team-member"

0 comments on commit 2c8eea3

Please sign in to comment.