Server: forbid to remove the root user

This commit is contained in:
Chocobozzz 2016-10-07 15:32:09 +02:00
parent b9ab2e25fd
commit af1068ce1d
2 changed files with 11 additions and 0 deletions

View File

@ -47,6 +47,8 @@ function usersRemove (req, res, next) {
if (!user) return res.status(404).send('User not found')
if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
next()
})
})

View File

@ -497,6 +497,7 @@ describe('Test parameters validator', function () {
describe('Of the users API', function () {
const path = '/api/v1/users/'
let userId = null
let rootId = null
describe('When listing users', function () {
it('Should fail with a bad start pagination', function (done) {
@ -626,6 +627,7 @@ describe('Test parameters validator', function () {
if (err) throw err
userId = res.body.data[1].id
rootId = res.body.data[2].id
done()
})
})
@ -691,6 +693,13 @@ describe('Test parameters validator', function () {
.expect(400, done)
})
it('Should fail with the root user', function (done) {
request(server.url)
.delete(path + rootId)
.set('Authorization', 'Bearer ' + server.accessToken)
.expect(400, done)
})
it('Should return 404 with a non existing id', function (done) {
request(server.url)
.delete(path + '579f982228c99c221d8092b8')