fix: Validations for updating team members (#5384)
fixes: chatwoot/product#539 Co-authored-by: Sojan Jose <sojan@pepalo.com>
This commit is contained in:
parent
9525d4f034
commit
329e8c37c8
2 changed files with 22 additions and 0 deletions
|
@ -1,6 +1,7 @@
|
||||||
class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseController
|
class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseController
|
||||||
before_action :fetch_team
|
before_action :fetch_team
|
||||||
before_action :check_authorization
|
before_action :check_authorization
|
||||||
|
before_action :validate_member_id_params, only: [:create, :update, :destroy]
|
||||||
|
|
||||||
def index
|
def index
|
||||||
@team_members = @team.team_members.map(&:user)
|
@team_members = @team.team_members.map(&:user)
|
||||||
|
@ -45,4 +46,10 @@ class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseControll
|
||||||
def fetch_team
|
def fetch_team
|
||||||
@team = Current.account.teams.find(params[:team_id])
|
@team = Current.account.teams.find(params[:team_id])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def validate_member_id_params
|
||||||
|
invalid_ids = params[:user_ids].map(&:to_i) - @team.account.user_ids
|
||||||
|
|
||||||
|
render json: { error: 'Invalid User IDs' }, status: :unauthorized and return if invalid_ids.present?
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,7 @@ require 'rails_helper'
|
||||||
|
|
||||||
RSpec.describe 'Team Members API', type: :request do
|
RSpec.describe 'Team Members API', type: :request do
|
||||||
let(:account) { create(:account) }
|
let(:account) { create(:account) }
|
||||||
|
let(:account_2) { create(:account) }
|
||||||
let!(:team) { create(:team, account: account) }
|
let!(:team) { create(:team, account: account) }
|
||||||
|
|
||||||
describe 'GET /api/v1/accounts/{account.id}/teams/{team_id}/team_members' do
|
describe 'GET /api/v1/accounts/{account.id}/teams/{team_id}/team_members' do
|
||||||
|
@ -120,6 +121,7 @@ RSpec.describe 'Team Members API', type: :request do
|
||||||
|
|
||||||
context 'when it is an authenticated user' do
|
context 'when it is an authenticated user' do
|
||||||
let(:agent) { create(:user, account: account, role: :agent) }
|
let(:agent) { create(:user, account: account, role: :agent) }
|
||||||
|
let(:agent_2) { create(:user, account: account_2, role: :agent) }
|
||||||
let(:administrator) { create(:user, account: account, role: :administrator) }
|
let(:administrator) { create(:user, account: account, role: :administrator) }
|
||||||
|
|
||||||
it 'return unauthorized for agent' do
|
it 'return unauthorized for agent' do
|
||||||
|
@ -145,6 +147,19 @@ RSpec.describe 'Team Members API', type: :request do
|
||||||
json_response = JSON.parse(response.body)
|
json_response = JSON.parse(response.body)
|
||||||
expect(json_response.count).to eq(user_ids.count)
|
expect(json_response.count).to eq(user_ids.count)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'ignores the user ids when its not a valid account user id' do
|
||||||
|
params = { user_ids: [agent_2.id] }
|
||||||
|
|
||||||
|
patch "/api/v1/accounts/#{account.id}/teams/#{team.id}/team_members",
|
||||||
|
params: params,
|
||||||
|
headers: administrator.create_new_auth_token,
|
||||||
|
as: :json
|
||||||
|
|
||||||
|
expect(response).to have_http_status(:unauthorized)
|
||||||
|
json_response = JSON.parse(response.body)
|
||||||
|
expect(json_response['error']).to eq('Invalid User IDs')
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue