add case for unit test "Users with Project manager roles CANNOT do actions if they are NOT member"

Author: mfikria

src/routes/phaseProducts/create.spec.js

@@ -71,14 +71,6 @@ describe('Phase Products', () => {
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }, {
-              id: 3,
-              userId: testUtil.userIds.manager,
-              projectId,
-              role: 'manager',
-              isPrimary: false,
-              createdBy: 1,
-              updatedBy: 1,
             }]).then(() => {
               models.ProjectPhase.create({
                 name: 'test project phase',
@@ -185,7 +177,7 @@ describe('Phase Products', () => {
       request(server)
         .post(`/v4/projects/99999/phases/${phaseId}/products`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
         })
         .send({ param: body })
         .expect('Content-Type', /json/)
@@ -196,7 +188,7 @@ describe('Phase Products', () => {
       request(server)
         .post(`/v4/projects/${projectId}/phases/99999/products`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
         })
         .send({ param: body })
         .expect('Content-Type', /json/)
@@ -241,22 +233,43 @@ describe('Phase Products', () => {
     });
 
     it('should return 201 if requested by manager which is a member', (done) => {
+      models.ProjectMember.create({
+        id: 3,
+        userId: testUtil.userIds.manager,
+        projectId,
+        role: 'manager',
+        isPrimary: false,
+        createdBy: 1,
+        updatedBy: 1,
+      }).then(() => {
+        request(server)
+          .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.manager}`,
+          })
+          .send({ param: body })
+          .expect('Content-Type', /json/)
+          .expect(201)
+          .end(done);
+      });
+    });
+
+    it('should return 403 if requested by manager which is not a member', (done) => {
       request(server)
         .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
         .set({
           Authorization: `Bearer ${testUtil.jwts.manager}`,
         })
         .send({ param: body })
         .expect('Content-Type', /json/)
-        .expect(201)
+        .expect(403)
         .end(done);
     });
 
     it('should return 403 if requested by non-member copilot', (done) => {
       models.ProjectMember.destroy({
         where: { userId: testUtil.userIds.copilot, projectId },
-      })
-      .then(() => {
+      }).then(() => {
         request(server)
           .post(`/v4/projects/${projectId}/phases/${phaseId}/products`)
           .set({

src/routes/phaseProducts/delete.spec.js

@@ -99,14 +99,6 @@ describe('Phase Products', () => {
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }, {
-              id: 3,
-              userId: testUtil.userIds.manager,
-              projectId,
-              role: 'manager',
-              isPrimary: false,
-              createdBy: 1,
-              updatedBy: 1,
             }]).then(() => {
               models.ProjectPhase.create({
                 name: 'test project phase',
@@ -164,7 +156,7 @@ describe('Phase Products', () => {
       request(server)
         .delete(`/v4/projects/999/phases/${phaseId}/products/${productId}`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
         })
         .expect('Content-Type', /json/)
         .expect(404, done);
@@ -174,7 +166,7 @@ describe('Phase Products', () => {
       request(server)
         .delete(`/v4/projects/${projectId}/phases/99999/products/${productId}`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
         })
         .expect('Content-Type', /json/)
         .expect(404, done);
@@ -184,7 +176,7 @@ describe('Phase Products', () => {
       request(server)
         .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/99999`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
         })
         .expect('Content-Type', /json/)
         .expect(404, done);
@@ -211,20 +203,39 @@ describe('Phase Products', () => {
     });
 
     it('should return 204 if requested by manager which is a member', (done) => {
+      models.ProjectMember.create({
+        id: 3,
+        userId: testUtil.userIds.manager,
+        projectId,
+        role: 'manager',
+        isPrimary: false,
+        createdBy: 1,
+        updatedBy: 1,
+      }).then(() => {
+        request(server)
+          .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.manager}`,
+          })
+          .expect(204)
+          .end(done);
+      });
+    });
+
+    it('should return 403 if requested by manager which is not a member', (done) => {
       request(server)
         .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
         .set({
           Authorization: `Bearer ${testUtil.jwts.manager}`,
         })
-        .expect(204)
+        .expect(403)
         .end(done);
     });
 
     it('should return 403 if requested by non-member copilot', (done) => {
       models.ProjectMember.destroy({
         where: { userId: testUtil.userIds.copilot, projectId },
-      })
-      .then(() => {
+      }).then(() => {
         request(server)
         .delete(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
         .set({

src/routes/phaseProducts/update.spec.js

@@ -85,14 +85,6 @@ describe('Phase Products', () => {
               isPrimary: true,
               createdBy: 1,
               updatedBy: 1,
-            }, {
-              id: 3,
-              userId: testUtil.userIds.manager,
-              projectId,
-              role: 'manager',
-              isPrimary: false,
-              createdBy: 1,
-              updatedBy: 1,
             }]).then(() => {
               models.ProjectPhase.create({
                 name: 'test project phase',
@@ -152,7 +144,7 @@ describe('Phase Products', () => {
       request(server)
         .patch(`/v4/projects/999/phases/${phaseId}/products/${productId}`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.admin}`,
+          Authorization: `Bearer ${testUtil.jwts.connectAdmin}`,
         })
         .send({ param: updateBody })
         .expect('Content-Type', /json/)
@@ -163,7 +155,7 @@ describe('Phase Products', () => {
       request(server)
         .patch(`/v4/projects/${projectId}/phases/99999/products/${productId}`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
         })
         .send({ param: updateBody })
         .expect('Content-Type', /json/)
@@ -174,7 +166,7 @@ describe('Phase Products', () => {
       request(server)
         .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/99999`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
         })
         .send({ param: updateBody })
         .expect('Content-Type', /json/)
@@ -185,7 +177,7 @@ describe('Phase Products', () => {
       request(server)
         .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/99999`)
         .set({
-          Authorization: `Bearer ${testUtil.jwts.manager}`,
+          Authorization: `Bearer ${testUtil.jwts.copilot}`,
         })
         .send({
           param: {
@@ -235,22 +227,43 @@ describe('Phase Products', () => {
     });
 
     it('should return 200 if requested by manager which is a member', (done) => {
+      models.ProjectMember.create({
+        id: 3,
+        userId: testUtil.userIds.manager,
+        projectId,
+        role: 'manager',
+        isPrimary: false,
+        createdBy: 1,
+        updatedBy: 1,
+      }).then(() => {
+        request(server)
+          .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.manager}`,
+          })
+          .send({ param: updateBody })
+          .expect('Content-Type', /json/)
+          .expect(200)
+          .end(done);
+      });
+    });
+
+    it('should return 403 if requested by manager which is not a member', (done) => {
       request(server)
         .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
         .set({
           Authorization: `Bearer ${testUtil.jwts.manager}`,
         })
         .send({ param: updateBody })
         .expect('Content-Type', /json/)
-        .expect(200)
+        .expect(403)
         .end(done);
     });
 
     it('should return 403 if requested by non-member copilot', (done) => {
       models.ProjectMember.destroy({
         where: { userId: testUtil.userIds.copilot, projectId },
-      })
-      .then(() => {
+      }).then(() => {
         request(server)
           .patch(`/v4/projects/${projectId}/phases/${phaseId}/products/${productId}`)
           .set({

src/routes/phases/create.spec.js

@@ -57,49 +57,39 @@ describe('Project Phases', () => {
   beforeEach((done) => {
     // mocks
     testUtil.clearDb()
-      .then(() => {
-        models.Project.create({
-          type: 'generic',
-          billingAccountId: 1,
-          name: 'test1',
-          description: 'test project1',
-          status: 'draft',
-          details: {},
+      .then(() => models.Project.create({
+        type: 'generic',
+        billingAccountId: 1,
+        name: 'test1',
+        description: 'test project1',
+        status: 'draft',
+        details: {},
+        createdBy: 1,
+        updatedBy: 1,
+        lastActivityAt: 1,
+        lastActivityUserId: '1',
+      }).then((p) => {
+        projectId = p.id;
+        projectName = p.name;
+          // create members
+        return models.ProjectMember.bulkCreate([{
+          id: 1,
+          userId: copilotUser.userId,
+          projectId,
+          role: 'copilot',
+          isPrimary: false,
           createdBy: 1,
           updatedBy: 1,
-          lastActivityAt: 1,
-          lastActivityUserId: '1',
-        }).then((p) => {
-          projectId = p.id;
-          projectName = p.name;
-          // create members
-          models.ProjectMember.bulkCreate([{
-            id: 1,
-            userId: copilotUser.userId,
-            projectId,
-            role: 'copilot',
-            isPrimary: false,
-            createdBy: 1,
-            updatedBy: 1,
-          }, {
-            id: 2,
-            userId: memberUser.userId,
-            projectId,
-            role: 'customer',
-            isPrimary: true,
-            createdBy: 1,
-            updatedBy: 1,
-          }, {
-            id: 3,
-            userId: testUtil.userIds.manager,
-            projectId,
-            role: 'manager',
-            isPrimary: false,
-            createdBy: 1,
-            updatedBy: 1,
-          }]);
-        });
-      })
+        }, {
+          id: 2,
+          userId: memberUser.userId,
+          projectId,
+          role: 'customer',
+          isPrimary: true,
+          createdBy: 1,
+          updatedBy: 1,
+        }]);
+      }))
       .then(() =>
         models.ProductTemplate.create({
           name: 'name 1',
@@ -136,7 +126,7 @@ describe('Project Phases', () => {
       .then(() => done());
   });
 
-  after((done) => {
+  afterEach((done) => {
     testUtil.clearDb(done);
   });
 
@@ -368,22 +358,43 @@ describe('Project Phases', () => {
     });
 
     it('should return 201 if requested by manager which is a member', (done) => {
+      models.ProjectMember.create({
+        id: 3,
+        userId: testUtil.userIds.manager,
+        projectId,
+        role: 'manager',
+        isPrimary: false,
+        createdBy: 1,
+        updatedBy: 1,
+      }).then(() => {
+        request(server)
+          .post(`/v4/projects/${projectId}/phases/`)
+          .set({
+            Authorization: `Bearer ${testUtil.jwts.manager}`,
+          })
+          .send({ param: body })
+          .expect('Content-Type', /json/)
+          .expect(201)
+          .end(done);
+      });
+    });
+
+    it('should return 403 if requested by manager which is not a member', (done) => {
       request(server)
         .post(`/v4/projects/${projectId}/phases/`)
         .set({
           Authorization: `Bearer ${testUtil.jwts.manager}`,
         })
         .send({ param: body })
         .expect('Content-Type', /json/)
-        .expect(201)
+        .expect(403)
         .end(done);
     });
 
     it('should return 403 if requested by non-member copilot', (done) => {
       models.ProjectMember.destroy({
         where: { userId: testUtil.userIds.copilot, projectId },
-      })
-      .then(() => {
+      }).then(() => {
         request(server)
           .post(`/v4/projects/${projectId}/phases/`)
           .set({