diff --git a/controllers/users.js b/controllers/users.js index da03e5121..b05a397af 100644 --- a/controllers/users.js +++ b/controllers/users.js @@ -396,6 +396,7 @@ const getSelfDetails = async (req, res) => { const updateSelf = async (req, res) => { try { const { id: userId, roles: userRoles, discordId } = req.userData; + const devFeatureFlag = req.query.dev === "true"; const { user } = await dataAccess.retrieveUsers({ id: userId }); let rolesToDisable = []; @@ -432,11 +433,13 @@ const updateSelf = async (req, res) => { if (userRoles.in_discord && !user.incompleteUserDetails) { const membersInDiscord = await getDiscordMembers(); + if (!Array.isArray(membersInDiscord)) + return res.status(404).send({ message: "Error Fetching Members From Discord" }); const discordMember = membersInDiscord.find((member) => member.user.id === discordId); if (discordMember) { const { roles } = discordMember; if (roles && roles.includes(discordDeveloperRoleId)) { - if (req.body.disabledRoles) { + if (req.body.disabledRoles && devFeatureFlag) { const updatedUser = await userQuery.addOrUpdate({ disabled_roles: rolesToDisable }, userId); if (updatedUser) { return res diff --git a/test/integration/users.test.js b/test/integration/users.test.js index 9ac2af224..b70c89380 100644 --- a/test/integration/users.test.js +++ b/test/integration/users.test.js @@ -2427,7 +2427,7 @@ describe("Users", function () { it("Should return 200 when disabled_roles is being set to [super_user] in userObject ", async function () { const res = await chai .request(app) - .patch("/users/self") + .patch("/users/self?dev=true") .set("cookie", `${cookieName}=${jwt}`) .send({ disabledRoles: ["super_user"], @@ -2450,7 +2450,7 @@ describe("Users", function () { it("Should return 200 when disabled_roles is being set to [super_user, member] in userObject", async function () { const res = await chai .request(app) - .patch("/users/self") + .patch("/users/self?dev=true") .set("cookie", `${cookieName}=${jwt}`) .send({ disabledRoles: ["super_user", "member"], @@ -2472,7 +2472,7 @@ describe("Users", function () { }); it("Should return 200 when disabled_roles is being set to [], member in userObject", async function () { - const res = await chai.request(app).patch("/users/self").set("cookie", `${cookieName}=${jwt}`).send({ + const res = await chai.request(app).patch("/users/self?dev=true").set("cookie", `${cookieName}=${jwt}`).send({ disabledRoles: [], }); expect(res).to.have.status(200); @@ -2489,10 +2489,34 @@ describe("Users", function () { expect(res2.body.roles.member).to.be.equal(true); }); + it("Should return 403 when disabled_roles is being set to [], member in userObject without the dev flag", async function () { + const res = await chai.request(app).patch("/users/self").set("cookie", `${cookieName}=${jwt}`).send({ + disabledRoles: [], + }); + expect(res).to.have.status(403); + expect(res.body.message).to.equal( + "Developers can only update disabled_roles. Use profile service for updating other attributes." + ); + }); + + it("Should return 404 when disabled_roles is being set to [], but discord reponds with an error", async function () { + fetchStub.returns( + Promise.resolve({ + status: 200, + json: () => Promise.resolve({ error: "🚫 Bad Request Signature" }), + }) + ); + const res = await chai.request(app).patch("/users/self").set("cookie", `${cookieName}=${jwt}`).send({ + disabledRoles: [], + }); + expect(res).to.have.status(404); + expect(res.body.message).to.equal("Error Fetching Members From Discord"); + }); + it("Should return 400 when disabled_roles is being set to ['admin'], member in userObject", async function () { const res = await chai .request(app) - .patch("/users/self") + .patch("/users/self?dev=true") .set("cookie", `${cookieName}=${jwt}`) .send({ disabledRoles: ["admin"],