Added validation for updating user roles in the userModel database (#1297)

* added roles validator

* changes validator key spell

* write test for roles validator

Author: shubhamsinghbundela

middlewares/validators/user.js

@@ -39,6 +39,14 @@ const updateUser = async (req, res, next) => {
         .valid(...Object.values(USER_STATUS))
         .optional(),
       discordId: joi.string().optional(),
+      roles: joi.object().keys({
+        archived: joi.boolean().required(),
+        in_discord: joi.boolean().required(),
+        developer: joi.boolean().optional(),
+        designer: joi.boolean().optional(),
+        maven: joi.boolean().optional(),
+        productmanager: joi.boolean().optional(),
+      }),
     });
 
   try {

test/integration/users.test.js

@@ -119,6 +119,29 @@ describe("Users", function () {
         });
     });
 
+    it("Should update the user roles", function (done) {
+      chai
+        .request(app)
+        .patch("/users/self")
+        .set("cookie", `${cookieName}=${jwt}`)
+        .send({
+          roles: {
+            archived: false,
+            in_discord: false,
+            developer: true,
+          },
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          expect(res).to.have.status(204);
+
+          return done();
+        });
+    });
+
     it("Should return 400 for invalid status value", function (done) {
       chai
         .request(app)
@@ -144,6 +167,51 @@ describe("Users", function () {
         });
     });
 
+    it("Should return 400 if required roles is missing", function (done) {
+      chai
+        .request(app)
+        .patch("/users/self")
+        .set("cookie", `${cookieName}=${jwt}`)
+        .send({
+          roles: {
+            in_discord: false,
+            developer: true,
+          },
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          expect(res).to.have.status(400);
+
+          return done();
+        });
+    });
+
+    it("Should return 400 if invalid roles", function (done) {
+      chai
+        .request(app)
+        .patch("/users/self")
+        .set("cookie", `${cookieName}=${jwt}`)
+        .send({
+          roles: {
+            archived: "false",
+            in_discord: false,
+            developer: true,
+          },
+        })
+        .end((err, res) => {
+          if (err) {
+            return done(err);
+          }
+
+          expect(res).to.have.status(400);
+
+          return done();
+        });
+    });
+
     it("Should return 400 for invalid username", function (done) {
       chai
         .request(app)

test/unit/middlewares/user-validator.test.js

@@ -49,6 +49,44 @@ describe("Middleware | Validators | User", function () {
       expect(next.calledOnce).to.be.equal(true);
     });
 
+    it("lets roles update request pass to next", async function () {
+      const req = {
+        body: {
+          roles: {
+            archived: false,
+            in_discord: false,
+            developer: true,
+          },
+        },
+      };
+
+      const res = {};
+      const next = sinon.spy();
+      await updateUser(req, res, next);
+      expect(next.calledOnce).to.be.equal(true);
+    });
+
+    it("Stops the propagation of the next if required roles missing", async function () {
+      const req = {
+        body: {
+          roles: {
+            in_discord: false,
+            developer: true,
+          },
+        },
+      };
+      const res = {
+        boom: {
+          badRequest: () => {},
+        },
+      };
+      const nextSpy = sinon.spy();
+      await updateUser(req, res, nextSpy).catch((err) => {
+        expect(err).to.be.an.instanceOf(Error);
+      });
+      expect(nextSpy.calledOnce).to.be.equal(false);
+    });
+
     it("Stops the propagation of the next if twitter_id is invalid", async function () {
       const req = {
         body: {