fix(test): invalid_role should trigger one or more roles not found …

…since not exist PS assgine permission Unit test is missing!
restorecommerce · Sep 4, 2024 · dadb7af · dadb7af
1 parent 2fbbbaf
commit dadb7af
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 22 deletions.
diff --git a/src/service.ts b/src/service.ts
@@ -818,17 +818,17 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
         limit: targetUserRoleIds.length,
         subject,
       }, {});
+
       if (rolesData?.items?.length < targetUserRoleIds.length)  {
         const message = `One or more of the target role IDs are invalid ${targetUserRoleIds},` +
           ` no such role exist in system`;
         this.logger.error(message, rolesData);
         return returnStatus(400, message, user.id);
       }
-      let dbTargetRoles = [];
+
       if (rolesData?.items?.length > 0) {
         for (let targetRole of rolesData.items) {
           if (targetRole?.payload?.id) {
-            dbTargetRoles.push(targetRole.payload.id);
             if (!targetRole?.payload?.assignable_by_roles ||
               !createAccessRole.some((role) => targetRole?.payload?.assignable_by_roles?.includes(role))) {
               const userNameId = user?.name ? user.name : user?.id;
@@ -840,17 +840,6 @@ export class UserService extends ServiceBase<UserListResponse, UserList> impleme
           }
         }
       }
-
-      // validate target roles is a valid role in DB
-      for (let targetUserRoleId of targetUserRoleIds || []) {
-        if (!dbTargetRoles?.includes(targetUserRoleId)) {
-          const userNameId = user?.name ? user.name : user?.id;
-          let message = `The target role ${targetUserRoleId} is invalid and cannot be assigned to` +
-            ` user ${userNameId}`;
-          this.logger.verbose(message);
-          return returnStatus(403, message, user.id);
-        }
-      }
     }
 
     if (skipValidatingScopingInstance) {

diff --git a/test/service.spec.ts b/test/service.spec.ts
@@ -1722,8 +1722,10 @@ describe('testing identity-srv', () => {
         it('should not allow to create a User with invalid role existing in system', async () => {
           testUser.role_associations![0]!.role = 'invalid_role';
           const result = await userService.create({ items: [testUser], subject });
-          result!.items![0]!.status!.code!.should.equal(403);
-          result!.items![0]!.status!.message!.should.equal('The target role invalid_role is invalid and cannot be assigned to user test.user');
+          result!.items![0]!.status!.code!.should.equal(400);
+          result!.items![0]!.status!.message!.should.equal(
+            `One or more of the target role IDs are invalid ${ testUser.role_associations!.map(ra => ra.role) }, no such role exist in system`
+          );
           result!.items![0]!.status!.id!.should.equal('testuser');
           result!.operation_status!.code!.should.equal(200);
           result!.operation_status!.message!.should.equal('success');
@@ -1746,15 +1748,17 @@ describe('testing identity-srv', () => {
           testUser.role_associations![0]!.role = 'invalid_role';
           const result = await userService.create({ items: [testuser1, testUser], subject });
 
-          result!.items![0]!.status!.code!.should.equal(403);
-          result!.items![0]!.status!.message!.should.equal('The target role invalid_role is invalid and cannot be assigned to user test.user');
+          result!.items![0]!.status!.code!.should.equal(400);
+          result!.items![0]!.status!.message!.should.equal(
+            `One or more of the target role IDs are invalid ${ testUser.role_associations!.map(ra => ra.role) }, no such role exist in system`
+          );
           result!.items![0]!.status!.id!.should.equal('testuser');
           // first user created, validate result
-          result!.items!![1]!.status!.code!.should.equal(200);
-          result!.items!![1]!.status!.message!.should.equal('success');
-          result!.items!![1]!.status!.id!.should.equal('testuser2');
-          result!.items!![1]!.payload!.name!.should.equal('test.user2');
-          result!.items!![1]!.payload!.email!.should.equal('[email protected]');
+          result!.items![1]!.status!.code!.should.equal(200);
+          result!.items![1]!.status!.message!.should.equal('success');
+          result!.items![1]!.status!.id!.should.equal('testuser2');
+          result!.items![1]!.payload!.name!.should.equal('test.user2');
+          result!.items![1]!.payload!.email!.should.equal('[email protected]');
           // overall status
           result!.operation_status!.code!.should.equal(200);
           result!.operation_status!.message!.should.equal('success');