Review the team endpoint tests

nearform / udaru

Open source Access Manager for node.js

https://nearform.github.io/udaru

MIT License

124 stars 19 forks source link

Review the team endpoint tests #485

Open mihaidma opened 6 years ago

mihaidma commented 6 years ago

We need to review the tests written for the team endpoints.
The get user teams endpoint doesn't have e2e or integration tests. This needs to be covered

cianfoley-nearform commented 6 years ago

I think at the moment all access is denied but you're right in that we should be testing this with authorization id with no policy vs ones with read policy (and perhaps another with an explicit deny policy) and check every endpoint for valid and invalid access around several policies. Only then can we be sure it works correctly and we should prob test at team and org level too.

each test could check valid and invalid with the valid returning 200 and invalid showing a 403