pconrad
commented
11 months ago So at least one of the jacoco failures here seems to be a legitimate gap in testing:
You probably need a test where the user is not an admin, but rather an Instructor (which may require setting up a user that has that role) so that a test gets inside the if. You'll then probably need two tests: one where the exception isn't thrown, and one where it is.
Allow instructors to access the deleteStaff function in CoursesController, but only if they're staff in the same course of the staff member they're trying to remove. Throws a not authorized error similar to the updateCourse function if they aren't.
Closes #43