test: add one more test case

RocketChat · May 10, 2024 · e696d53 · e696d53
1 parent 9678f22
commit e696d53
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/apps/meteor/tests/end-to-end/api/04-direct-message.js b/apps/meteor/tests/end-to-end/api/04-direct-message.js
@@ -377,7 +377,7 @@ describe('[Direct Messages]', function () {
 	});
 
 	describe('/im.messages.others', () => {
-		it('should fail when the endpoint is disabled', async () => {
+		it('should fail when the endpoint is disabled and the user has permissions', async () => {
 			await updateSetting('API_Enable_Direct_Message_History_EndPoint', false);
 			await request
 				.get(api('im.messages.others'))
@@ -392,6 +392,22 @@ describe('[Direct Messages]', function () {
 					expect(res.body).to.have.property('errorType', 'error-endpoint-disabled');
 				});
 		});
+		it('should fail when the endpoint is disabled and the user doesnt have permission', async () => {
+			await updateSetting('API_Enable_Direct_Message_History_EndPoint', false);
+			await updatePermission('view-room-administration', ['admin']);
+			await request
+				.get(api('im.messages.others'))
+				.set(credentials)
+				.query({
+					roomId: directMessage._id,
+				})
+				.expect('Content-Type', 'application/json')
+				.expect(403)
+				.expect((res) => {
+					expect(res.body).to.have.property('success', false);
+					expect(res.body).to.have.property('error', 'User does not have the permissions required for this action [error-unauthorized]');
+				});
+		});
 		it('should fail when the endpoint is enabled but the user doesnt have permission', async () => {
 			await updateSetting('API_Enable_Direct_Message_History_EndPoint', true);
 			await updatePermission('view-room-administration', []);