From e696d53fafdfac82b8e3916f4b21ad49c8f2ab12 Mon Sep 17 00:00:00 2001 From: matheusbsilva137 Date: Fri, 10 May 2024 17:59:57 -0300 Subject: [PATCH] test: add one more test case --- .../tests/end-to-end/api/04-direct-message.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/apps/meteor/tests/end-to-end/api/04-direct-message.js b/apps/meteor/tests/end-to-end/api/04-direct-message.js index c5c2a80d4691..c20b454a9051 100644 --- a/apps/meteor/tests/end-to-end/api/04-direct-message.js +++ b/apps/meteor/tests/end-to-end/api/04-direct-message.js @@ -377,7 +377,7 @@ describe('[Direct Messages]', function () { }); describe('/im.messages.others', () => { - it('should fail when the endpoint is disabled', async () => { + it('should fail when the endpoint is disabled and the user has permissions', async () => { await updateSetting('API_Enable_Direct_Message_History_EndPoint', false); await request .get(api('im.messages.others')) @@ -392,6 +392,22 @@ describe('[Direct Messages]', function () { expect(res.body).to.have.property('errorType', 'error-endpoint-disabled'); }); }); + it('should fail when the endpoint is disabled and the user doesnt have permission', async () => { + await updateSetting('API_Enable_Direct_Message_History_EndPoint', false); + await updatePermission('view-room-administration', ['admin']); + await request + .get(api('im.messages.others')) + .set(credentials) + .query({ + roomId: directMessage._id, + }) + .expect('Content-Type', 'application/json') + .expect(403) + .expect((res) => { + expect(res.body).to.have.property('success', false); + expect(res.body).to.have.property('error', 'User does not have the permissions required for this action [error-unauthorized]'); + }); + }); it('should fail when the endpoint is enabled but the user doesnt have permission', async () => { await updateSetting('API_Enable_Direct_Message_History_EndPoint', true); await updatePermission('view-room-administration', []);