Introduce admin and moderator role, check role on list_users action

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

Add test for guards

test/mobilizon/users/service/tools.exs

@@ -0,0 +1,28 @@
+defmodule Mobilizon.Users.Service.ToolsTest do
+  use Mobilizon.DataCase
+
+  import Mobilizon.Factory
+
+  setup do
+    user = insert(:user)
+    moderator = insert(:user, role: :moderator)
+    administrator = insert(:user, role: :administrator)
+    {:ok, user: user, moderator: moderator, administrator: administrator}
+  end
+
+  describe "test guards" do
+    import Mobilizon.Users.Guards
+
+    test "is_moderator/1 guard", %{user: user, moderator: moderator, administrator: administrator} do
+      refute is_moderator(user.role)
+      assert is_moderator(moderator.role)
+      assert is_moderator(administrator.role)
+    end
+
+    test "is_admin/1 guard", %{user: user, moderator: moderator, administrator: administrator} do
+      refute is_admin(user.role)
+      refute is_admin(moderator.role)
+      assert is_admin(administrator.role)
+    end
+  end
+end

test/mobilizon_web/resolvers/user_resolver_test.exs

@@ -75,8 +75,33 @@ defmodule MobilizonWeb.Resolvers.UserResolverTest do
   end
 
   describe "Resolver: List users" do
+    test "list_users/3 doesn't return anything with a non moderator user", context do
+      insert(:user, email: "riri@example.com", role: :moderator)
+      user = insert(:user, email: "fifi@example.com")
+      insert(:user, email: "loulou@example.com", role: :administrator)
+
+      query = """
+      {
+        users {
+          total,
+          elements {
+            email
+          }
+        }
+      }
+      """
+
+      res =
+        context.conn
+        |> auth_conn(user)
+        |> get("/api", AbsintheHelpers.query_skeleton(query, "user"))
+
+      assert hd(json_response(res, 200)["errors"])["message"] ==
+               "You need to have admin access to list users"
+    end
+
     test "list_users/3 returns a list of users", context do
-      insert(:user, email: "riri@example.com")
+      user = insert(:user, email: "riri@example.com", role: :moderator)
       insert(:user, email: "fifi@example.com")
       insert(:user, email: "loulou@example.com")
 
@@ -93,6 +118,7 @@ defmodule MobilizonWeb.Resolvers.UserResolverTest do
 
       res =
         context.conn
+        |> auth_conn(user)
         |> get("/api", AbsintheHelpers.query_skeleton(query, "user"))
 
       assert json_response(res, 200)["errors"] == nil
@@ -119,6 +145,7 @@ defmodule MobilizonWeb.Resolvers.UserResolverTest do
 
       res =
         context.conn
+        |> auth_conn(user)
         |> get("/api", AbsintheHelpers.query_skeleton(query, "user"))
 
       assert json_response(res, 200)["errors"] == nil
@@ -142,6 +169,7 @@ defmodule MobilizonWeb.Resolvers.UserResolverTest do
 
       res =
         context.conn
+        |> auth_conn(user)
         |> get("/api", AbsintheHelpers.query_skeleton(query, "user"))
 
       assert json_response(res, 200)["errors"] == nil

test/support/factory.ex

@@ -9,7 +9,7 @@ defmodule Mobilizon.Factory do
     %Mobilizon.Users.User{
       password_hash: "Jane Smith",
       email: sequence(:email, &"email-#{&1}@example.com"),
-      role: 0,
+      role: :user,
       confirmed_at: DateTime.utc_now() |> DateTime.truncate(:second),
       confirmation_sent_at: nil,
       confirmation_token: nil