From 8e90ef7b0b60dbdad7afeab0ec7754f4f87a7597 Mon Sep 17 00:00:00 2001
From: "Didier Villevalois (Ptitjes)" <ptitjes@free.fr>
Date: Tue, 14 Nov 2017 03:48:28 +0100
Subject: [PATCH] feat(putUser): take roles in account

Closes #114

Roles can now be modified via putUser by passing ops.roles.
---
 lib/index.js |  6 +++++-
 test/test.js | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/lib/index.js b/lib/index.js
index bd43bd2..dfac959 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -44,6 +44,10 @@ function putUser(db, user, opts, callback) {
     user = pouchdbUtils.assign(user, opts.metadata);
   }
 
+  if (opts.roles) {
+    user = pouchdbUtils.assign(user, {roles: opts.roles});
+  }
+
   var url = utils.getUsersUrl(db) + '/' + encodeURIComponent(user._id);
   var ajaxOpts = pouchdbUtils.assign({
     method : 'PUT',
@@ -73,7 +77,7 @@ exports.signup = pouchdbUtils.toPromise(function (username, password, opts, call
   var user = {
     name     : username,
     password : password,
-    roles    : opts.roles || [],
+    roles    : [],
     type     : 'user',
     _id      : userId
   };
diff --git a/test/test.js b/test/test.js
index d21c976..0dfa759 100644
--- a/test/test.js
+++ b/test/test.js
@@ -211,6 +211,50 @@ testCases.forEach(function (testCase) {
       });
     });
 
+    it('Test that admin can change roles', function () {
+      var roles = ['sidekick'];
+      var newRoles = ['superhero', 'villain'];
+      return db.signup('robin', 'dickgrayson', {roles: roles}).then(function (res) {
+        res.ok.should.equal(true);
+        return db.getUser('robin');
+      }).then(function (user) {
+        user.roles.should.deep.equal(roles);
+      }).then(function () {
+        return db.putUser('robin', {roles: newRoles});
+      }).then(function (res) {
+        res.ok.should.equal(true);
+        return db.getUser('robin');
+      }).then(function (user) {
+        user.roles.should.deep.equal(newRoles);
+      }).catch(function (err) {
+        should.not.exist(err);
+      });
+    });
+
+    it('Test that user cannot change roles', function () {
+      var roles = ['sidekick'];
+      var newRoles = ['superhero', 'villain'];
+      // We can't test for initial roles as we are in admin party
+      // Let us have faith in CouchDB
+      return db.signup('robin', 'dickgrayson', {roles: roles}).then(function (res) {
+        res.ok.should.equal(true);
+        return db.login('robin', 'dickgrayson');
+      }).then(function () {
+        return db.getUser('robin');
+      }).then(function (user) {
+        user.roles.should.deep.equal(roles);
+      }).then(function () {
+        return db.putUser('robin', {roles: newRoles});
+      }).then(function (res) {
+        res.ok.should.not.equal(true);
+        return db.getUser('robin').then(function (user) {
+          user.roles.should.deep.equal(roles);
+        });
+      }).catch(function (err) {
+        should.exist(err);
+      });
+    });
+
     it('Test wrong user for getUser', function () {
       return db.signup('robin', 'dickgrayson').then(function (res) {
         return db.signup('aquaman', 'sleeps_with_fishes');