diff --git a/core/server/api/settings.js b/core/server/api/settings.js index ea40f7146b..ae537b31e7 100644 --- a/core/server/api/settings.js +++ b/core/server/api/settings.js @@ -232,7 +232,10 @@ canEditAllSettings = function (settingsInfo, options) { ); } - return canThis(options.context).edit.setting(setting.key); + return canThis(options.context).edit.setting(setting.key).catch(function () { + return when.reject(new errors.NoPermissionError('You do not have permission to edit settings.')); + }); + }, checks = _.map(settingsInfo, function (settingInfo) { var setting = settingsCache[settingInfo.key]; diff --git a/core/test/integration/api/api_authentication_spec.js b/core/test/integration/api/api_authentication_spec.js index 46ff41a147..5d67a50987 100644 --- a/core/test/integration/api/api_authentication_spec.js +++ b/core/test/integration/api/api_authentication_spec.js @@ -21,7 +21,7 @@ describe('Authentication API', function () { describe('Not completed', function () { // TODO: stub settings - beforeEach(testUtils.setup('roles', 'owner:pre', 'settings', 'perms:setting', 'perms:init')); + beforeEach(testUtils.setup('roles', 'owner:pre', 'settings', 'perms:setting', 'perms:mail', 'perms:init')); it('should report that setup has not been completed', function (done) { AuthAPI.isSetup().then(function (result) { diff --git a/core/test/utils/index.js b/core/test/utils/index.js index ce160ecc1c..8872e1440a 100644 --- a/core/test/utils/index.js +++ b/core/test/utils/index.js @@ -172,7 +172,11 @@ fixtures = { user = DataGenerator.forKnex.createBasic(user); user = _.extend({}, user, {'status': 'inactive'}); - return knex('users').insert(user); + return knex('roles').insert(DataGenerator.forKnex.roles).then(function () { + return knex('users').insert(user); + }).then(function () { + return knex('roles_users').insert(DataGenerator.forKnex.roles_users[0]); + }); }, insertOwnerUser: function insertOwnerUser() {