From 7009d416cb832c2666e2102f3cb13622c0a15e76 Mon Sep 17 00:00:00 2001
From: Waleed Ali <waleed.ali@snhu.edu>
Date: Tue, 29 Jul 2014 21:25:53 -0400
Subject: [PATCH] Improve settings error handling

closes #3450
- Added no-permission error handling for settings edit API.
- In Authentication API integration test, updated the initOwnerUser
  function to insert the roles and user_roles for the owner user so the
  owner can edit settings after adding the no-permission error handling. I
  also added the mail send permission to the test since it's used after
  the user edits the settings.
---
 core/server/api/settings.js                          | 5 ++++-
 core/test/integration/api/api_authentication_spec.js | 2 +-
 core/test/utils/index.js                             | 6 +++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/core/server/api/settings.js b/core/server/api/settings.js
index ea40f7146b..ae537b31e7 100644
--- a/core/server/api/settings.js
+++ b/core/server/api/settings.js
@@ -232,7 +232,10 @@ canEditAllSettings = function (settingsInfo, options) {
                 );
             }
 
-            return canThis(options.context).edit.setting(setting.key);
+            return canThis(options.context).edit.setting(setting.key).catch(function () {
+                return when.reject(new errors.NoPermissionError('You do not have permission to edit settings.'));
+            });
+
         },
         checks = _.map(settingsInfo, function (settingInfo) {
             var setting = settingsCache[settingInfo.key];
diff --git a/core/test/integration/api/api_authentication_spec.js b/core/test/integration/api/api_authentication_spec.js
index 46ff41a147..5d67a50987 100644
--- a/core/test/integration/api/api_authentication_spec.js
+++ b/core/test/integration/api/api_authentication_spec.js
@@ -21,7 +21,7 @@ describe('Authentication API', function () {
         describe('Not completed', function () {
 
             // TODO: stub settings
-            beforeEach(testUtils.setup('roles', 'owner:pre', 'settings', 'perms:setting', 'perms:init'));
+            beforeEach(testUtils.setup('roles', 'owner:pre', 'settings', 'perms:setting', 'perms:mail', 'perms:init'));
 
             it('should report that setup has not been completed', function (done) {
                 AuthAPI.isSetup().then(function (result) {
diff --git a/core/test/utils/index.js b/core/test/utils/index.js
index ce160ecc1c..8872e1440a 100644
--- a/core/test/utils/index.js
+++ b/core/test/utils/index.js
@@ -172,7 +172,11 @@ fixtures = {
         user = DataGenerator.forKnex.createBasic(user);
         user = _.extend({}, user, {'status': 'inactive'});
 
-        return knex('users').insert(user);
+        return knex('roles').insert(DataGenerator.forKnex.roles).then(function () {
+            return knex('users').insert(user);
+        }).then(function () {
+            return knex('roles_users').insert(DataGenerator.forKnex.roles_users[0]);
+        });
     },
 
     insertOwnerUser: function insertOwnerUser() {