Improve settings error handling

closes #3450 - Added no-permission error handling for settings edit API. - In Authentication API integration test, updated the initOwnerUser function to insert the roles and user_roles for the owner user so the owner can edit settings after adding the no-permission error handling. I also added the mail send permission to the test since it's used after the user edits the settings.
2025-01-06 22:40:14 -05:00 · 2014-07-29 21:25:53 -04:00 · 2014-07-29 21:25:53 -04:00 · 7009d416cb
commit 7009d416cb
parent 8d2b26daea
3 changed files with 10 additions and 3 deletions
--- a/core/server/api/settings.js
+++ b/core/server/api/settings.js
@ -232,7 +232,10 @@ canEditAllSettings = function (settingsInfo, options) {
                );
            }

-            return canThis(options.context).edit.setting(setting.key);
+            return canThis(options.context).edit.setting(setting.key).catch(function () {
+                return when.reject(new errors.NoPermissionError('You do not have permission to edit settings.'));
+            });
+
        },
        checks = _.map(settingsInfo, function (settingInfo) {
            var setting = settingsCache[settingInfo.key];
--- a/core/test/integration/api/api_authentication_spec.js
+++ b/core/test/integration/api/api_authentication_spec.js
@ -21,7 +21,7 @@ describe('Authentication API', function () {
        describe('Not completed', function () {

            // TODO: stub settings
-            beforeEach(testUtils.setup('roles', 'owner:pre', 'settings', 'perms:setting', 'perms:init'));
+            beforeEach(testUtils.setup('roles', 'owner:pre', 'settings', 'perms:setting', 'perms:mail', 'perms:init'));

            it('should report that setup has not been completed', function (done) {
                AuthAPI.isSetup().then(function (result) {
--- a/core/test/utils/index.js
+++ b/core/test/utils/index.js
@ -172,7 +172,11 @@ fixtures = {
        user = DataGenerator.forKnex.createBasic(user);
        user = _.extend({}, user, {'status': 'inactive'});

-        return knex('users').insert(user);
+        return knex('roles').insert(DataGenerator.forKnex.roles).then(function () {
+            return knex('users').insert(user);
+        }).then(function () {
+            return knex('roles_users').insert(DataGenerator.forKnex.roles_users[0]);
+        });
    },

    insertOwnerUser: function insertOwnerUser() {