Merge pull request #391 from TaloDev/update-leaderboard-entry-permission

Require admin permissions to update leaderboard entries

src/policies/leaderboard.policy.ts

@@ -32,6 +32,7 @@ export default class LeaderboardPolicy extends Policy {
     return await this.canAccessGame(Number(gameId))
   }
 
+  @UserTypeGate([UserType.ADMIN], 'update leaderboard entries')
   async updateEntry(req: Request): Promise<PolicyResponse> {
     return await this.canAccessLeaderboard(req, ['entries'])
   }

tests/services/leaderboard/steamworksUpdateEntry.test.ts

@@ -13,6 +13,7 @@ import LeaderboardFactory from '../../fixtures/LeaderboardFactory'
 import PlayerFactory from '../../fixtures/PlayerFactory'
 import SteamworksLeaderboardMapping from '../../../src/entities/steamworks-leaderboard-mapping'
 import { randBoolean, randNumber } from '@ngneat/falso'
+import { UserType } from '../../../src/entities/user'
 
 describe('Leaderboard service - update entry - steamworks integration', () => {
   const axiosMock = new AxiosMockAdapter(axios)
@@ -23,7 +24,7 @@ describe('Leaderboard service - update entry - steamworks integration', () => {
 
   it('should delete entries when they are hidden', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const updateMock = vi.fn(() => [200, {
       result: {
@@ -60,7 +61,7 @@ describe('Leaderboard service - update entry - steamworks integration', () => {
 
   it('should create entries when they are unhidden', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const updateMock = vi.fn(() => [200, {
       result: {
@@ -101,7 +102,7 @@ describe('Leaderboard service - update entry - steamworks integration', () => {
 
   it('should not sync entries when syncing is disabled', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const updateMock = vi.fn(() => [200, {}])
     axiosMock.onPost('https://partner.steam-api.com/ISteamLeaderboards/SetLeaderboardScore/v1').replyOnce(updateMock)
@@ -127,7 +128,7 @@ describe('Leaderboard service - update entry - steamworks integration', () => {
 
   it('should not sync entries when the entry is not a steam alias', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const updateMock = vi.fn(() => [200, {}])
     axiosMock.onPost('https://partner.steam-api.com/ISteamLeaderboards/SetLeaderboardScore/v1').replyOnce(updateMock)
@@ -153,7 +154,7 @@ describe('Leaderboard service - update entry - steamworks integration', () => {
 
   it('should not sync entries when there is no leaderboard mapping', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const updateMock = vi.fn(() => [200, {}])
     axiosMock.onPost('https://partner.steam-api.com/ISteamLeaderboards/SetLeaderboardScore/v1').replyOnce(updateMock)
@@ -178,7 +179,7 @@ describe('Leaderboard service - update entry - steamworks integration', () => {
 
   it('should update entries when their score is changed', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const updateMock = vi.fn(() => [200, {
       result: {

tests/services/leaderboard/updateEntry.test.ts

@@ -6,11 +6,15 @@ import GameActivity, { GameActivityType } from '../../../src/entities/game-activ
 import LeaderboardEntryFactory from '../../fixtures/LeaderboardEntryFactory'
 import createOrganisationAndGame from '../../utils/createOrganisationAndGame'
 import createUserAndToken from '../../utils/createUserAndToken'
+import { UserType } from '../../../src/entities/user'
+import userPermissionProvider from '../../utils/userPermissionProvider'
 
 describe('Leaderboard service - update entry', () => {
-  it('should mark a leaderboard entry as hidden', async () => {
+  it.each(userPermissionProvider([
+    UserType.ADMIN
+  ]))('should mark a leaderboard entry as hidden with %i for a %s user', async (statusCode, _, type) => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type }, organisation)
 
     const leaderboard = await new LeaderboardFactory([game]).one()
     const players = await new PlayerFactory([game]).many(10)
@@ -21,9 +25,7 @@ describe('Leaderboard service - update entry', () => {
       .patch(`/games/${game.id}/leaderboards/${leaderboard.id}/entries/${entry.id}`)
       .send({ hidden: true })
       .auth(token, { type: 'bearer' })
-      .expect(200)
-
-    expect(res.body.entry.hidden).toBe(true)
+      .expect(statusCode)
 
     const activity = await (<EntityManager>global.em).getRepository(GameActivity).findOne({
       type: GameActivityType.LEADERBOARD_ENTRY_HIDDEN,
@@ -37,12 +39,17 @@ describe('Leaderboard service - update entry', () => {
       }
     })
 
-    expect(activity).not.toBeNull()
+    if (statusCode === 200) {
+      expect(res.body.entry.hidden).toBe(true)
+      expect(activity).not.toBeNull()
+    } else {
+      expect(activity).toBeNull()
+    }
   })
 
   it('should mark an entry as unhidden', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const leaderboard = await new LeaderboardFactory([game]).one()
     const players = await new PlayerFactory([game]).many(10)
@@ -74,7 +81,7 @@ describe('Leaderboard service - update entry', () => {
 
   it('should not mark an entry as unhidden if the hidden property isn\'t sent', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const leaderboard = await new LeaderboardFactory([game]).one()
     const players = await new PlayerFactory([game]).many(10)
@@ -106,7 +113,7 @@ describe('Leaderboard service - update entry', () => {
 
   it('should not update a non-existent entry', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const leaderboard = await new LeaderboardFactory([game]).one()
     await (<EntityManager>global.em).persistAndFlush(leaderboard)
@@ -122,7 +129,7 @@ describe('Leaderboard service - update entry', () => {
 
   it('should update a leaderboard entry\'s score', async () => {
     const [organisation, game] = await createOrganisationAndGame()
-    const [token] = await createUserAndToken({}, organisation)
+    const [token] = await createUserAndToken({ type: UserType.ADMIN }, organisation)
 
     const leaderboard = await new LeaderboardFactory([game]).one()
     const players = await new PlayerFactory([game]).many(10)