Skip to content

Add integration tests for admin-only access to POST /api/country endpoints #2343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Add integration tests for admin-only access to POST /api/country endpoints #2343

wants to merge 3 commits into from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Jul 19, 2025
edited
Loading

This PR adds comprehensive integration tests to ensure only admin users can access the POST country endpoints, preventing accidental removal of this security restriction in future changes.

Changes Made

New Test Suite

  • Added tests/integration/tests/country/country-admin-access.test.ts with 6 test cases covering:
    • ✅ Admin users can access POST /api/country (expects 201)
    • ✅ Admin users can access POST /api/country/notification-info (expects 201)
    • ✅ Non-admin users are denied access to both endpoints (expects 403)
    • ✅ Unauthenticated users are denied access to both endpoints (expects 401)

Helper Functions

  • Added getNonAdminToken() function in utility.helper.ts to create and authenticate non-admin users for testing
  • Properly handles user creation with fallback for existing users

Test Integration

  • Integrated new test suite into the main test runner (all.test.ts)
  • Follows existing test patterns and coding standards

Validation

The tests verify the admin-only restrictions implemented via:

@ApiBearerAuth()
@UseGuards(RolesGuard)
@Roles(UserRole.Admin)
@Post()

This ensures that the security controls in the country controller cannot be accidentally removed during refactoring or feature development.

Fixes #2342.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@Copilot Copilot AI changed the title [WIP] Add tests to ensure only admin users can call POST /api/country Add integration tests for admin-only access to POST /api/country endpoints Jul 19, 2025
@Copilot Copilot AI requested a review from gulfaraz July 19, 2025 21:45
Copilot finished work on behalf of gulfaraz July 19, 2025 21:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gulfaraz gulfaraz Awaiting requested review from gulfaraz

Assignees

@gulfaraz gulfaraz

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add tests to ensure only admin users can call POST /api/country

2 participants

@Copilot @gulfaraz