Permissions authorization middleware.

server/tests/routes/accountOpeningBalance.test.js

@@ -1,4 +1,4 @@
-import { request, expect } from '~/testInit';
+import { request, expect, create } from '~/testInit';
 
 describe('routes: `/accountOpeningBalance`', () => {
   describe('POST `/accountOpeningBalance`', () => {
@@ -40,5 +40,16 @@ describe('routes: `/accountOpeningBalance`', () => {
         type: 'NOT_FOUND_ACCOUNT', code: 100, ids: [100],
       });
     });
+
+    it('Should store the given credit and debit to the account balance in the storage.', async () => {
+      const account = await create('account');
+      const res = await request().post('/api/accountOpeningBalance').send({
+        accounts: [
+          { id: account.id, credit: 100, debit: 2 },
+        ],
+      });
+
+      console.log(res.status);
+    });
   });
 });

server/tests/routes/auth.test.js

@@ -85,14 +85,14 @@ describe('routes: /auth/', () => {
     });
 
     it('Should autheticate success with correct phone number and password.', async () => {
-      const password = hashPassword('admin');
+      const password = await hashPassword('admin');
       const user = await create('user', {
         phone_number: '0920000000',
         password,
       });
       const res = await request().post('/api/auth/login').send({
-        crediential: user.phone_number,
-        password,
+        crediential: user.email,
+        password: 'admin',
       });
 
       expect(res.status).equals(200);

server/tests/routes/authorization.test.js

@@ -0,0 +1,10 @@
+
+describe('Authorization', () => {
+  it('Should response unauthorized in case use has no role has permissions to the given resource.', () => {
+
+  });
+
+  it('Should response authorized in case user has role has all permissions.', () => {
+
+  });
+});

server/tests/routes/items.test.js

@@ -1,10 +1,26 @@
-import { request, expect, create } from '~/testInit';
+import {
+  request,
+  expect,
+  create,
+  login,
+} from '~/testInit';
 import knex from '@/database/knex';
 
-describe('routes: `/items`', () => {
-  describe('POST: `/items`', () => {
+describe.only('routes: `/items`', () => {
+  describe.only('POST: `/items`', () => {
     it('Should not create a new item if the user was not authorized.', async () => {
+      const res = await request().post('/api/items').send();
 
+      expect(res.status).equals(401);
+      expect(res.body.message).equals('unauthorized');
+    });
+
+    it('Should user have create permission to create a new item.', async () => {
+      const loginRes = await login();
+      const res = await request().post('/api/items')
+        .set('x-access-token', loginRes.body.token).send();
+
+      expect(res.status).equals(401);
     });
 
     it('Should `name` be required.', async () => {

server/tests/routes/views.test.js

@@ -154,7 +154,7 @@ describe('routes: `/views`', () => {
     });
   });
 
-  describe.only('POST: `/views/:view_id`', () => {
+  describe('POST: `/views/:view_id`', () => {
     it('Should `label` be required.', async () => {
       const view = await create('view');
       const res = await request().post(`/api/views/${view.id}`);
@@ -251,7 +251,7 @@ describe('routes: `/views`', () => {
       expect(res.status).equals(404);
     });
 
-    it.only('Should response the roles fields not exist in case role field was not exist.', async () => {
+    it('Should response the roles fields not exist in case role field was not exist.', async () => {
       const view = await create('view');
       await create('resource_field', {
         resource_id: view.resource_id,