From bc35a27750dd2f3241d34bde6fec4803d96db786 Mon Sep 17 00:00:00 2001 From: Matt Lott Date: Fri, 10 Apr 2015 16:04:36 -0700 Subject: [PATCH] Private clans server updates Only return private clans in lists to owners. Get for specific private clan still allowed. Restrict create/join private clan to premium users. --- server/clans/clan_handler.coffee | 19 +- server/users/user_handler.coffee | 4 +- test/server/functional/clan.spec.coffee | 594 +++++++++++++++--------- 3 files changed, 383 insertions(+), 234 deletions(-) diff --git a/server/clans/clan_handler.coffee b/server/clans/clan_handler.coffee index d0f221518..45cef76ff 100644 --- a/server/clans/clan_handler.coffee +++ b/server/clans/clan_handler.coffee @@ -17,13 +17,15 @@ ClanHandler = class ClanHandler extends Handler hasAccess: (req) -> return true if req.method in ['GET'] - return true if req.user? and not req.user.isAnonymous() + return false unless req.user? + return false if req.user.isAnonymous() + return true if req.body.type is 'public' or req.user.isPremium() false hasAccessToDocument: (req, document, method=null) -> return false unless document? - method = (method or req.method).toLowerCase() return true if req.user?.isAdmin() + method = (method or req.method).toLowerCase() return true if method is 'get' return true if document.get('ownerID')?.equals req.user._id false @@ -64,12 +66,17 @@ ClanHandler = class ClanHandler extends Handler clanID = mongoose.Types.ObjectId(clanID) catch err return @sendNotFoundError(res, err) - Clan.update {_id: clanID}, {$addToSet: {members: req.user._id}}, (err) => + Clan.findById clanID, (err, clan) => return @sendDatabaseError(res, err) if err - User.update {_id: req.user._id}, {$addToSet: {clans: clanID}}, (err) => + return @sendDatabaseError(res, err) unless clan + return @sendDatabaseError(res, err) unless clanType = clan.get('type') + return @sendForbiddenError(res) unless clanType is 'public' or req.user.isPremium() + Clan.update {_id: clanID}, {$addToSet: {members: req.user._id}}, (err) => return @sendDatabaseError(res, err) if err - @sendSuccess(res) - AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: 'public' + User.update {_id: req.user._id}, {$addToSet: {clans: clanID}}, (err) => + return @sendDatabaseError(res, err) if err + @sendSuccess(res) + AnalyticsLogEvent.logEvent req.user, 'Clan joined', clanID: clanID, type: clanType leaveClan: (req, res, clanID) -> return @sendForbiddenError(res) unless req.user? and not req.user.isAnonymous() diff --git a/server/users/user_handler.coffee b/server/users/user_handler.coffee index 13601fe9c..9549fdf0a 100644 --- a/server/users/user_handler.coffee +++ b/server/users/user_handler.coffee @@ -543,7 +543,9 @@ UserHandler = class UserHandler extends Handler @getDocumentForIdOrSlug userIDOrSlug, (err, user) => return @sendNotFoundError(res) if not user clanIDs = user.get('clans') ? [] - Clan.find {_id: {$in: clanIDs}}, (err, documents) => + query = {$and: [{_id: {$in: clanIDs}}]} + query['$and'].push {type: 'public'} unless req.user.id is user.id + Clan.find query, (err, documents) => return @sendDatabaseError(res, err) if err @sendSuccess(res, documents) diff --git a/test/server/functional/clan.spec.coffee b/test/server/functional/clan.spec.coffee index 92f6d5522..43ac49d42 100644 --- a/test/server/functional/clan.spec.coffee +++ b/test/server/functional/clan.spec.coffee @@ -6,6 +6,7 @@ mongoose = require 'mongoose' describe 'Clans', -> stripe = require('stripe')(config.stripe.secretKey) clanURL = getURL('/db/clan') + userURL = getURL('/db/user') clanCount = 0 createClanName = (name) -> name + clanCount++ @@ -41,269 +42,408 @@ describe 'Clans', -> throw err if err done() - it 'Create clan', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', 'test description', (clan) -> - done() + describe 'Public', -> - it 'Anonymous create clan 401', (done) -> - logoutUser -> - requestBody = - type: 'public' - name: createClanName 'myclan' - request.post {uri: clanURL, json: requestBody }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(401) - done() + it 'Create clan', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', 'test description', (clan) -> + done() - it 'Create clan missing type 422', (done) -> - loginNewUser (user1) -> - requestBody = - name: createClanName 'myclan' - request.post {uri: clanURL, json: requestBody }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(422) - done() + it 'Anonymous create clan 401', (done) -> + logoutUser -> + requestBody = + type: 'public' + name: createClanName 'myclan' + request.post {uri: clanURL, json: requestBody }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(401) + done() - it 'Create clan missing name 422', (done) -> - loginNewUser (user1) -> - requestBody = - type: 'public' - request.post {uri: clanURL, json: requestBody }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(422) - done() + it 'Create clan missing type 403', (done) -> + loginNewUser (user1) -> + requestBody = + name: createClanName 'myclan' + request.post {uri: clanURL, json: requestBody }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(403) + done() - it 'Get public clans', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - createClan user1, 'public', 'the second clan', (clan2) -> - request.get {uri: "#{clanURL}/-/public" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - expect(body.length).toBeGreaterThan(1) - done() + it 'Create clan missing name 422', (done) -> + loginNewUser (user1) -> + requestBody = + type: 'public' + request.post {uri: clanURL, json: requestBody }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(422) + done() - it 'Get public clans anonymous', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - createClan user1, 'public', null, (clan2) -> - logoutUser -> + it 'Get public clans', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + createClan user1, 'public', 'the second clan', (clan2) -> request.get {uri: "#{clanURL}/-/public" }, (err, res, body) -> expect(err).toBeNull() expect(res.statusCode).toBe(200) expect(body.length).toBeGreaterThan(1) done() - it 'Join clan', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - Clan.findById clan1.id, (err, clan1) -> - expect(err).toBeNull() - expect(clan1.get('members')?.length).toEqual(2) - expect(_.find clan1.get('members'), (memberID) -> user2._id.equals memberID).toBeDefined() - User.findById user2.id, (err, user2) -> - expect(err).toBeNull() - expect(user2.get('clans')?.length).toBeGreaterThan(0) - expect(_.find user2.get('clans'), (clanID) -> clan1._id.equals clanID).toBeDefined() - done() - - it 'Join invalid clan 404', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/1234/join" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(404) - done() - - it 'Join clan anonymous 401', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - logoutUser -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(401) - done() - - it 'Join clan twice 200', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - Clan.findById clan1.id, (err, clan1) -> - expect(err).toBeNull() - expect(_.find clan1.get('members'), (memberID) -> memberID.equals user2.id).toBeDefined() - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + it 'Get public clans anonymous', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + createClan user1, 'public', null, (clan2) -> + logoutUser -> + request.get {uri: "#{clanURL}/-/public" }, (err, res, body) -> expect(err).toBeNull() expect(res.statusCode).toBe(200) + expect(body.length).toBeGreaterThan(1) done() - it 'Leave clan', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', 'do not stay too long', (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) + it 'Join clan', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + loginNewUser (user2) -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + Clan.findById clan1.id, (err, clan1) -> + expect(err).toBeNull() + expect(clan1.get('members')?.length).toEqual(2) + expect(_.find clan1.get('members'), (memberID) -> user2._id.equals memberID).toBeDefined() + User.findById user2.id, (err, user2) -> + expect(err).toBeNull() + expect(user2.get('clans')?.length).toBeGreaterThan(0) + expect(_.find user2.get('clans'), (clanID) -> clan1._id.equals clanID).toBeDefined() + done() + + it 'Join invalid clan 404', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + loginNewUser (user2) -> + request.put {uri: "#{clanURL}/1234/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(404) + done() + + it 'Join clan anonymous 401', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + logoutUser -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(401) + done() + + it 'Join clan twice 200', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + loginNewUser (user2) -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + Clan.findById clan1.id, (err, clan1) -> + expect(err).toBeNull() + expect(_.find clan1.get('members'), (memberID) -> memberID.equals user2.id).toBeDefined() + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + done() + + it 'Leave clan', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', 'do not stay too long', (clan1) -> + loginNewUser (user2) -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + request.put {uri: "#{clanURL}/#{clan1.id}/leave" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + Clan.findById clan1.id, (err, clan1) -> + expect(err).toBeNull() + expect(_.find clan1.get('members'), (memberID) -> memberID.equals user2.id).toBeUndefined() + User.findById user2.id, (err, user2) -> + expect(err).toBeNull() + expect(user2.get('clans').length).toEqual(0) + done() + + it 'Leave clan not member 200', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + loginNewUser (user2) -> request.put {uri: "#{clanURL}/#{clan1.id}/leave" }, (err, res, body) -> expect(err).toBeNull() expect(res.statusCode).toBe(200) Clan.findById clan1.id, (err, clan1) -> expect(err).toBeNull() expect(_.find clan1.get('members'), (memberID) -> memberID.equals user2.id).toBeUndefined() - User.findById user2.id, (err, user2) -> - expect(err).toBeNull() - expect(user2.get('clans').length).toEqual(0) - done() - - it 'Leave clan not member 200', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/#{clan1.id}/leave" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - Clan.findById clan1.id, (err, clan1) -> - expect(err).toBeNull() - expect(_.find clan1.get('members'), (memberID) -> memberID.equals user2.id).toBeUndefined() - done() - - it 'Leave owned clan 403', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - request.put {uri: "#{clanURL}/#{clan1.id}/leave" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(403) - done() - - it 'Remove member', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - loginUser user1, (user1) -> - request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user2.id}" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - Clan.findById clan1.id, (err, clan1) -> - expect(err).toBeNull() - expect(clan1.get('members').length).toEqual(1) - expect(clan1.get('members')[0]).toEqual(user1.get('_id')) - User.findById user2.id, (err, user2) -> - expect(err).toBeNull() - expect(user2.get('clans').length).toEqual(0) - done() - - it 'Remove non-member 200', (done) -> - loginNewUser (user2) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user2.id}" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - Clan.findById clan1.id, (err, clan1) -> - expect(err).toBeNull() - expect(clan1.get('members').length).toEqual(1) - expect(clan1.get('members')[0]).toEqual(user1.get('_id')) - done() - - it 'Remove invalid memberID 404', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - request.put {uri: "#{clanURL}/#{clan1.id}/remove/123" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(404) - done() - - it 'Remove member, not in clan 403', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(200) - loginNewUser (user3) -> - request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user2.id}" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(403) done() - it 'Remove member, not the owner 403', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - loginNewUser (user2) -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + it 'Leave owned clan 403', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + request.put {uri: "#{clanURL}/#{clan1.id}/leave" }, (err, res, body) -> expect(err).toBeNull() - expect(res.statusCode).toBe(200) - loginNewUser (user3) -> - request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(res.statusCode).toBe(403) + done() + + it 'Remove member', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + loginNewUser (user2) -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + loginUser user1, (user1) -> + request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user2.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + Clan.findById clan1.id, (err, clan1) -> + expect(err).toBeNull() + expect(clan1.get('members').length).toEqual(1) + expect(clan1.get('members')[0]).toEqual(user1.get('_id')) + User.findById user2.id, (err, user2) -> + expect(err).toBeNull() + expect(user2.get('clans').length).toEqual(0) + done() + + it 'Remove non-member 200', (done) -> + loginNewUser (user2) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user2.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + Clan.findById clan1.id, (err, clan1) -> expect(err).toBeNull() - expect(res.statusCode).toBe(200) + expect(clan1.get('members').length).toEqual(1) + expect(clan1.get('members')[0]).toEqual(user1.get('_id')) + done() + + it 'Remove invalid memberID 404', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + request.put {uri: "#{clanURL}/#{clan1.id}/remove/123" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(404) + done() + + it 'Remove member, not in clan 403', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + loginNewUser (user2) -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + loginNewUser (user3) -> request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user2.id}" }, (err, res, body) -> expect(err).toBeNull() expect(res.statusCode).toBe(403) done() - it 'Remove member from owned clan 403', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan1) -> - request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user1.id}" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(403) - done() + it 'Remove member, not the owner 403', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + loginNewUser (user2) -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + loginNewUser (user3) -> + request.put {uri: "#{clanURL}/#{clan1.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user2.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(403) + done() - it 'Delete clan', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan) -> - request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(204) - User.findById user1.id, (err, user1) -> - expect(err).toBeNull() - expect(user1.get('clans').length).toEqual(0) - done() - - it 'Delete clan anonymous 401', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan) -> - logoutUser -> - request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(401) - done() - - it 'Delete clan not owner 403', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan) -> - loginNewUser (user2) -> - request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> + it 'Remove member from owned clan 403', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + request.put {uri: "#{clanURL}/#{clan1.id}/remove/#{user1.id}" }, (err, res, body) -> expect(err).toBeNull() expect(res.statusCode).toBe(403) done() - it 'Delete clan no longer exists 404', (done) -> - loginNewUser (user1) -> - createClan user1, 'public', null, (clan) -> - request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(204) + it 'Delete clan', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan) -> request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> expect(err).toBeNull() - expect(res.statusCode).toBe(404) + expect(res.statusCode).toBe(204) + User.findById user1.id, (err, user1) -> + expect(err).toBeNull() + expect(user1.get('clans').length).toEqual(0) + done() + + it 'Delete clan anonymous 401', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan) -> + logoutUser -> + request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(401) + done() + + it 'Delete clan not owner 403', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan) -> + loginNewUser (user2) -> + request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(403) + done() + + it 'Delete clan no longer exists 404', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan) -> + request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(204) + request.del {uri: "#{clanURL}/#{clan.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(404) + done() + + it 'Delete clan invalid ID 404', (done) -> + loginNewUser (user1) -> + request.del {uri: "#{clanURL}/1234" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(404) + done() + + describe 'Private', -> + # Using stripe.free = true to convert users to premium + + it 'Create clan', (done) -> + loginNewUser (user1) -> + user1.set 'stripe.free', true + user1.save (err) -> + expect(err).toBeNull() + createClan user1, 'private', 'test description', (clan) -> done() - it 'Delete clan invalid ID 404', (done) -> - loginNewUser (user1) -> - request.del {uri: "#{clanURL}/1234" }, (err, res, body) -> - expect(err).toBeNull() - expect(res.statusCode).toBe(404) - done() + it 'Create clan when not premium 403', (done) -> + loginNewUser (user1) -> + requestBody = + type: 'private' + name: createClanName 'myclan' + request.post {uri: clanURL, json: requestBody }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(403) + done() + + it 'Join clan', (done) -> + loginNewUser (user1) -> + user1.set 'stripe.free', true + user1.save (err) -> + expect(err).toBeNull() + createClan user1, 'private', 'test description', (clan) -> + loginNewUser (user2) -> + user2.set 'stripe.free', true + user2.save (err) -> + request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + done() + + it 'Join clan when not premium 403', (done) -> + loginNewUser (user1) -> + user1.set 'stripe.free', true + user1.save (err) -> + expect(err).toBeNull() + createClan user1, 'private', 'test description', (clan) -> + loginNewUser (user2) -> + user2.save (err) -> + request.put {uri: "#{clanURL}/#{clan.id}/join" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(403) + done() + + it 'Get public clans after creating a private clan', (done) -> + loginNewUser (user1) -> + createClan user1, 'public', null, (clan1) -> + user1.set 'stripe.free', true + user1.save (err) -> + createClan user1, 'private', 'my private clan', (clan2) -> + request.get {uri: "#{clanURL}/-/public" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + clans = JSON.parse(body) + expect(clans.length).toBeGreaterThan(1) + for clan in clans + expect(clan._id).not.toEqual(clan2.id) + done() + + it "Getting nother user's clans excludes their private ones", (done) -> + loginNewUser (user1) -> + user1.set 'stripe.free', true + user1.save (err) -> + expect(err).toBeNull() + createClan user1, 'private', 'my private clan', (clan1) -> + createClan user1, 'public', 'my public clan', (clan2) -> + loginNewUser (user2) -> + request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + clans = JSON.parse(body) + expect(clans.length).toEqual(1) + for clan in clans + expect(clan._id).toEqual(clan2.id) + expect(clan.type).toEqual('public') + done() + + it "Getting own clans includes private ones", (done) -> + loginNewUser (user1) -> + user1.set 'stripe.free', true + user1.save (err) -> + expect(err).toBeNull() + createClan user1, 'private', 'my private clan', (clan1) -> + createClan user1, 'public', 'my public clan', (clan2) -> + request.get {uri: "#{userURL}/#{user1.id}/clans" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + clans = JSON.parse(body) + expect(clans.length).toEqual(2) + for clan in clans + if clan.type is 'public' + expect(clan._id).toEqual(clan2.id) + else + expect(clan._id).toEqual(clan1.id) + expect(clan.type).toEqual('private') + done() + + it "Can get another user's private clan", (done) -> + loginNewUser (user1) -> + user1.set 'stripe.free', true + user1.save (err) -> + expect(err).toBeNull() + createClan user1, 'private', 'my private clan', (clan1) -> + loginNewUser (user2) -> + request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + clan = JSON.parse(body) + expect(clan._id).toEqual(clan1.id) + expect(clan.name).toEqual(clan1.get('name')) + expect(clan.type).toEqual('private') + expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true) + expect(clan.description).toEqual(clan1.get('description')) + done() + + it "Can get another user's private clan as anonymous", (done) -> + loginNewUser (user1) -> + user1.set 'stripe.free', true + user1.save (err) -> + expect(err).toBeNull() + createClan user1, 'private', 'my private clan', (clan1) -> + logoutUser -> + request.get {uri: "#{clanURL}/#{clan1.id}" }, (err, res, body) -> + expect(err).toBeNull() + expect(res.statusCode).toBe(200) + clan = JSON.parse(body) + expect(clan._id).toEqual(clan1.id) + expect(clan.name).toEqual(clan1.get('name')) + expect(clan.type).toEqual('private') + expect(clan1.get('ownerID').equals clan.ownerID).toEqual(true) + expect(clan.description).toEqual(clan1.get('description')) + done()