diff --git a/test/api/v3/integration/groups/PUT-groups.test.js b/test/api/v3/integration/groups/PUT-groups.test.js index 77d4ad6487..f7daab824c 100644 --- a/test/api/v3/integration/groups/PUT-groups.test.js +++ b/test/api/v3/integration/groups/PUT-groups.test.js @@ -23,10 +23,11 @@ describe('PUT /group', () => { groupDetails: { name: groupName, type: groupType, - privacy: 'public', + privacy: 'private', categories: groupCategories, }, members: 1, + upgradeToGroupPlan: true, }); adminUser = await generateUser({ 'permissions.moderator': true }); groupToUpdate = group; @@ -106,14 +107,29 @@ describe('PUT /group', () => { expect(updatedGroup.name).to.equal(groupUpdatedName); }); - it('allows a leader to change leaders', async () => { - const updatedGroup = await leader.put(`/groups/${groupToUpdate._id}`, { + it('does not allow a leader to change leader of active group plan', async () => { + await expect(leader.put(`/groups/${groupToUpdate._id}`, { name: groupUpdatedName, leader: nonLeader._id, + })).to.eventually.be.rejected.and.eql({ + code: 401, + error: 'NotAuthorized', + message: t('cannotChangeLeaderWithActiveGroupPlan'), + }); + }); + + it('allows a leader of a party to change leaders', async () => { + let party; let partyLeader; let members; + ({ group: party, groupLeader: partyLeader, members } = await createAndPopulateGroup({ + members: 1, + })); + const updatedGroup = await partyLeader.put(`/groups/${party._id}`, { + name: groupUpdatedName, + leader: members[0]._id, }); - expect(updatedGroup.leader._id).to.eql(nonLeader._id); - expect(updatedGroup.leader.profile.name).to.eql(nonLeader.profile.name); + expect(updatedGroup.leader._id).to.eql(members[0]._id); + expect(updatedGroup.leader.profile.name).to.eql(members[0].profile.name); expect(updatedGroup.name).to.equal(groupUpdatedName); }); @@ -122,15 +138,16 @@ describe('PUT /group', () => { groupDetails: { name: 'public guild', type: 'guild', - privacy: 'public', + privacy: 'private', }, + upgradeToGroupPlan: true, }); const updateGroupDetails = { id: group._id, name: 'public guild', type: 'guild', - privacy: 'public', + privacy: 'private', bannedWordsAllowed: true, }; @@ -150,9 +167,11 @@ describe('PUT /group', () => { groupDetails: { name: 'public guild', type: 'guild', - privacy: 'public', + privacy: 'private', }, + upgradeToGroupPlan: true, }); + await groupLeader.update({ permissions: {} } ); const updateGroupDetails = { id: group._id, diff --git a/test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js b/test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js index 67313693be..c81bad1957 100644 --- a/test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js +++ b/test/api/v3/integration/payments/amazon/GET-payments_amazon_subscribe_cancel.test.js @@ -50,22 +50,21 @@ describe('payments : amazon #subscribeCancel', () => { }); it('cancels a group subscription', async () => { - user = await generateUser({ - 'profile.name': 'sender', - 'purchased.plan.customerId': 'customer-id', - 'purchased.plan.planId': 'basic_3mo', - 'purchased.plan.lastBillingDate': new Date(), - balance: 2, - }); - - group = await generateGroup(user, { - name: 'test group', - type: 'guild', - privacy: 'public', - 'purchased.plan.customerId': 'customer-id', - 'purchased.plan.planId': 'basic_3mo', - 'purchased.plan.lastBillingDate': new Date(), - }); + ({ group, groupLeader: user } = await createAndPopulateGroup({ + groupDetails: { + name: 'test group', + type: 'guild', + privacy: 'private', + }, + leaderDetails: { + 'profile.name': 'sender', + 'purchased.plan.customerId': 'customer-id', + 'purchased.plan.planId': 'basic_3mo', + 'purchased.plan.lastBillingDate': new Date(), + balance: 2, + }, + upgradeToGroupPlan: true, + })); await user.get(`${endpoint}&groupId=${group._id}`); diff --git a/test/api/v3/integration/payments/amazon/POST-payments_amazon_subscribe.test.js b/test/api/v3/integration/payments/amazon/POST-payments_amazon_subscribe.test.js index b6c09848a3..3ce1a718e2 100644 --- a/test/api/v3/integration/payments/amazon/POST-payments_amazon_subscribe.test.js +++ b/test/api/v3/integration/payments/amazon/POST-payments_amazon_subscribe.test.js @@ -70,8 +70,8 @@ describe('payments - amazon - #subscribe', () => { group = await generateGroup(user, { name: 'test group', - type: 'guild', - privacy: 'public', + type: 'party', + privacy: 'private', 'purchased.plan.customerId': 'customer-id', 'purchased.plan.planId': 'basic_3mo', 'purchased.plan.lastBillingDate': new Date(), diff --git a/test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js b/test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js index d6ec1e0312..77098a1b46 100644 --- a/test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js +++ b/test/api/v3/integration/payments/stripe/GET-payments_stripe_subscribe_cancel.test.js @@ -1,7 +1,7 @@ import { generateUser, - generateGroup, translate as t, + createAndPopulateGroup, } from '../../../../../helpers/api-integration/v3'; import stripePayments from '../../../../../../website/server/libs/payments/stripe'; @@ -48,22 +48,21 @@ describe('payments - stripe - #subscribeCancel', () => { }); it('cancels a group subscription', async () => { - user = await generateUser({ - 'profile.name': 'sender', - 'purchased.plan.customerId': 'customer-id', - 'purchased.plan.planId': 'basic_3mo', - 'purchased.plan.lastBillingDate': new Date(), - balance: 2, - }); - - group = await generateGroup(user, { - name: 'test group', - type: 'guild', - privacy: 'public', - 'purchased.plan.customerId': 'customer-id', - 'purchased.plan.planId': 'basic_3mo', - 'purchased.plan.lastBillingDate': new Date(), - }); + ({ group, groupLeader: user } = await createAndPopulateGroup({ + groupDetails: { + name: 'test group', + type: 'guild', + privacy: 'private', + }, + leaderDetails: { + 'profile.name': 'sender', + 'purchased.plan.customerId': 'customer-id', + 'purchased.plan.planId': 'basic_3mo', + 'purchased.plan.lastBillingDate': new Date(), + balance: 2, + }, + upgradeToGroupPlan: true, + })); await user.get(`${endpoint}&groupId=${group._id}`); diff --git a/website/common/locales/en/groups.json b/website/common/locales/en/groups.json index 94ef5ff38e..2439bdb8b6 100644 --- a/website/common/locales/en/groups.json +++ b/website/common/locales/en/groups.json @@ -199,6 +199,7 @@ "claim": "Claim Task", "removeClaim": "Remove Claim", "onlyGroupLeaderCanManageSubscription": "Only the group leader can manage the group's subscription", + "onlyPrivateGuildsCanUpgrade": "Only private guilds can be upgraded to a group plan.", "youHaveBeenAssignedTask": "<%- managerName %> has assigned you the task <%- taskText %>.", "yourTaskHasBeenApproved": "Your task <%- taskText %> has been approved.", "thisTaskApproved": "This task was approved", diff --git a/website/server/controllers/api-v3/groups.js b/website/server/controllers/api-v3/groups.js index 5d30fdc61e..4d8fdc4084 100644 --- a/website/server/controllers/api-v3/groups.js +++ b/website/server/controllers/api-v3/groups.js @@ -487,7 +487,9 @@ api.updateGroup = { if (group.leader !== user._id && group.type === 'party') throw new NotAuthorized(res.t('messageGroupOnlyLeaderCanUpdate')); else if (group.leader !== user._id && !user.hasPermission('moderator')) throw new NotAuthorized(res.t('messageGroupOnlyLeaderCanUpdate')); - if (req.body.leader !== user._id && group.hasNotCancelled()) throw new NotAuthorized(res.t('cannotChangeLeaderWithActiveGroupPlan')); + if (req.body.leader && req.body.leader !== user._id && group.hasNotCancelled()) { + throw new NotAuthorized(res.t('cannotChangeLeaderWithActiveGroupPlan')); + } const handleArrays = (currentValue, updatedValue) => { if (!_.isArray(currentValue)) {