Skip to content

Commit

Permalink
Update GET patient/:id to also allow first responders
Browse files Browse the repository at this point in the history
  • Loading branch information
samau3 committed Sep 16, 2024
1 parent 7f63adf commit b9eaf98
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 10 deletions.
7 changes: 6 additions & 1 deletion server/routes/api/v1/patients/get.js
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,12 @@ export default async function (fastify, _opts) {
},
},
},
onRequest: fastify.requireUser([Role.ADMIN, Role.STAFF, Role.VOLUNTEER]),
onRequest: fastify.requireUser([
Role.ADMIN,
Role.STAFF,
Role.VOLUNTEER,
Role.FIRST_RESPONDER,
]),
},
async (request, reply) => {
const { id } = request.params;
Expand Down
10 changes: 1 addition & 9 deletions server/test/routes/api/v1/patients.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,14 @@ describe('/api/v1/patients', () => {
});

describe('GET /:id', () => {
it('should return a 403 error if not an ADMIN, STAFF or VOLUNTEER user', async (t) => {
it('should return UNAUTHORIZED if the user is not logged in', async (t) => {
const app = await build(t);
await t.loadFixtures();

let reply = await app
.inject()
.get('/api/v1/patients/27963f68-ebc1-408a-8bb5-8fbe54671064');
assert.deepStrictEqual(reply.statusCode, StatusCodes.UNAUTHORIZED);

let headers = await t.authenticate('[email protected]', 'test');
reply = await app
.inject()
.get('/api/v1/patients/27963f68-ebc1-408a-8bb5-8fbe54671064')
.headers(headers);

assert.deepStrictEqual(reply.statusCode, StatusCodes.FORBIDDEN);
});

it('should allow ADMIN to retrieve a patient', async (t) => {
Expand Down

0 comments on commit b9eaf98

Please sign in to comment.