If you have the bootstrap.js setup like above, as well as the unit testing setup like in the docs:
Add the following test case to tests/user/index.js:
it('should allow myRoleA to call the POST /users endpoint as defined in bootstrap.js', async done => {
const userspermissions = strapi.plugins['users-permissions'].services.userspermissions
const allRoles = await userspermissions.getRoles()
const myRoleA = allRoles.filter(role => role.type === 'myrolea') //underscore because of how role.name is converted to role.type
// create a user with myRoleA
const user = await strapi.plugins['users-permissions'].services.user.add({
...mockUserData,
username: 'myrolea1',
email: 'myrolea1@strapi.com',
role: myRoleA
})
// get jwt for that user
const jwt = strapi.plugins['users-permissions'].services.jwt.issue({
id: user.id
})
// call endpoint that should be accessible, but is not
await request(strapi.server)
.post('/users') //permission to this is set to true for myRoleA in bootstrap.js, but fails to be set
.set('accept', 'application/json')
.set('Content-Type', 'application/json')
.set('Authorization', 'Bearer ' + jwt)
.expect('Content-Type', /json/)
.expect(200) // ERROR: gets 403: Forbidden
done()
})
I suggest you look at the printout of your server loading, as it may contain something that looks like this:
error Couldn’t set permission MyRoleA users-permissions:user:create:true:
TypeError: Cannot read property ‘controllers’ of undefined
The above error is not present when using postgres, and I belive that it’s because
strapi.reload()
does not have an effect when using sqlite but does when using postgres.
calling that reload somehow sanitizes the roles you create, s.t. you’re able to add permissions to them.