fix: Validations for updating team members (#5384)

fixes: chatwoot/product#539 Co-authored-by: Sojan Jose <sojan@pepalo.com>
2025-11-01 19:48:08 +00:00 · 2022-09-02 23:09:29 +05:30
parent 9525d4f034
commit 329e8c37c8
2 changed files with 22 additions and 0 deletions
--- a/spec/controllers/api/v1/accounts/team_members_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/team_members_controller_spec.rb
@@ -2,6 +2,7 @@ require 'rails_helper'

 RSpec.describe 'Team Members API', type: :request do
  let(:account) { create(:account) }
+  let(:account_2) { create(:account) }
  let!(:team) { create(:team, account: account) }

  describe 'GET /api/v1/accounts/{account.id}/teams/{team_id}/team_members' do
@@ -120,6 +121,7 @@ RSpec.describe 'Team Members API', type: :request do

    context 'when it is an authenticated user' do
      let(:agent) { create(:user, account: account, role: :agent) }
+      let(:agent_2) { create(:user, account: account_2, role: :agent) }
      let(:administrator) { create(:user, account: account, role: :administrator) }

      it 'return unauthorized for agent' do
@@ -145,6 +147,19 @@ RSpec.describe 'Team Members API', type: :request do
        json_response = JSON.parse(response.body)
        expect(json_response.count).to eq(user_ids.count)
      end
+
+      it 'ignores the user ids when its not a valid account user id' do
+        params = { user_ids: [agent_2.id] }
+
+        patch "/api/v1/accounts/#{account.id}/teams/#{team.id}/team_members",
+              params: params,
+              headers: administrator.create_new_auth_token,
+              as: :json
+
+        expect(response).to have_http_status(:unauthorized)
+        json_response = JSON.parse(response.body)
+        expect(json_response['error']).to eq('Invalid User IDs')
+      end
    end
  end
 end