test: Add test case for unauthorized user for getUser

packages/backend/src/graphql/queries/get-user.test.ts

@@ -8,7 +8,7 @@ import createUser from '../../../test/fixtures/user';
 import { IRole, IUser } from '@automatisch/types';
 
 describe('graphQL getUser query', () => {
-  describe('with unauthorized user', () => {
+  describe('with unauthenticated user', () => {
     it('should throw not authorized error', async () => {
       const invalidUserId = '123123123';
 
@@ -32,7 +32,35 @@ describe('graphQL getUser query', () => {
     });
   });
 
-  describe('with authorized user', () => {
+  describe('with authenticated user', () => {
+    describe('and without permissions', () => {
+      it('should throw not authorized error', async () => {
+        const userWithoutPermissions = await createUser();
+        const anotherUser = await createUser();
+
+        const query = `
+          query {
+            getUser(id: "${anotherUser.id}") {
+              id
+              email
+            }
+          }
+        `;
+
+        const token = createAuthTokenByUserId(userWithoutPermissions.id);
+
+        const response = await request(app)
+          .post('/graphql')
+          .set('Authorization', token)
+          .send({ query })
+          .expect(200);
+
+        expect(response.body.errors).toBeDefined();
+        expect(response.body.errors[0].message).toEqual('Not authorized!');
+      });
+    });
+
+    describe('and correct permissions', () => {
       let role: IRole,
         currentUser: IUser,
         anotherUser: IUser,
@@ -146,4 +174,5 @@ describe('graphQL getUser query', () => {
         expect(response.body.errors[0].message).toEqual('NotFoundError');
       });
     });
+  });
 });