From 22cdcbbfa0fd5250872defeda73a9efc524239ab Mon Sep 17 00:00:00 2001
From: Keyvan Chamani <keyvan.chamani@gmail.com>
Date: Thu, 28 Dec 2023 10:12:28 -0500
Subject: [PATCH] chore: topics/k1ch/admin-get-personas-permissions/minor fixes

---
 database/test/db-admin-persona.test.js         |  2 +-
 ...endpoint_admin_personas_permissions.test.js | 18 +++++++++++++++---
 server/the-usher-openapi-spec.yaml             |  6 ++++--
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/database/test/db-admin-persona.test.js b/database/test/db-admin-persona.test.js
index dd89bdb..ad28c69 100644
--- a/database/test/db-admin-persona.test.js
+++ b/database/test/db-admin-persona.test.js
@@ -75,7 +75,7 @@ describe('Admin persona view', () => {
       const personaPermissions = await adminPersonas.getPersonaPermissions(personakey)
       assert.equal(!!personaPermissions.length, true)
     })
-    it('Should return an empty array', async function () {
+    it('Should return an empty array', async () => {
       const personaPermissions = await adminPersonas.getPersonaPermissions(invalidPersonaKey)
       assert.equal(personaPermissions.length, 0)
     })
diff --git a/server/test/endpoint_admin_personas_permissions.test.js b/server/test/endpoint_admin_personas_permissions.test.js
index cc54cea..11f274e 100644
--- a/server/test/endpoint_admin_personas_permissions.test.js
+++ b/server/test/endpoint_admin_personas_permissions.test.js
@@ -2,7 +2,7 @@ const { describe, it, before } = require('mocha')
 const fetch = require('node-fetch')
 const assert = require('assert')
 
-const { getAdmin1IdPToken } = require('./lib/tokens')
+const { getAdmin1IdPToken, getTestUser1IdPToken } = require('./lib/tokens')
 const { getServerUrl } = require('./lib/urls')
 const { usherDb } = require('../../database/layer/knex')
 
@@ -12,10 +12,10 @@ describe('Admin Personas Permissions', () => {
   const url = `${getServerUrl()}`
 
   before(async () => {
-    const userAccessToken = await getAdmin1IdPToken()
+    const adminAccessToken = await getAdmin1IdPToken()
     requestHeaders = {
       'Content-Type': 'application/json',
-      Authorization: `Bearer ${userAccessToken}`,
+      Authorization: `Bearer ${adminAccessToken}`,
     }
   })
 
@@ -54,5 +54,17 @@ describe('Admin Personas Permissions', () => {
       })
       assert.equal(response.status, 404)
     })
+
+    it('should return 401 due to lack of proper token', async () => {
+      const userAccessToken = await getTestUser1IdPToken()
+      const response = await fetch(`${url}/personas/${validPersonaWithNoPermissions}/permissions`, {
+        method: 'GET',
+        headers: {
+          ...requestHeaders,
+          Authorization: `Bearer ${userAccessToken}`
+        },
+      })
+      assert.equal(response.status, 401)
+    })
   })
 })
diff --git a/server/the-usher-openapi-spec.yaml b/server/the-usher-openapi-spec.yaml
index b5a9c41..9c63698 100644
--- a/server/the-usher-openapi-spec.yaml
+++ b/server/the-usher-openapi-spec.yaml
@@ -476,13 +476,15 @@ paths:
     get:
       'x-swagger-router-controller': 'personas/permissions'
       operationId: getPersonaPermissions
+      parameters:
+      - $ref: '#/components/parameters/personaKeyPathParam'
       tags:
         - Admin APIs
       security:
         - bearerAdminAuth: []
       responses:
         200:
-          description: Returns the list of permission for the subject persona
+          description: Returns a list of permissions for the subject persona
           content:
             application/json:
               schema:
@@ -767,7 +769,7 @@ components:
           $ref: '#/components/schemas/EntityDescriptionDef'
       required:
         - permission
-#---------------------
+
     PermissionObject:
       type: object
       properties: