improve user query and test

src/resolvers/Query/user.ts

@@ -27,21 +27,20 @@ export const user: QueryResolvers["user"] = async (_parent, args, context) => {
     );
   }
 
-  // Check if the requesting user is an admin of the organization the target user belongs to
-  const userOrganization = await Organization.exists({
-    members: args.id,
-    admins: context.userId, // Ensure the current user is an admin in the target user's organization
-  });
+  const [userOrganization, superAdminProfile] = await Promise.all([
+    Organization.exists({
+      members: args.id,
+      admins: context.userId,
+    }),
+    AppUserProfile.exists({
+      userId: context.userId,
+      isSuperAdmin: true,
+    }),
+  ]);
 
-  // Check if the requesting user is a SuperAdmin
-  const isSuperAdmin = await AppUserProfile.exists({
-    userId: context.userId,
-    isSuperAdmin: true,
-  });
-
-  if (!userOrganization && context.userId !== args.id && !isSuperAdmin) {
+  if (!userOrganization && context.userId !== args.id && !superAdminProfile) {
     throw new errors.UnauthorizedError(
-      "Access denied. Only admins of the organization can view this profile.",
+      "Access denied. Only the user themselves, organization admins, or super admins can view this profile.",
     );
   }
 

tests/resolvers/Query/userAccess.spec.ts

@@ -15,24 +15,43 @@ let MONGOOSE_INSTANCE: typeof mongoose;
 
 beforeAll(async () => {
   MONGOOSE_INSTANCE = await connect();
-  testUser = await createTestUser();
-  anotherTestUser = await createTestUser();
-  adminUser = await createTestUser();
-  superAdminUser = await createTestUser();
-
-  // Set up admin and super admin roles
-  await Organization.create({
-    members: [anotherTestUser?.id],
-    admins: [adminUser?.id],
-  });
+  try {
+    testUser = await createTestUser();
+    anotherTestUser = await createTestUser();
+    adminUser = await createTestUser();
+    superAdminUser = await createTestUser();
+
+    // Set up admin and super admin roles
+    await Organization.create({
+      members: [anotherTestUser?.id],
+      admins: [adminUser?.id],
+    });
 
-  await AppUserProfile.create({
-    userId: superAdminUser?.id,
-    isSuperAdmin: true,
-  });
+    await AppUserProfile.create({
+      userId: superAdminUser?.id,
+      isSuperAdmin: true,
+    });
+  } catch (error) {
+    console.error("Failed to set up test data:", error);
+    throw error;
+  }
 });
 
 afterAll(async () => {
+  await Promise.all([
+    User.deleteMany({
+      _id: {
+        $in: [
+          testUser?.id,
+          anotherTestUser?.id,
+          adminUser?.id,
+          superAdminUser?.id,
+        ],
+      },
+    }),
+    Organization.deleteMany({}),
+    AppUserProfile.deleteMany({ userId: superAdminUser?.id }),
+  ]);
   await disconnect(MONGOOSE_INSTANCE);
 });
 
@@ -50,8 +69,11 @@ describe("user Query", () => {
 
     try {
       await userResolver?.({}, args, context);
-    } catch (error: unknown) {
-      expect((error as Error).message).toEqual(USER_NOT_FOUND_ERROR.DESC);
+    } catch (error) {
+      expect(error).toBeInstanceOf(Error);
+      expect(error instanceof Error && error.message).toEqual(
+        USER_NOT_FOUND_ERROR.DESC,
+      );
     }
   });
 
@@ -86,6 +108,9 @@ describe("user Query", () => {
       apiRootURL: BASE_URL,
     };
 
+    const org = await Organization.findOne({ admins: adminUser?.id });
+    expect(org?.members).toContain(anotherTestUser?.id);
+
     const result = await userResolver?.({}, args, context);
 
     const user = await User.findById(anotherTestUser?._id).lean();