init draft of permission tests
This commit is contained in:
parent
3e7605d195
commit
6e87d261fe
95
tests/e2e/Services/Database/DatabasePermissionsGuestTest.php
Normal file
95
tests/e2e/Services/Database/DatabasePermissionsGuestTest.php
Normal file
|
@ -0,0 +1,95 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\E2E\Services\Database;
|
||||
|
||||
use Tests\E2E\Client;
|
||||
use Tests\E2E\Scopes\Scope;
|
||||
use Tests\E2E\Scopes\ProjectCustom;
|
||||
use Tests\E2E\Scopes\SideClient;
|
||||
|
||||
class DatabasePermissionsGuestTest extends Scope
|
||||
{
|
||||
use ProjectCustom;
|
||||
use SideClient;
|
||||
use DatabasePermissionsScope;
|
||||
|
||||
public array $mockPermissions = [
|
||||
[
|
||||
'read' => ['role:all'],
|
||||
'write' => []
|
||||
],
|
||||
[
|
||||
'read' => ['role:member'],
|
||||
'write' => []
|
||||
],
|
||||
[
|
||||
'read' => ['user:random'],
|
||||
'write' => []
|
||||
],
|
||||
[
|
||||
'read' => [],
|
||||
'write' => ['role:all']
|
||||
],
|
||||
[
|
||||
'read' => ['role:all'],
|
||||
'write' => ['role:all']
|
||||
],
|
||||
[
|
||||
'read' => ['role:member'],
|
||||
'write' => ['role:member']
|
||||
],
|
||||
[
|
||||
'read' => ['role:all'],
|
||||
'write' => ['role:member']
|
||||
]
|
||||
];
|
||||
|
||||
public function createCollection(): array
|
||||
{
|
||||
$movies = $this->client->call(Client::METHOD_POST, '/database/collections', $this->getServerHeader(), [
|
||||
'collectionId' => 'unique()',
|
||||
'name' => 'Movies',
|
||||
'read' => ['role:all'],
|
||||
'write' => ['role:all'],
|
||||
'permission' => 'document',
|
||||
]);
|
||||
|
||||
$collection = ['id' => $movies['body']['$id']];
|
||||
|
||||
$this->client->call(Client::METHOD_POST, '/database/collections/' . $collection['id'] . '/attributes/string', $this->getServerHeader(), [
|
||||
'attributeId' => 'title',
|
||||
'size' => 256,
|
||||
'required' => true,
|
||||
]);
|
||||
|
||||
sleep(2);
|
||||
|
||||
return $collection;
|
||||
}
|
||||
|
||||
public function testReadDocuments()
|
||||
{
|
||||
$collection = $this->createCollection();
|
||||
|
||||
foreach ($this->mockPermissions as $permissions) {
|
||||
$response = $this->client->call(Client::METHOD_POST, '/database/collections/' . $collection['id'] . '/documents', $this->getServerHeader(), [
|
||||
'documentId' => 'unique()',
|
||||
'data' => [
|
||||
'title' => 'Lorem',
|
||||
],
|
||||
'read' => $permissions['read'],
|
||||
'write' => $permissions['write'],
|
||||
]);
|
||||
$this->assertEquals(201, $response['headers']['status-code']);
|
||||
}
|
||||
|
||||
$documents = $this->client->call(Client::METHOD_GET, '/database/collections/' . $collection['id'] . '/documents', [
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
]);
|
||||
|
||||
foreach ($documents['body']['documents'] as $document) {
|
||||
$this->assertContains('role:all', $document['$read']);
|
||||
}
|
||||
}
|
||||
}
|
165
tests/e2e/Services/Database/DatabasePermissionsMemberTest.php
Normal file
165
tests/e2e/Services/Database/DatabasePermissionsMemberTest.php
Normal file
|
@ -0,0 +1,165 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\E2E\Services\Database;
|
||||
|
||||
use Tests\E2E\Client;
|
||||
use Tests\E2E\Scopes\Scope;
|
||||
use Tests\E2E\Scopes\ProjectCustom;
|
||||
use Tests\E2E\Scopes\SideClient;
|
||||
|
||||
class DatabasePermissionsMemberTest extends Scope
|
||||
{
|
||||
use ProjectCustom;
|
||||
use SideClient;
|
||||
use DatabasePermissionsScope;
|
||||
|
||||
public array $mockPermissions = [
|
||||
[
|
||||
'read' => ['role:all'],
|
||||
'write' => []
|
||||
],
|
||||
[
|
||||
'read' => ['role:member'],
|
||||
'write' => []
|
||||
],
|
||||
[
|
||||
'read' => ['user:random'],
|
||||
'write' => []
|
||||
],
|
||||
[
|
||||
'read' => ['user:lorem'],
|
||||
'write' => ['user:lorem']
|
||||
],
|
||||
[
|
||||
'read' => ['user:dolor'],
|
||||
'write' => ['user:dolor']
|
||||
],
|
||||
[
|
||||
'read' => ['user:dolor', 'user:lorem'],
|
||||
'write' => ['user:dolor']
|
||||
],
|
||||
[
|
||||
'read' => [],
|
||||
'write' => ['role:all']
|
||||
],
|
||||
[
|
||||
'read' => ['role:all'],
|
||||
'write' => ['role:all']
|
||||
],
|
||||
[
|
||||
'read' => ['role:member'],
|
||||
'write' => ['role:member']
|
||||
],
|
||||
[
|
||||
'read' => ['role:all'],
|
||||
'write' => ['role:member']
|
||||
]
|
||||
];
|
||||
|
||||
public function createCollections(): array
|
||||
{
|
||||
$movies = $this->client->call(Client::METHOD_POST, '/database/collections', $this->getServerHeader(), [
|
||||
'collectionId' => 'unique()',
|
||||
'name' => 'Movies',
|
||||
'read' => ['role:all'],
|
||||
'write' => ['role:all'],
|
||||
'permission' => 'document',
|
||||
]);
|
||||
|
||||
$collections = ['public' => $movies['body']['$id']];
|
||||
|
||||
$this->client->call(Client::METHOD_POST, '/database/collections/' . $collections['public'] . '/attributes/string', $this->getServerHeader(), [
|
||||
'attributeId' => 'title',
|
||||
'size' => 256,
|
||||
'required' => true,
|
||||
]);
|
||||
|
||||
$private = $this->client->call(Client::METHOD_POST, '/database/collections', $this->getServerHeader(), [
|
||||
'collectionId' => 'unique()',
|
||||
'name' => 'Private Movies',
|
||||
'read' => ['role:member'],
|
||||
'write' => ['role:member'],
|
||||
'permission' => 'document',
|
||||
]);
|
||||
|
||||
$collections['private'] = $private['body']['$id'];
|
||||
|
||||
$this->client->call(Client::METHOD_POST, '/database/collections/' . $collections['private'] . '/attributes/string', $this->getServerHeader(), [
|
||||
'attributeId' => 'title',
|
||||
'size' => 256,
|
||||
'required' => true,
|
||||
]);
|
||||
|
||||
sleep(2);
|
||||
|
||||
return $collections;
|
||||
}
|
||||
|
||||
public function testReadDocuments()
|
||||
{
|
||||
$user1 = $this->createUser('lorem', 'lorem@ipsum.com');
|
||||
$user2 = $this->createUser('dolor', 'dolor@ipsum.com');
|
||||
|
||||
$collections = $this->createCollections();
|
||||
|
||||
foreach ($this->mockPermissions as $permissions) {
|
||||
$response = $this->client->call(Client::METHOD_POST, '/database/collections/' . $collections['public'] . '/documents', $this->getServerHeader(), [
|
||||
'documentId' => 'unique()',
|
||||
'data' => [
|
||||
'title' => 'Lorem',
|
||||
],
|
||||
'read' => $permissions['read'],
|
||||
'write' => $permissions['write'],
|
||||
]);
|
||||
$this->assertEquals(201, $response['headers']['status-code']);
|
||||
}
|
||||
|
||||
foreach ($this->mockPermissions as $permissions) {
|
||||
$response = $this->client->call(Client::METHOD_POST, '/database/collections/' . $collections['private'] . '/documents', $this->getServerHeader(), [
|
||||
'documentId' => 'unique()',
|
||||
'data' => [
|
||||
'title' => 'Lorem',
|
||||
],
|
||||
'read' => $permissions['read'],
|
||||
'write' => $permissions['write'],
|
||||
]);
|
||||
$this->assertEquals(201, $response['headers']['status-code']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check role:all collection
|
||||
*/
|
||||
$documents = $this->client->call(Client::METHOD_GET, '/database/collections/' . $collections['public'] . '/documents', [
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $user1['session'],
|
||||
]);
|
||||
|
||||
foreach ($documents['body']['documents'] as $document) {
|
||||
$hasPermissions = \array_reduce(['role:all', 'role:member', 'user:' . $user1['$id']], function ($carry, $item) use ($document) {
|
||||
return $carry ? true : \in_array($item, $document['$read']);
|
||||
}, false);
|
||||
$this->assertTrue($hasPermissions);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check role:member collection
|
||||
*/
|
||||
$documents = $this->client->call(Client::METHOD_GET, '/database/collections/' . $collections['private'] . '/documents', [
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $user1['session'],
|
||||
]);
|
||||
|
||||
foreach ($documents['body']['documents'] as $document) {
|
||||
$hasPermissions = \array_reduce(['role:all', 'role:member', 'user:' . $user1['$id']], function ($carry, $item) use ($document) {
|
||||
return $carry ? true : \in_array($item, $document['$read']);
|
||||
}, false);
|
||||
$this->assertTrue($hasPermissions);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
}
|
84
tests/e2e/Services/Database/DatabasePermissionsScope.php
Normal file
84
tests/e2e/Services/Database/DatabasePermissionsScope.php
Normal file
|
@ -0,0 +1,84 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\E2E\Services\Database;
|
||||
|
||||
use Tests\E2E\Client;
|
||||
|
||||
trait DatabasePermissionsScope
|
||||
{
|
||||
public array $users = [];
|
||||
|
||||
public function createUser(string $id, string $email, string $password = 'test123'): array
|
||||
{
|
||||
$user = $this->client->call(Client::METHOD_POST, '/account', [
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], [
|
||||
'userId' => $id,
|
||||
'email' => $email,
|
||||
'password' => $password
|
||||
]);
|
||||
|
||||
$this->assertEquals(201, $user['headers']['status-code']);
|
||||
|
||||
$session = $this->client->call(Client::METHOD_POST, '/account/sessions', [
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], [
|
||||
'email' => $email,
|
||||
'password' => $password,
|
||||
]);
|
||||
|
||||
$session = $this->client->parseCookie((string)$session['headers']['set-cookie'])['a_session_' . $this->getProject()['$id']];
|
||||
|
||||
$user = [
|
||||
'$id' => $user['body']['$id'],
|
||||
'email' => $user['body']['email'],
|
||||
'session' => $session,
|
||||
];
|
||||
$this->users[$email] = $user;
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
public function getCreatedUser(string $id): array
|
||||
{
|
||||
return $this->users[$id] ?? [];
|
||||
}
|
||||
|
||||
public function createTeam(string $id, string $name): array
|
||||
{
|
||||
$team = $this->client->call(Client::METHOD_POST, '/teams', $this->getServerHeader(), [
|
||||
'teamId' => $id,
|
||||
'name' => $name
|
||||
]);
|
||||
|
||||
return $team;
|
||||
}
|
||||
|
||||
public function addToTeam(string $user, string $team, array $roles = []): array
|
||||
{
|
||||
$membership = $this->client->call(Client::METHOD_POST, '/teams/' . $team . '/memberships', $this->getServerHeader(), [
|
||||
'teamId' => $team,
|
||||
'email' => $this->getCreatedUser($user)['email'],
|
||||
'roles' => $roles,
|
||||
'url' => 'http://localhost:5000/join-us#title'
|
||||
]);
|
||||
|
||||
return [
|
||||
'user' => $membership['body']['userId'],
|
||||
'membership' => $membership['body']['$id']
|
||||
];
|
||||
}
|
||||
|
||||
public function getServerHeader(): array
|
||||
{
|
||||
return [
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
'x-appwrite-key' => $this->getProject()['apiKey']
|
||||
];
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue