budibase/packages/server/src/api/routes/tests/role.spec.js

const {
  createApplication,
  supertest,
  defaultHeaders,
} = require("./couchTestUtils")
const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles")
const {
  BUILTIN_PERMISSION_IDS,
} = require("../../../utilities/security/permissions")

const roleBody = {
  name: "NewRole",
  inherits: BUILTIN_ROLE_IDS.BASIC,
  permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY,
}

describe("/roles", () => {
  let server
  let request
  let appId

  beforeAll(async () => {
    ;({ request, server } = await supertest())
  })

  afterAll(() => {
    server.close()
  })

  beforeEach(async () => {
    let app = await createApplication(request)
    appId = app.instance._id
  })

  describe("create", () => {
    it("returns a success message when role is successfully created", async () => {
      const res = await request
        .post(`/api/roles`)
        .send(roleBody)
        .set(defaultHeaders(appId))
        .expect("Content-Type", /json/)
        .expect(200)

      expect(res.res.statusMessage).toEqual(
        "Role 'NewRole' created successfully."
      )
      expect(res.body._id).toBeDefined()
      expect(res.body._rev).toBeDefined()
    })
  })

  describe("fetch", () => {
    it("should list custom roles, plus 2 default roles", async () => {
      const createRes = await request
        .post(`/api/roles`)
        .send(roleBody)
        .set(defaultHeaders(appId))
        .expect("Content-Type", /json/)
        .expect(200)

      const customRole = createRes.body

      const res = await request
        .get(`/api/roles`)
        .set(defaultHeaders(appId))
        .expect("Content-Type", /json/)
        .expect(200)

      expect(res.body.length).toBe(5)

      const adminRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.ADMIN)
      expect(adminRole).toBeDefined()
      expect(adminRole.inherits).toEqual(BUILTIN_ROLE_IDS.POWER)
      expect(adminRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.ADMIN)

      const powerUserRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.POWER)
      expect(powerUserRole).toBeDefined()
      expect(powerUserRole.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
      expect(powerUserRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.POWER)

      const customRoleFetched = res.body.find(r => r._id === customRole._id)
      expect(customRoleFetched).toBeDefined()
      expect(customRoleFetched.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)
      expect(customRoleFetched.permissionId).toEqual(
        BUILTIN_PERMISSION_IDS.READ_ONLY
      )
    })
  })

  describe("destroy", () => {
    it("should delete custom roles", async () => {
      const createRes = await request
        .post(`/api/roles`)
        .send({ name: "user", permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY })
        .set(defaultHeaders(appId))
        .expect("Content-Type", /json/)
        .expect(200)

      const customRole = createRes.body

      await request
        .delete(`/api/roles/${customRole._id}/${customRole._rev}`)
        .set(defaultHeaders(appId))
        .expect(200)

      await request
        .get(`/api/roles/${customRole._id}`)
        .set(defaultHeaders(appId))
        .expect(404)
    })
  })
})
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`const {`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`createApplication,`
			`supertest,`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`defaultHeaders,`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`} = require("./couchTestUtils")`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles")`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`const {`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`BUILTIN_PERMISSION_IDS,`
			`} = require("../../../utilities/security/permissions")`
Large update, tests passing, have simplifed access level API, access levels and permissions are now totally separate. 2020-11-14 04:35:20 +13:00
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`const roleBody = {`
			`name: "NewRole",`
			`inherits: BUILTIN_ROLE_IDS.BASIC,`
			`permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY,`
			`}`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`describe("/roles", () => {`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`let server`
			`let request`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`let appId`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
			`beforeAll(async () => {`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`;({ request, server } = await supertest())`
			`})`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
Fixing test cases. 2020-10-29 11:37:58 +13:00			`afterAll(() => {`
			`server.close()`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`})`

			`beforeEach(async () => {`
Initial work into multi-tenancy removal, experiencing issues with test cases at this point. 2020-10-29 09:35:06 +13:00			`let app = await createApplication(request)`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`appId = app.instance._id`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`})`

			`describe("create", () => {`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`it("returns a success message when role is successfully created", async () => {`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`const res = await request`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			.post(`/api/roles`)
			`.send(roleBody)`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`.expect("Content-Type", /json/)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`.expect(200)`

Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`expect(res.res.statusMessage).toEqual(`
			`"Role 'NewRole' created successfully."`
			`)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`expect(res.body._id).toBeDefined()`
			`expect(res.body._rev).toBeDefined()`
			`})`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`})`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
			`describe("fetch", () => {`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`it("should list custom roles, plus 2 default roles", async () => {`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`const createRes = await request`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			.post(`/api/roles`)
			`.send(roleBody)`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`.expect("Content-Type", /json/)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`.expect(200)`

Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`const customRole = createRes.body`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
			`const res = await request`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			.get(`/api/roles`)
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`.expect("Content-Type", /json/)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`.expect(200)`

Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`expect(res.body.length).toBe(5)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`const adminRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.ADMIN)`
			`expect(adminRole).toBeDefined()`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`expect(adminRole.inherits).toEqual(BUILTIN_ROLE_IDS.POWER)`
			`expect(adminRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.ADMIN)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`const powerUserRole = res.body.find(r => r._id === BUILTIN_ROLE_IDS.POWER)`
			`expect(powerUserRole).toBeDefined()`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`expect(powerUserRole.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)`
			`expect(powerUserRole.permissionId).toEqual(BUILTIN_PERMISSION_IDS.POWER)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`const customRoleFetched = res.body.find(r => r._id === customRole._id)`
			`expect(customRoleFetched).toBeDefined()`
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`expect(customRoleFetched.inherits).toEqual(BUILTIN_ROLE_IDS.BASIC)`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`expect(customRoleFetched.permissionId).toEqual(`
			`BUILTIN_PERMISSION_IDS.READ_ONLY`
			`)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`})`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`})`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
			`describe("destroy", () => {`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`it("should delete custom roles", async () => {`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`const createRes = await request`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			.post(`/api/roles`)
Changing the role system to have permissions integrated rather than the permissions being per user. 2020-12-03 06:08:25 +13:00			`.send({ name: "user", permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY })`
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`.expect("Content-Type", /json/)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`.expect(200)`

Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			`const customRole = createRes.body`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00
			`await request`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			.delete(`/api/roles/${customRole._id}/${customRole._rev}`)
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`.expect(200)`

			`await request`
Changing the naming of access levels to be roles. 2020-12-03 02:20:56 +13:00			.get(`/api/roles/${customRole._id}`)
Renaming instanceId -> appId to reduce confusion through the system, there only is one ID now. 2020-10-29 23:28:27 +13:00			`.set(defaultHeaders(appId))`
Updating some test cases which were failing silently and changing how environment want handled. 2020-09-15 01:32:20 +12:00			`.expect(404)`
auth, first version, needing tested 2020-05-22 01:31:23 +12:00			`})`
			`})`
Update user editing to support new email field 2020-12-09 00:43:37 +13:00			`})`