2020-05-22 01:31:23 +12:00
|
|
|
const {
|
|
|
|
createApplication,
|
2020-10-10 06:49:23 +13:00
|
|
|
createTable,
|
2020-05-22 01:31:23 +12:00
|
|
|
createView,
|
|
|
|
supertest,
|
|
|
|
defaultHeaders
|
|
|
|
} = require("./couchTestUtils")
|
|
|
|
const {
|
|
|
|
generateAdminPermissions,
|
|
|
|
generatePowerUserPermissions,
|
2020-11-12 06:34:15 +13:00
|
|
|
BUILTIN_LEVELS,
|
2020-10-10 06:49:23 +13:00
|
|
|
READ_TABLE,
|
|
|
|
WRITE_TABLE,
|
2020-11-12 06:34:15 +13:00
|
|
|
} = require("../../../utilities/security/accessLevels")
|
|
|
|
const { BUILTIN_PERMISSION_NAMES } = require("../../../utilities/security/permissions")
|
2020-05-22 01:31:23 +12:00
|
|
|
|
|
|
|
describe("/accesslevels", () => {
|
|
|
|
let server
|
|
|
|
let request
|
2020-10-29 23:28:27 +13:00
|
|
|
let appId
|
2020-10-10 06:49:23 +13:00
|
|
|
let table
|
2020-05-22 01:31:23 +12:00
|
|
|
let view
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
|
|
|
({ request, server } = await supertest())
|
|
|
|
});
|
|
|
|
|
2020-10-29 11:37:58 +13:00
|
|
|
afterAll(() => {
|
|
|
|
server.close()
|
2020-05-22 01:31:23 +12:00
|
|
|
})
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
2020-10-29 09:35:06 +13:00
|
|
|
let app = await createApplication(request)
|
2020-10-29 23:28:27 +13:00
|
|
|
appId = app.instance._id
|
|
|
|
table = await createTable(request, appId)
|
|
|
|
view = await createView(request, appId, table._id)
|
2020-05-22 01:31:23 +12:00
|
|
|
})
|
|
|
|
|
|
|
|
describe("create", () => {
|
|
|
|
|
|
|
|
it("returns a success message when level is successfully created", async () => {
|
|
|
|
const res = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.post(`/api/accesslevels`)
|
2020-05-22 01:31:23 +12:00
|
|
|
.send({ name: "user" })
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
expect(res.res.statusMessage).toEqual("Access Level 'user' created successfully.")
|
|
|
|
expect(res.body._id).toBeDefined()
|
|
|
|
expect(res.body._rev).toBeDefined()
|
|
|
|
expect(res.body.permissions).toEqual([])
|
|
|
|
})
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
describe("fetch", () => {
|
|
|
|
|
|
|
|
it("should list custom levels, plus 2 default levels", async () => {
|
|
|
|
const createRes = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.post(`/api/accesslevels`)
|
2020-11-12 06:34:15 +13:00
|
|
|
.send({ name: "user", permissions: [BUILTIN_PERMISSION_NAMES.READ_ONLY] })
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
const customLevel = createRes.body
|
|
|
|
|
|
|
|
const res = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.get(`/api/accesslevels`)
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
expect(res.body.length).toBe(3)
|
|
|
|
|
2020-11-12 06:34:15 +13:00
|
|
|
const adminLevel = res.body.find(r => r._id === BUILTIN_LEVELS.admin._id)
|
2020-05-22 01:31:23 +12:00
|
|
|
expect(adminLevel).toBeDefined()
|
2020-10-29 23:28:27 +13:00
|
|
|
expect(adminLevel.permissions).toEqual(await generateAdminPermissions(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
|
2020-11-12 06:34:15 +13:00
|
|
|
const powerUserLevel = res.body.find(r => r._id === BUILTIN_LEVELS.power._id)
|
2020-05-22 01:31:23 +12:00
|
|
|
expect(powerUserLevel).toBeDefined()
|
2020-10-29 23:28:27 +13:00
|
|
|
expect(powerUserLevel.permissions).toEqual(await generatePowerUserPermissions(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
|
|
|
|
const customLevelFetched = res.body.find(r => r._id === customLevel._id)
|
|
|
|
expect(customLevelFetched.permissions).toEqual(customLevel.permissions)
|
|
|
|
})
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
describe("destroy", () => {
|
|
|
|
it("should delete custom access level", async () => {
|
|
|
|
const createRes = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.post(`/api/accesslevels`)
|
2020-11-12 06:34:15 +13:00
|
|
|
.send({ name: "user", permissions: [BUILTIN_PERMISSION_NAMES.READ_ONLY] })
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
const customLevel = createRes.body
|
|
|
|
|
|
|
|
await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.delete(`/api/accesslevels/${customLevel._id}/${customLevel._rev}`)
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.get(`/api/accesslevels/${customLevel._id}`)
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-09-15 01:32:20 +12:00
|
|
|
.expect(404)
|
2020-05-22 01:31:23 +12:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe("patch", () => {
|
|
|
|
it("should add given permissions", async () => {
|
|
|
|
const createRes = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.post(`/api/accesslevels`)
|
2020-11-12 06:34:15 +13:00
|
|
|
.send({ name: "user", permissions: [BUILTIN_PERMISSION_NAMES.READ_ONLY] })
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
const customLevel = createRes.body
|
|
|
|
|
|
|
|
await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.patch(`/api/accesslevels/${customLevel._id}`)
|
2020-05-22 01:31:23 +12:00
|
|
|
.send({
|
|
|
|
_rev: customLevel._rev,
|
2020-10-10 06:49:23 +13:00
|
|
|
addedPermissions: [ { itemId: table._id, name: WRITE_TABLE } ]
|
2020-05-22 01:31:23 +12:00
|
|
|
})
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
const finalRes = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.get(`/api/accesslevels/${customLevel._id}`)
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
expect(finalRes.body.permissions.length).toBe(2)
|
2020-10-10 06:49:23 +13:00
|
|
|
expect(finalRes.body.permissions.some(p => p.name === WRITE_TABLE)).toBe(true)
|
|
|
|
expect(finalRes.body.permissions.some(p => p.name === READ_TABLE)).toBe(true)
|
2020-05-22 01:31:23 +12:00
|
|
|
})
|
|
|
|
|
|
|
|
it("should remove given permissions", async () => {
|
|
|
|
const createRes = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.post(`/api/accesslevels`)
|
2020-05-22 01:31:23 +12:00
|
|
|
.send({
|
|
|
|
name: "user",
|
|
|
|
permissions: [
|
2020-10-10 06:49:23 +13:00
|
|
|
{ itemId: table._id, name: READ_TABLE },
|
|
|
|
{ itemId: table._id, name: WRITE_TABLE },
|
2020-05-22 01:31:23 +12:00
|
|
|
]
|
|
|
|
})
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
const customLevel = createRes.body
|
|
|
|
|
|
|
|
await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.patch(`/api/accesslevels/${customLevel._id}`)
|
2020-05-22 01:31:23 +12:00
|
|
|
.send({
|
|
|
|
_rev: customLevel._rev,
|
2020-10-10 06:49:23 +13:00
|
|
|
removedPermissions: [ { itemId: table._id, name: WRITE_TABLE }]
|
2020-05-22 01:31:23 +12:00
|
|
|
})
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect('Content-Type', /json/)
|
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
const finalRes = await request
|
2020-06-19 07:41:37 +12:00
|
|
|
.get(`/api/accesslevels/${customLevel._id}`)
|
2020-10-29 23:28:27 +13:00
|
|
|
.set(defaultHeaders(appId))
|
2020-05-22 01:31:23 +12:00
|
|
|
.expect(200)
|
|
|
|
|
|
|
|
expect(finalRes.body.permissions.length).toBe(1)
|
2020-10-10 06:49:23 +13:00
|
|
|
expect(finalRes.body.permissions.some(p => p.name === READ_TABLE)).toBe(true)
|
2020-05-22 01:31:23 +12:00
|
|
|
})
|
|
|
|
})
|
|
|
|
});
|