CodeMirror/budibase
1
0
Fork 0
mirror of synced 2024-07-19 21:26:22 +12:00
Code Issues Projects Releases Wiki Activity

Test deleting when forbidden

Browse source
This commit is contained in:
Adria Navarro 2023-08-22 10:30:12 +03:00
parent 96f9a34136
commit 10e0abec3e
2 changed files with 41 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
packages/server/src/api/routes/tests/permissions.spec.ts
View file

@ -122,15 +122,35 @@ describe("/permission", () => {
describe("remove", () => {
it("should be able to remove the permission", async () => {
const res = await request
.delete(`/api/permission/${STD_ROLE_ID}/${table._id}/read`)
.set(config.defaultHeaders())
.expect("Content-Type", /json/)
.expect(200)
const res = await config.api.permission.remove({
roleId: STD_ROLE_ID,
resourceId: table._id,
level: PermissionLevel.READ,
})
expect(res.body[0]._id).toEqual(STD_ROLE_ID)
const permsRes = await getTablePermissions()
expect(permsRes.body[STD_ROLE_ID]).toBeUndefined()
})
it("throw forbidden if the action is not allowed for the resource", async () => {
mockedSdk.resourceActionAllowed.mockResolvedValue({
allowed: false,
resourceType: DocumentType.DATASOURCE,
level: PermissionLevel.READ,
})
const response = await config.api.permission.remove(
{
roleId: STD_ROLE_ID,
resourceId: table._id,
level: PermissionLevel.EXECUTE,
},
{ expectStatus: 403 }
)
expect(response.body.message).toEqual(
"You are not allowed to 'read' the resource type 'datasource'"
)
})
})
describe("check public user allowed", () => {

16
packages/server/src/tests/utilities/api/permission.ts
View file

@ -22,4 +22,20 @@ export class PermissionAPI extends TestAPI {
.expect(expectStatus)
return res.body
}
remove = async (
{
roleId,
resourceId,
level,
}: { roleId: string; resourceId: string; level: PermissionLevel },
{ expectStatus } = { expectStatus: 200 }
) => {
const res = await this.request
.delete(`/api/permission/${roleId}/${resourceId}/${level}`)
.set(this.config.defaultHeaders())
.expect("Content-Type", /json/)
.expect(expectStatus)
return res
}
}