diff --git a/packages/server/src/api/controllers/permission.js b/packages/server/src/api/controllers/permission.js index cca1e0f696..7c2827e551 100644 --- a/packages/server/src/api/controllers/permission.js +++ b/packages/server/src/api/controllers/permission.js @@ -26,6 +26,8 @@ async function updatePermissionOnRole( const dbRoles = body.rows.map(row => row.doc) const docUpdates = [] + // TODO NEED TO HANDLE BUILTINS HERE - THE dbRoles doesn't contain them + // now try to find any roles which need updated, e.g. removing the // resource from another role and then adding to the new role for (let role of dbRoles) { diff --git a/packages/server/src/api/routes/tests/couchTestUtils.js b/packages/server/src/api/routes/tests/couchTestUtils.js index 59a9b6a7c2..898a40bb4f 100644 --- a/packages/server/src/api/routes/tests/couchTestUtils.js +++ b/packages/server/src/api/routes/tests/couchTestUtils.js @@ -4,6 +4,9 @@ const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles") const packageJson = require("../../../../package") const jwt = require("jsonwebtoken") const env = require("../../../environment") +const { + BUILTIN_PERMISSION_IDS, +} = require("../../../utilities/security/permissions") const TEST_CLIENT_ID = "test-client-id" @@ -70,6 +73,21 @@ exports.createTable = async (request, appId, table, removeId = true) => { return res.body } +exports.createRole = async (request, appId) => { + const roleBody = { + name: "NewRole", + inherits: BUILTIN_ROLE_IDS.BASIC, + permissionId: BUILTIN_PERMISSION_IDS.READ_ONLY, + } + const res = await request + .post(`/api/roles`) + .send(roleBody) + .set(exports.defaultHeaders(appId)) + .expect("Content-Type", /json/) + .expect(200) + return res.body +} + exports.createLinkedTable = async (request, appId) => { // get the ID to link to const table = await exports.createTable(request, appId) diff --git a/packages/server/src/api/routes/tests/permissions.spec.js b/packages/server/src/api/routes/tests/permissions.spec.js new file mode 100644 index 0000000000..8e9effd408 --- /dev/null +++ b/packages/server/src/api/routes/tests/permissions.spec.js @@ -0,0 +1,54 @@ +const { + createApplication, + createTable, + supertest, + defaultHeaders, +} = require("./couchTestUtils") +const { BUILTIN_ROLE_IDS } = require("../../../utilities/security/roles") + +const STD_ROLE_ID = BUILTIN_ROLE_IDS.BASIC + +describe("/permission", () => { + let server + let request + let appId + let table + + beforeAll(async () => { + ;({ request, server } = await supertest()) + }) + + afterAll(() => { + server.close() + }) + + beforeEach(async () => { + let app = await createApplication(request) + appId = app.instance._id + table = await createTable(request, appId) + }) + + describe("levels", () => { + it("should be able to get levels", async () => { + const res = await request + .get(`/api/permission/levels`) + .set(defaultHeaders(appId)) + .expect("Content-Type", /json/) + .expect(200) + expect(res.body).toBeDefined() + expect(res.body.length).toEqual(2) + expect(res.body).toContain("read") + expect(res.body).toContain("write") + }) + }) + + describe("add", () => { + it("should be able to add permission to a role for the table", async () => { + const res = await request + .post(`/api/permission/${STD_ROLE_ID}/${table._id}/read`) + .set(defaultHeaders(appId)) + .expect("Content-Type", /json/) + .expect(200) + }) + }) +}) diff --git a/packages/server/src/utilities/builder/hosting.js b/packages/server/src/utilities/builder/hosting.js index 24ca76dc3e..3c02410afd 100644 --- a/packages/server/src/utilities/builder/hosting.js +++ b/packages/server/src/utilities/builder/hosting.js @@ -23,7 +23,6 @@ exports.HostingTypes = { } exports.getHostingInfo = async () => { - console.trace("DID A GET!") const db = new CouchDB(BUILDER_CONFIG_DB) let doc try {