budibase/packages/core/test/authApi.createAccessLevels.spec.js

import {setupApphierarchy, 
    basicAppHierarchyCreator_WithFields} from "./specHelpers";
import { permissionTypes, 
    ACCESS_LEVELS_FILE, 
    ACCESS_LEVELS_LOCK_FILE} from "../src/authApi/authCommon";
import {permission} from "../src/authApi/permissions";
import {cloneDeep} from "lodash/fp";
import {getLock} from "../src/common/lock";

describe("getNewAccessLevel", () => {

    it("should create item with correct properties", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const accLev = authApi.getNewAccessLevel();
        expect(accLev.name).toBe("");
        expect(accLev.permissions).toEqual([]);
    });

});

describe("validateAccessLevels", () => {

    it("should return no errors with valid access level", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const accessLevel = validAccessLevel(authApi);
        const errs = authApi.validateAccessLevels([accessLevel]);
        expect(errs).toEqual([]);
    });

    it("should error when access level name not set", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const accessLevel = validAccessLevel(authApi);
        accessLevel.name = "";
        const errs = authApi.validateAccessLevels([accessLevel]);
        expect(errs.length).toEqual(1);
        expect(errs[0].field).toBe("name");
    });

    it("should error when 2 access levels with the same name", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const accessLevel1 = validAccessLevel(authApi);
        const accessLevel2 = validAccessLevel(authApi);
        const errs = authApi.validateAccessLevels([accessLevel1, accessLevel2]);
        expect(errs.length).toEqual(2);
        expect(errs[0].field).toBe("name");
        expect(errs[0].item).toBe(accessLevel1);
        expect(errs[1].field).toBe("name");
        expect(errs[1].item).toBe(accessLevel2);
    });

    it("should error when permission is not recognised", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const accessLevel = validAccessLevel(authApi);
        accessLevel.permissions[0].type = "not valid";
        const errs = authApi.validateAccessLevels([accessLevel]);
        expect(errs.length).toEqual(1);
        expect(errs[0].field).toBe("type");
        expect(errs[0].item).toBe(accessLevel.permissions[0]);
    });

    it("should error when record permision has invalid nodeKey", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const accessLevel = validAccessLevel(authApi);
        accessLevel.permissions[0].type = permissionTypes.CREATE_RECORD;
        accessLevel.permissions[0].nodeKey = "nota a valid node key";
        const errs = authApi.validateAccessLevels([accessLevel]);
        expect(errs.length).toEqual(1);
        expect(errs[0].field).toBe("nodeKey");
        expect(errs[0].item).toBe(accessLevel.permissions[0]);
    });
});

describe("save and load access level", () => {

    it("should save and load valid access levels", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);
        await authApi.saveAccessLevels(levels);
        const loadedLevels = await authApi.loadAccessLevels();
        expect(loadedLevels.levels.length).toBe(2);
        expect(loadedLevels.levels[0].name).toBe("level 1");
        expect(loadedLevels.levels[1].name).toBe("level 2");
        expect(loadedLevels.version).toBe(1);
    });

    it("should not save invalid access levels", async () => {
        const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);
        levels.levels[0].name = "";
        let e;
        try {
            await authApi.saveAccessLevels(levels);
        } catch(ex) {
            e = ex;
        }

        expect(e).toBeDefined();
        const loadedLevels = await authApi.loadAccessLevels();
        expect(loadedLevels.levels.length).toBe(0);
        expect(loadedLevels.version).toBe(0);
    });

    it("should not save access level when version has increased since loading", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);
        const updatedLevels = cloneDeep(levels);
        updatedLevels.version = 1;
        await app.datastore.updateJson(ACCESS_LEVELS_FILE, updatedLevels);

        let e;
        try {
            await authApi.saveAccessLevels(levels);
        } catch(ex) {
            e = ex;
        }

        expect(e).toBeDefined();
        const loadedLevels = await authApi.loadAccessLevels();
        expect(loadedLevels.levels.length).toBe(2);
        expect(loadedLevels.version).toBe(1);
    });

    it("should not save access level when locked", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);

        await getLock(app, 
            ACCESS_LEVELS_LOCK_FILE,
            10000, 0,0);

        let e;
        try {
            await authApi.saveAccessLevels(levels);
        } catch(ex) {
            e = ex;
        }

        expect(e).toBeDefined();
        const loadedLevels = await authApi.loadAccessLevels();
        expect(loadedLevels.levels.length).toBe(0);
        expect(loadedLevels.version).toBe(0);
    });


    it("save should throw error when user user does not have permission", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);
        app.removePermission(permission.writeAccessLevels.get());
        expect(authApi.saveAccessLevels(levels)).rejects.toThrow(/Unauthorized/);
    });

    it("save should not depend on having any other permissions", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);
        app.withOnlyThisPermission(permission.writeAccessLevels.get());
        await authApi.saveAccessLevels(levels)
    });

    it("load should throw error when user user does not have permission", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);
        await authApi.saveAccessLevels(levels)
        app.removePermission(permission.listAccessLevels.get());
        expect(authApi.loadAccessLevels()).rejects.toThrow(/Unauthorized/);
    });

    it("load should not depend on having any other permissions", async () => {
        const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields);
        const levels = validAccessLevels(authApi);
        await authApi.saveAccessLevels(levels)
        app.withOnlyThisPermission(permission.listAccessLevels.get());
        await authApi.loadAccessLevels();
    });

});

const validAccessLevels = (authApi) => {
    const accessLevel1 = validAccessLevel(authApi);
    accessLevel1.name = "level 1";
    const accessLevel2 = validAccessLevel(authApi);
    accessLevel2.name = "level 2";
    return {version:0, levels: [accessLevel1, accessLevel2]};
}

const validAccessLevel = (authApi) => {
    const lev = authApi.getNewAccessLevel();
    lev.name = "test level";
    permission.writeTemplates.add(lev);
    return lev;        
}