doesHaveBasePermission tests

2023-04-14 11:39:52 +01:00 · 2023-04-14 11:39:52 +01:00 · 038476523f
parent 696eea9f92
commit 038476523f
1 changed files with 41 additions and 23 deletions
--- a/packages/backend-core/src/security/tests/permissions.spec.ts
+++ b/packages/backend-core/src/security/tests/permissions.spec.ts
@ -1,13 +1,21 @@
 import {
-  doesHaveBasePermission,
-  getBuiltinPermissionByID,
-  isPermissionLevelHigherThanRead,
+  RoleHierarchy,
  PermissionLevel,
  PermissionType,
  levelToNumber,
  getAllowedLevels,
+  BuiltinPermissionID,
+  getBuiltinPermissions,
+  getBuiltinPermissionByID,
+  doesHaveBasePermission,
+  isPermissionLevelHigherThanRead,
+  BUILDER,
 } from "../permissions"

+jest.mock("../permissions", () => ({
+  // getTenantId: jest.fn(() => "budibase"),
+  // DEFAULT_TENANT_ID: "default",
+}))
 describe("levelToNumber", () => {
  it("should return 0 for EXECUTE", () => {
    expect(levelToNumber(PermissionLevel.EXECUTE)).toBe(0)
@ -65,28 +73,38 @@ describe("getAllowedLevels", () => {
 })

 describe("doesHaveBasePermission", () => {
-  it("should return true if base permission has the required level", () => {
-    const permType = PermissionType.APP
-    const permLevel = PermissionLevel.READ
-    const rolesHierarchy = [
-      { roleId: "role1", permissionId: "permission1" },
-      { roleId: "role2", permissionId: "permission2" },
-    ]
-    expect(doesHaveBasePermission(permType, permLevel, rolesHierarchy)).toBe(
-      true
-    )
+  const rolesHierarchy: RoleHierarchy = [
+    { permissionId: BuiltinPermissionID.READ_ONLY },
+  ]
+
+  it("should return true for read permission of read only role", () => {
+    expect(
+      doesHaveBasePermission(
+        PermissionType.TABLE,
+        PermissionLevel.READ,
+        rolesHierarchy
+      )
+    ).toBe(true)
  })

-  it("should return false if base permission does not have the required level", () => {
-    const permType = PermissionType.APP
-    const permLevel = PermissionLevel.READ
-    const rolesHierarchy = [
-      { roleId: "role1", permissionId: "permission1" },
-      { roleId: "role2", permissionId: "permission2" },
-    ]
-    expect(doesHaveBasePermission(permType, permLevel, rolesHierarchy)).toBe(
-      false
-    )
+  it("should return false for write permission of read only role", () => {
+    expect(
+      doesHaveBasePermission(
+        PermissionType.TABLE,
+        PermissionLevel.WRITE,
+        rolesHierarchy
+      )
+    ).toBe(false)
+  })
+
+  it("should return true for execute permission of public role", () => {
+    expect(
+      doesHaveBasePermission(
+        PermissionType.WEBHOOK,
+        PermissionLevel.EXECUTE,
+        rolesHierarchy
+      )
+    ).toBe(true)
  })
 })