Test deleting when forbidden
This commit is contained in:
Adria Navarro
parent
96f9a34136
commit
10e0abec3e
|
|
@ -122,15 +122,35 @@ describe("/permission", () => {
|
|||
|
||||
describe("remove", () => {
|
||||
it("should be able to remove the permission", async () => {
|
||||
const res = await request
|
||||
.delete(`/api/permission/${STD_ROLE_ID}/${table._id}/read`)
|
||||
.set(config.defaultHeaders())
|
||||
.expect("Content-Type", /json/)
|
||||
.expect(200)
|
||||
const res = await config.api.permission.remove({
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: table._id,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
expect(res.body[0]._id).toEqual(STD_ROLE_ID)
|
||||
const permsRes = await getTablePermissions()
|
||||
expect(permsRes.body[STD_ROLE_ID]).toBeUndefined()
|
||||
})
|
||||
|
||||
it("throw forbidden if the action is not allowed for the resource", async () => {
|
||||
mockedSdk.resourceActionAllowed.mockResolvedValue({
|
||||
allowed: false,
|
||||
resourceType: DocumentType.DATASOURCE,
|
||||
level: PermissionLevel.READ,
|
||||
})
|
||||
|
||||
const response = await config.api.permission.remove(
|
||||
{
|
||||
roleId: STD_ROLE_ID,
|
||||
resourceId: table._id,
|
||||
level: PermissionLevel.EXECUTE,
|
||||
},
|
||||
{ expectStatus: 403 }
|
||||
)
|
||||
expect(response.body.message).toEqual(
|
||||
"You are not allowed to 'read' the resource type 'datasource'"
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe("check public user allowed", () => {
|
||||
|
|
|
|||
|
|
@ -22,4 +22,20 @@ export class PermissionAPI extends TestAPI {
|
|||
.expect(expectStatus)
|
||||
return res.body
|
||||
}
|
||||
|
||||
remove = async (
|
||||
{
|
||||
roleId,
|
||||
resourceId,
|
||||
level,
|
||||
}: { roleId: string; resourceId: string; level: PermissionLevel },
|
||||
{ expectStatus } = { expectStatus: 200 }
|
||||
) => {
|
||||
const res = await this.request
|
||||
.delete(`/api/permission/${roleId}/${resourceId}/${level}`)
|
||||
.set(this.config.defaultHeaders())
|
||||
.expect("Content-Type", /json/)
|
||||
.expect(expectStatus)
|
||||
return res
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue