MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Test deleting when forbidden

This commit is contained in:
Adria Navarro 2023-08-22 10:30:12 +03:00
parent 96f9a34136
commit 10e0abec3e
2 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
packages/server/src/api/routes/tests/permissions.spec.ts
View File

@ -122,15 +122,35 @@ describe("/permission", () => {
describe("remove", () => { describe("remove", () => {
it("should be able to remove the permission", async () => { it("should be able to remove the permission", async () => {
const res = await request const res = await config.api.permission.remove({
.delete(`/api/permission/${STD_ROLE_ID}/${table._id}/read`) roleId: STD_ROLE_ID,
.set(config.defaultHeaders()) resourceId: table._id,
.expect("Content-Type", /json/) level: PermissionLevel.READ,
.expect(200) })
expect(res.body[0]._id).toEqual(STD_ROLE_ID) expect(res.body[0]._id).toEqual(STD_ROLE_ID)
const permsRes = await getTablePermissions() const permsRes = await getTablePermissions()
expect(permsRes.body[STD_ROLE_ID]).toBeUndefined() expect(permsRes.body[STD_ROLE_ID]).toBeUndefined()
}) })
it("throw forbidden if the action is not allowed for the resource", async () => {
mockedSdk.resourceActionAllowed.mockResolvedValue({
allowed: false,
resourceType: DocumentType.DATASOURCE,
level: PermissionLevel.READ,
})
const response = await config.api.permission.remove(
{
roleId: STD_ROLE_ID,
resourceId: table._id,
level: PermissionLevel.EXECUTE,
},
{ expectStatus: 403 }
)
expect(response.body.message).toEqual(
"You are not allowed to 'read' the resource type 'datasource'"
)
})
}) })
describe("check public user allowed", () => { describe("check public user allowed", () => {

16
packages/server/src/tests/utilities/api/permission.ts
View File

@ -22,4 +22,20 @@ export class PermissionAPI extends TestAPI {
.expect(expectStatus) .expect(expectStatus)
return res.body return res.body
} }
remove = async (
{
roleId,
resourceId,
level,
}: { roleId: string; resourceId: string; level: PermissionLevel },
{ expectStatus } = { expectStatus: 200 }
) => {
const res = await this.request
.delete(`/api/permission/${roleId}/${resourceId}/${level}`)
.set(this.config.defaultHeaders())
.expect("Content-Type", /json/)
.expect(expectStatus)
return res
}
} }