Extra tests
This commit is contained in:
Adria Navarro
parent
92a0740cef
commit
11e8d576e2
|
|
@ -743,21 +743,47 @@ describe("/rowsActions", () => {
|
||||||
])
|
])
|
||||||
})
|
})
|
||||||
|
|
||||||
const { PUBLIC, ...nonPublicRoles } = roles.BUILTIN_ROLE_IDS
|
describe("role permission checks", () => {
|
||||||
|
function createUser(role: string) {
|
||||||
|
return config.createUser({
|
||||||
|
admin: { global: false },
|
||||||
|
builder: {},
|
||||||
|
roles: { [config.getProdAppId()]: role },
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
it.each(Object.values(nonPublicRoles))(
|
function getRolesHigherThan(role: string) {
|
||||||
"rejects if the user does not have table read permission",
|
const result = Object.values(roles.BUILTIN_ROLE_IDS).filter(
|
||||||
async role => {
|
r => r !== role && roles.lowerBuiltinRoleID(r, role) === role
|
||||||
|
)
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
function getRolesLowerThan(role: string) {
|
||||||
|
const result = Object.values(roles.BUILTIN_ROLE_IDS).filter(
|
||||||
|
r => r !== role && roles.lowerBuiltinRoleID(r, role) === r
|
||||||
|
)
|
||||||
|
return result
|
||||||
|
}
|
||||||
|
|
||||||
|
const allowedRoleConfig = Object.values(roles.BUILTIN_ROLE_IDS).flatMap(
|
||||||
|
r => [r, ...getRolesLowerThan(r)].map(p => [r, p])
|
||||||
|
)
|
||||||
|
|
||||||
|
const disallowedRoleConfig = Object.values(
|
||||||
|
roles.BUILTIN_ROLE_IDS
|
||||||
|
).flatMap(r => getRolesHigherThan(r).map(p => [r, p]))
|
||||||
|
|
||||||
|
it.each(allowedRoleConfig)(
|
||||||
|
"allows triggering if the user has table read permission (user %s, table %s)",
|
||||||
|
async (userRole, resourcePermission) => {
|
||||||
await config.api.permission.add({
|
await config.api.permission.add({
|
||||||
level: PermissionLevel.READ,
|
level: PermissionLevel.READ,
|
||||||
resourceId: tableId,
|
resourceId: tableId,
|
||||||
roleId: role,
|
roleId: resourcePermission,
|
||||||
})
|
})
|
||||||
|
|
||||||
const normalUser = await config.createUser({
|
const normalUser = await createUser(userRole)
|
||||||
admin: { global: false },
|
|
||||||
builder: {},
|
|
||||||
})
|
|
||||||
await config.withUser(normalUser, async () => {
|
await config.withUser(normalUser, async () => {
|
||||||
await config.publish()
|
await config.publish()
|
||||||
await config.api.rowAction.trigger(
|
await config.api.rowAction.trigger(
|
||||||
|
|
@ -766,7 +792,35 @@ describe("/rowsActions", () => {
|
||||||
{
|
{
|
||||||
rowId: row._id!,
|
rowId: row._id!,
|
||||||
},
|
},
|
||||||
{ status: 403, body: { message: "User does not have permission" } }
|
{ status: 200 }
|
||||||
|
)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
it.each(disallowedRoleConfig)(
|
||||||
|
"rejects if the user does not have table read permission (user %s, table %s)",
|
||||||
|
async (userRole, resourcePermission) => {
|
||||||
|
await config.api.permission.add({
|
||||||
|
level: PermissionLevel.READ,
|
||||||
|
resourceId: tableId,
|
||||||
|
roleId: resourcePermission,
|
||||||
|
})
|
||||||
|
|
||||||
|
const normalUser = await createUser(userRole)
|
||||||
|
|
||||||
|
await config.withUser(normalUser, async () => {
|
||||||
|
await config.publish()
|
||||||
|
await config.api.rowAction.trigger(
|
||||||
|
tableId,
|
||||||
|
rowAction.id,
|
||||||
|
{
|
||||||
|
rowId: row._id!,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
status: 403,
|
||||||
|
body: { message: "User does not have permission" },
|
||||||
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
const automationLogs = await getAutomationLogs()
|
const automationLogs = await getAutomationLogs()
|
||||||
|
|
@ -775,4 +829,5 @@ describe("/rowsActions", () => {
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue