Updating authorization test case to remove check for builder security and removing builder security while auth is being worked on - added an option to start stack without server so that user can start it in a debug mode if desired.

This commit is contained in:
mike12345567 2021-04-07 11:54:51 +01:00
parent 48918a17f5
commit 18ce4a1e19
3 changed files with 8 additions and 1 deletions

View File

@ -27,6 +27,7 @@
"clean": "lerna clean", "clean": "lerna clean",
"kill-port": "kill-port 4001", "kill-port": "kill-port 4001",
"dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1", "dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1",
"dev:noserver": "lerna link && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/server",
"test": "lerna run test", "test": "lerna run test",
"lint": "eslint packages", "lint": "eslint packages",
"lint:fix": "eslint --fix packages", "lint:fix": "eslint --fix packages",

View File

@ -42,6 +42,11 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
const isAdmin = ADMIN_ROLES.includes(role._id) const isAdmin = ADMIN_ROLES.includes(role._id)
const isAuthed = ctx.auth.authenticated const isAuthed = ctx.auth.authenticated
// TODO: this was added while we work towards a better auth method
if (permType === PermissionTypes.BUILDER) {
return next()
}
const { basePermissions, permissions } = await getUserPermissions( const { basePermissions, permissions } = await getUserPermissions(
ctx.appId, ctx.appId,
role._id role._id

View File

@ -144,7 +144,8 @@ describe("Authorization middleware", () => {
expect(config.next).toHaveBeenCalled() expect(config.next).toHaveBeenCalled()
}) })
it("throws if the user has only builder permissions", async () => { // TODO: this has been skipped while auth is still in flux
xit("throws if the user has only builder permissions", async () => {
config.setEnvironment(false) config.setEnvironment(false)
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER) config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
config.setUser({ config.setUser({