Updating authorization test case to remove check for builder security and removing builder security while auth is being worked on - added an option to start stack without server so that user can start it in a debug mode if desired.
This commit is contained in:
parent
48918a17f5
commit
18ce4a1e19
|
@ -27,6 +27,7 @@
|
||||||
"clean": "lerna clean",
|
"clean": "lerna clean",
|
||||||
"kill-port": "kill-port 4001",
|
"kill-port": "kill-port 4001",
|
||||||
"dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1",
|
"dev": "yarn run kill-port && lerna link && lerna run --parallel dev:builder --concurrency 1",
|
||||||
|
"dev:noserver": "lerna link && lerna run --parallel dev:builder --concurrency 1 --ignore @budibase/server",
|
||||||
"test": "lerna run test",
|
"test": "lerna run test",
|
||||||
"lint": "eslint packages",
|
"lint": "eslint packages",
|
||||||
"lint:fix": "eslint --fix packages",
|
"lint:fix": "eslint --fix packages",
|
||||||
|
|
|
@ -42,6 +42,11 @@ module.exports = (permType, permLevel = null) => async (ctx, next) => {
|
||||||
const isAdmin = ADMIN_ROLES.includes(role._id)
|
const isAdmin = ADMIN_ROLES.includes(role._id)
|
||||||
const isAuthed = ctx.auth.authenticated
|
const isAuthed = ctx.auth.authenticated
|
||||||
|
|
||||||
|
// TODO: this was added while we work towards a better auth method
|
||||||
|
if (permType === PermissionTypes.BUILDER) {
|
||||||
|
return next()
|
||||||
|
}
|
||||||
|
|
||||||
const { basePermissions, permissions } = await getUserPermissions(
|
const { basePermissions, permissions } = await getUserPermissions(
|
||||||
ctx.appId,
|
ctx.appId,
|
||||||
role._id
|
role._id
|
||||||
|
|
|
@ -144,7 +144,8 @@ describe("Authorization middleware", () => {
|
||||||
expect(config.next).toHaveBeenCalled()
|
expect(config.next).toHaveBeenCalled()
|
||||||
})
|
})
|
||||||
|
|
||||||
it("throws if the user has only builder permissions", async () => {
|
// TODO: this has been skipped while auth is still in flux
|
||||||
|
xit("throws if the user has only builder permissions", async () => {
|
||||||
config.setEnvironment(false)
|
config.setEnvironment(false)
|
||||||
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
|
config.setMiddlewareRequiredPermission(PermissionTypes.BUILDER)
|
||||||
config.setUser({
|
config.setUser({
|
||||||
|
|
Loading…
Reference in New Issue