MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add access tests for tables

This commit is contained in:
Pedro Silva 2022-12-11 11:07:14 +00:00
parent 1765e10995
commit 300b0b7b67
4 changed files with 147 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
qa-core/src/config/internal-api/TestConfiguration/tables.ts
View File

@ -39,6 +39,14 @@ export default class TablesApi {
return [response, json]
}
async forbiddenSave(body: any): Promise<[Response, Table]> {
const response = await this.api.post(`/tables`, { body })
const json = await response.json()
expect(response).toHaveStatusCode(403)
return [response, json]
}
async delete(
id: string,
revId: string

1
qa-core/src/config/internal-api/TestConfiguration/userManagement.ts
View File

@ -33,6 +33,7 @@ export default class UserManagementApi {
return [response, json]
}
// This endpoint is used for one or more users when we want add users with passwords set.
async addMultiple(userList: Partial<User>[]): Promise<[Response, any]> {
const body = {
create: {

1
qa-core/src/config/internal-api/fixtures/userManagement.ts
View File

@ -1,6 +1,5 @@
import generator from "../../generator";
import { User } from "@budibase/types";
import { generateUserMetadataID } from "@budibase/backend-core/src/db";
const generateDeveloper = (): Partial<User> => {

143
qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts
View File

@ -4,12 +4,15 @@ import InternalAPIClient from "../../../config/internal-api/TestConfiguration/In
import generateApp from "../../../config/internal-api/fixtures/applications"
import { generateUser } from "../../../config/internal-api/fixtures/userManagement"
import { User } from "@budibase/types"
import { generateNewColumnForTable, generateTable } from "../../../config/internal-api/fixtures/table"
import generateScreen from "../../../config/internal-api/fixtures/screens"
describe("Internal API - User Management & Permissions", () => {
const api = new InternalAPIClient()
const config = new TestConfiguration<Application>(api)
beforeAll(async () => {
// Before each test, login as admin. Some tests will require login as a different user
beforeEach(async () => {
await config.loginAsAdmin()
})
@ -21,7 +24,6 @@ describe("Internal API - User Management & Permissions", () => {
await config.users.search()
await config.users.getRoles()
// These need to be saved to the context so the passwords can be used to login
const admin = generateUser(1, "admin")
expect(admin[0].builder?.global).toEqual(true)
expect(admin[0].admin?.global).toEqual(true)
@ -31,9 +33,9 @@ describe("Internal API - User Management & Permissions", () => {
expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false)
await config.users.addMultiple(admin)
await config.users.addMultiple(developer)
await config.users.addMultiple(appUser)
const userList = [...admin, ...developer, ...appUser]
await config.users.addMultiple(userList)
const [allUsersResponse, allUsersJson] = await config.users.getAll()
expect(allUsersJson.length).toBeGreaterThan(0)
@ -158,4 +160,135 @@ describe("Internal API - User Management & Permissions", () => {
})
it("Check Table access for app user", async () => {
const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const body: User = {
...userInfoJson,
roles: {
[<string>app.appId]: "BASIC",
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[<string>app.appId]).toBeDefined()
expect(changedUserInfoJson.roles[<string>app.appId]).toEqual("BASIC")
const [createdTableResponse, createdTableData] = await config.tables.save(
generateTable()
)
await config.login(<string>appUser[0].email, <string>appUser[0].password)
const newColumn = generateNewColumnForTable(createdTableData)
await config.tables.forbiddenSave(
newColumn)
await config.tables.forbiddenSave(generateTable())
})
//Incomplete Test
it("Check Screen access for app user", async () => {
const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const body: User = {
...userInfoJson,
roles: {
[<string>app.appId]: "BASIC",
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[<string>app.appId]).toBeDefined()
expect(changedUserInfoJson.roles[<string>app.appId]).toEqual("BASIC")
const [basicScreenResponse, basicScreenJson] = await config.screen.create(generateScreen("BASIC"))
})
it("Check Table access for developer", async () => {
const developer = generateUser(1, 'developer')
expect(developer[0].builder?.global).toEqual(true)
const [createUserResponse, createUserJson] = await config.users.addMultiple(developer)
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const body: User = {
...userInfoJson,
roles: {
[<string>app.appId]: "POWER",
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[<string>app.appId]).toBeDefined()
expect(changedUserInfoJson.roles[<string>app.appId]).toEqual("POWER")
const [createdTableResponse, createdTableData] = await config.tables.save(
generateTable()
)
await config.login(<string>developer[0].email, <string>developer[0].password)
const newColumn = generateNewColumnForTable(createdTableData)
const [addColumnResponse, addColumnData] = await config.tables.save(
newColumn,
true
)
})
it("Check Screen access for developer", async () => {
})
it("Check Table access for admin", async () => {
const adminUser = generateUser(1, "admin")
expect(adminUser[0].builder?.global).toEqual(true)
expect(adminUser[0].admin?.global).toEqual(true)
const [createUserResponse, createUserJson] = await config.users.addMultiple(adminUser)
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const body: User = {
...userInfoJson,
roles: {
[<string>app.appId]: "ADMIN",
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[<string>app.appId]).toBeDefined()
expect(changedUserInfoJson.roles[<string>app.appId]).toEqual("ADMIN")
await config.login(<string>adminUser[0].email, <string>adminUser[0].password)
const [createdTableResponse, createdTableData] = await config.tables.save(
generateTable()
)
const newColumn = generateNewColumnForTable(createdTableData)
const [addColumnResponse, addColumnData] = await config.tables.save(
newColumn,
true
)
})
it("Check Screen access for admin", async () => {
})
})