From 300b0b7b671a8b702e853992dfa1cb5bd1bcbbd0 Mon Sep 17 00:00:00 2001 From: Pedro Silva Date: Sun, 11 Dec 2022 11:07:14 +0000 Subject: [PATCH] Add access tests for tables --- .../internal-api/TestConfiguration/tables.ts | 8 + .../TestConfiguration/userManagement.ts | 1 + .../internal-api/fixtures/userManagement.ts | 1 - .../userManagement/userManagement.spec.ts | 143 +++++++++++++++++- 4 files changed, 147 insertions(+), 6 deletions(-) diff --git a/qa-core/src/config/internal-api/TestConfiguration/tables.ts b/qa-core/src/config/internal-api/TestConfiguration/tables.ts index 5b7e1648a0..5e52b71c94 100644 --- a/qa-core/src/config/internal-api/TestConfiguration/tables.ts +++ b/qa-core/src/config/internal-api/TestConfiguration/tables.ts @@ -39,6 +39,14 @@ export default class TablesApi { return [response, json] } + async forbiddenSave(body: any): Promise<[Response, Table]> { + const response = await this.api.post(`/tables`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(403) + + return [response, json] + } + async delete( id: string, revId: string diff --git a/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts b/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts index e323c3a098..e602c37c8a 100644 --- a/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts +++ b/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts @@ -33,6 +33,7 @@ export default class UserManagementApi { return [response, json] } + // This endpoint is used for one or more users when we want add users with passwords set. async addMultiple(userList: Partial[]): Promise<[Response, any]> { const body = { create: { diff --git a/qa-core/src/config/internal-api/fixtures/userManagement.ts b/qa-core/src/config/internal-api/fixtures/userManagement.ts index 446ae3b0c5..c036589089 100644 --- a/qa-core/src/config/internal-api/fixtures/userManagement.ts +++ b/qa-core/src/config/internal-api/fixtures/userManagement.ts @@ -1,6 +1,5 @@ import generator from "../../generator"; import { User } from "@budibase/types"; -import { generateUserMetadataID } from "@budibase/backend-core/src/db"; const generateDeveloper = (): Partial => { diff --git a/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts b/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts index e6277a5e7f..8110929b41 100644 --- a/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts +++ b/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts @@ -4,12 +4,15 @@ import InternalAPIClient from "../../../config/internal-api/TestConfiguration/In import generateApp from "../../../config/internal-api/fixtures/applications" import { generateUser } from "../../../config/internal-api/fixtures/userManagement" import { User } from "@budibase/types" +import { generateNewColumnForTable, generateTable } from "../../../config/internal-api/fixtures/table" +import generateScreen from "../../../config/internal-api/fixtures/screens" describe("Internal API - User Management & Permissions", () => { const api = new InternalAPIClient() const config = new TestConfiguration(api) - beforeAll(async () => { + // Before each test, login as admin. Some tests will require login as a different user + beforeEach(async () => { await config.loginAsAdmin() }) @@ -21,7 +24,6 @@ describe("Internal API - User Management & Permissions", () => { await config.users.search() await config.users.getRoles() - // These need to be saved to the context so the passwords can be used to login const admin = generateUser(1, "admin") expect(admin[0].builder?.global).toEqual(true) expect(admin[0].admin?.global).toEqual(true) @@ -31,9 +33,9 @@ describe("Internal API - User Management & Permissions", () => { expect(appUser[0].builder?.global).toEqual(false) expect(appUser[0].admin?.global).toEqual(false) - await config.users.addMultiple(admin) - await config.users.addMultiple(developer) - await config.users.addMultiple(appUser) + const userList = [...admin, ...developer, ...appUser] + + await config.users.addMultiple(userList) const [allUsersResponse, allUsersJson] = await config.users.getAll() expect(allUsersJson.length).toBeGreaterThan(0) @@ -158,4 +160,135 @@ describe("Internal API - User Management & Permissions", () => { }) + it("Check Table access for app user", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) + + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "BASIC", + } + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("BASIC") + + const [createdTableResponse, createdTableData] = await config.tables.save( + generateTable() + ) + await config.login(appUser[0].email, appUser[0].password) + const newColumn = generateNewColumnForTable(createdTableData) + await config.tables.forbiddenSave( + newColumn) + await config.tables.forbiddenSave(generateTable()) + }) + //Incomplete Test + it("Check Screen access for app user", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) + + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "BASIC", + } + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("BASIC") + + const [basicScreenResponse, basicScreenJson] = await config.screen.create(generateScreen("BASIC")) + }) + + it("Check Table access for developer", async () => { + const developer = generateUser(1, 'developer') + expect(developer[0].builder?.global).toEqual(true) + + const [createUserResponse, createUserJson] = await config.users.addMultiple(developer) + + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "POWER", + } + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("POWER") + + const [createdTableResponse, createdTableData] = await config.tables.save( + generateTable() + ) + await config.login(developer[0].email, developer[0].password) + const newColumn = generateNewColumnForTable(createdTableData) + const [addColumnResponse, addColumnData] = await config.tables.save( + newColumn, + true + ) + }) + + it("Check Screen access for developer", async () => { + + }) + + it("Check Table access for admin", async () => { + const adminUser = generateUser(1, "admin") + expect(adminUser[0].builder?.global).toEqual(true) + expect(adminUser[0].admin?.global).toEqual(true) + const [createUserResponse, createUserJson] = await config.users.addMultiple(adminUser) + + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "ADMIN", + } + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("ADMIN") + + await config.login(adminUser[0].email, adminUser[0].password) + const [createdTableResponse, createdTableData] = await config.tables.save( + generateTable() + ) + const newColumn = generateNewColumnForTable(createdTableData) + const [addColumnResponse, addColumnData] = await config.tables.save( + newColumn, + true + ) + }) + + it("Check Screen access for admin", async () => { + + }) + })