MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add extra test

This commit is contained in:
Adria Navarro 2024-10-08 13:50:05 +02:00
parent 1e0902a831
commit 38685b50df
1 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
packages/server/src/api/routes/tests/permissions.spec.ts
View File

@ -1,5 +1,5 @@
import { roles } from "@budibase/backend-core" import { roles } from "@budibase/backend-core"
import { Document, PermissionLevel, Row, Table, ViewV2 } from "@budibase/types" import { Document, PermissionLevel, Row, ViewV2 } from "@budibase/types"
import * as setup from "./utilities" import * as setup from "./utilities"
import { generator, mocks } from "@budibase/backend-core/tests" import { generator, mocks } from "@budibase/backend-core/tests"
@ -12,7 +12,6 @@ const STD_ROLE_ID = BUILTIN_ROLE_IDS.PUBLIC
describe("/permission", () => { describe("/permission", () => {
let request = setup.getRequest() let request = setup.getRequest()
let config = setup.getConfig() let config = setup.getConfig()
let perms: Document[]
afterAll(setup.afterAll) afterAll(setup.afterAll)
@ -40,26 +39,43 @@ describe("/permission", () => {
}) })
describe("table permissions", () => { describe("table permissions", () => {
let table: Table & { _id: string } let tableId: string
let row: Row let row: Row
let view: ViewV2 let view: ViewV2
let perms: Document[]
beforeEach(async () => { beforeEach(async () => {
mocks.licenses.useCloudFree() mocks.licenses.useCloudFree()
table = (await config.createTable()) as typeof table const table = await config.createTable()
tableId = table._id!
row = await config.createRow() row = await config.createRow()
view = await config.api.viewV2.create({ view = await config.api.viewV2.create({
tableId: table._id!, tableId,
name: generator.guid(), name: generator.guid(),
}) })
perms = await config.api.permission.add({ perms = await config.api.permission.add({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: tableId,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
}) })
it("tables should be defaulted to admin", async () => {
const table = await config.createTable()
const { permissions } = await config.api.permission.get(table._id!)
expect(permissions).toEqual({
read: {
permissionType: "BASE",
role: "BASIC",
},
write: {
permissionType: "BASE",
role: "BASIC",
},
})
})
describe("add", () => { describe("add", () => {
it("should be able to add permission to a role for the table", async () => { it("should be able to add permission to a role for the table", async () => {
expect(perms.length).toEqual(1) expect(perms.length).toEqual(1)
@ -68,7 +84,7 @@ describe("/permission", () => {
it("should get the resource permissions", async () => { it("should get the resource permissions", async () => {
const res = await request const res = await request
.get(`/api/permission/${table._id}`) .get(`/api/permission/${tableId}`)
.set(config.defaultHeaders()) .set(config.defaultHeaders())
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
@ -83,10 +99,10 @@ describe("/permission", () => {
it("should get resource permissions with multiple roles", async () => { it("should get resource permissions with multiple roles", async () => {
perms = await config.api.permission.add({ perms = await config.api.permission.add({
roleId: HIGHER_ROLE_ID, roleId: HIGHER_ROLE_ID,
resourceId: table._id, resourceId: tableId,
level: PermissionLevel.WRITE, level: PermissionLevel.WRITE,
}) })
const res = await config.api.permission.get(table._id) const res = await config.api.permission.get(tableId)
expect(res).toEqual({ expect(res).toEqual({
permissions: { permissions: {
read: { permissionType: "EXPLICIT", role: STD_ROLE_ID }, read: { permissionType: "EXPLICIT", role: STD_ROLE_ID },
@ -99,8 +115,8 @@ describe("/permission", () => {
.set(config.defaultHeaders()) .set(config.defaultHeaders())
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
expect(allRes.body[table._id]["read"]).toEqual(STD_ROLE_ID) expect(allRes.body[tableId]["read"]).toEqual(STD_ROLE_ID)
expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID) expect(allRes.body[tableId]["write"]).toEqual(HIGHER_ROLE_ID)
}) })
}) })
@ -108,11 +124,11 @@ describe("/permission", () => {
it("should be able to remove the permission", async () => { it("should be able to remove the permission", async () => {
const res = await config.api.permission.revoke({ const res = await config.api.permission.revoke({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: tableId,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
expect(res[0]._id).toEqual(STD_ROLE_ID) expect(res[0]._id).toEqual(STD_ROLE_ID)
const permsRes = await config.api.permission.get(table._id) const permsRes = await config.api.permission.get(tableId)
expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined() expect(permsRes.permissions[STD_ROLE_ID]).toBeUndefined()
}) })
}) })
@ -123,7 +139,7 @@ describe("/permission", () => {
await config.publish() await config.publish()
const res = await request const res = await request
.get(`/api/${table._id}/rows`) .get(`/api/${tableId}/rows`)
.set(config.publicHeaders()) .set(config.publicHeaders())
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(200) .expect(200)
@ -148,7 +164,7 @@ describe("/permission", () => {
it("should not be able to access the view data when the table is not public and there are no view permissions overrides", async () => { it("should not be able to access the view data when the table is not public and there are no view permissions overrides", async () => {
await config.api.permission.revoke({ await config.api.permission.revoke({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: tableId,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
@ -175,7 +191,7 @@ describe("/permission", () => {
}) })
await config.api.permission.revoke({ await config.api.permission.revoke({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: tableId,
level: PermissionLevel.READ, level: PermissionLevel.READ,
}) })
// replicate changes before checking permissions // replicate changes before checking permissions
@ -187,8 +203,8 @@ describe("/permission", () => {
it("shouldn't allow writing from a public user", async () => { it("shouldn't allow writing from a public user", async () => {
const res = await request const res = await request
.post(`/api/${table._id}/rows`) .post(`/api/${tableId}/rows`)
.send(basicRow(table._id)) .send(basicRow(tableId))
.set(config.publicHeaders()) .set(config.publicHeaders())
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(401) .expect(401)