diff --git a/package.json b/package.json index ac09edf5ae..f28f2a7c91 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "dev:server": "yarn run kill-server && lerna run --parallel dev:builder --concurrency 1 --scope @budibase/backend-core --scope @budibase/worker --scope @budibase/server", "test": "lerna run test && yarn test:pro", "test:pro": "bash scripts/pro/test.sh", - "lint:eslint": "eslint packages", + "lint:eslint": "eslint packages && eslint qa-core", "lint:prettier": "prettier --check \"packages/**/*.{js,ts,svelte}\"", "lint": "yarn run lint:eslint && yarn run lint:prettier", "lint:fix:eslint": "eslint --fix packages qa-core", @@ -84,4 +84,4 @@ "install:pro": "bash scripts/pro/install.sh", "dep:clean": "yarn clean && yarn bootstrap" } -} \ No newline at end of file +} diff --git a/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts b/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts index 12a52034cc..20909e8e86 100644 --- a/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts +++ b/qa-core/src/config/internal-api/TestConfiguration/userManagement.ts @@ -4,130 +4,128 @@ import InternalAPIClient from "./InternalAPIClient" import { responseMessage } from "../fixtures/types/responseMessage" export default class UserManagementApi { - api: InternalAPIClient + api: InternalAPIClient - constructor(apiClient: InternalAPIClient) { - this.api = apiClient - } + constructor(apiClient: InternalAPIClient) { + this.api = apiClient + } - async search(): Promise<[Response, Partial[]]> { - const response = await this.api.post(`/global/users/search`, {}) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json.data.length).toBeGreaterThan(0) - return [response, json] - } + async search(): Promise<[Response, Partial[]]> { + const response = await this.api.post(`/global/users/search`, {}) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json.data.length).toBeGreaterThan(0) + return [response, json] + } - async getSelf(): Promise<[Response, Partial]> { - const response = await this.api.get(`/global/self`) - const json = await response.json() - expect(response).toHaveStatusCode(200) - return [response, json] - } + async getSelf(): Promise<[Response, Partial]> { + const response = await this.api.get(`/global/self`) + const json = await response.json() + expect(response).toHaveStatusCode(200) + return [response, json] + } - async getAll(): Promise<[Response, Partial[]]> { - const response = await this.api.get(`/global/users`) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json.length).toBeGreaterThan(0) - return [response, json] - } + async getAll(): Promise<[Response, Partial[]]> { + const response = await this.api.get(`/global/users`) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json.length).toBeGreaterThan(0) + return [response, json] + } - // This endpoint is used for one or more users when we want add users with passwords set. - async addMultiple(userList: Partial[]): Promise<[Response, any]> { - const body = { - create: { - users: userList, - groups: [] - } - } - const response = await this.api.post(`/global/users/bulk`, { body }) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json.created.unsuccessful.length).toEqual(0) - expect(json.created.successful.length).toEqual(body.create.users.length) - return [response, json] + // This endpoint is used for one or more users when we want add users with passwords set. + async addMultiple(userList: Partial[]): Promise<[Response, any]> { + const body = { + create: { + users: userList, + groups: [], + }, } + const response = await this.api.post(`/global/users/bulk`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json.created.unsuccessful.length).toEqual(0) + expect(json.created.successful.length).toEqual(body.create.users.length) + return [response, json] + } - async deleteMultiple(userId: string[]): Promise<[Response, responseMessage]> { - const body = { - delete: { - userIds: [ - userId - ] - } - } - const response = await this.api.post(`/global/users/bulk`, { body }) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json.deleted.successful.length).toEqual(1) - expect(json.deleted.unsuccessful.length).toEqual(0) - expect(json.deleted.successful[0].userId).toEqual(userId) - return [response, json] - } - async delete(userId: string): Promise<[Response, UserDeletedEvent]> { - const response = await this.api.del(`/global/users/${userId}`) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json.message).toEqual(`User ${userId} deleted.`) - return [response, json] + async deleteMultiple(userId: string[]): Promise<[Response, responseMessage]> { + const body = { + delete: { + userIds: [userId], + }, } + const response = await this.api.post(`/global/users/bulk`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json.deleted.successful.length).toEqual(1) + expect(json.deleted.unsuccessful.length).toEqual(0) + expect(json.deleted.successful[0].userId).toEqual(userId) + return [response, json] + } + async delete(userId: string): Promise<[Response, UserDeletedEvent]> { + const response = await this.api.del(`/global/users/${userId}`) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json.message).toEqual(`User ${userId} deleted.`) + return [response, json] + } - async invite(body: any): Promise<[Response, responseMessage]> { - const response = await this.api.post(`/global/users/multi/invite`, { body }) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json.unsuccessful.length).toEqual(0) - expect(json.successful.length).toEqual(body.length) + async invite(body: any): Promise<[Response, responseMessage]> { + const response = await this.api.post(`/global/users/multi/invite`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json.unsuccessful.length).toEqual(0) + expect(json.successful.length).toEqual(body.length) - return [response, json] - } + return [response, json] + } - async getRoles(): Promise<[Response, Role[]]> { - const response = await this.api.get(`/roles`) - const json = await response.json() - expect(response).toHaveStatusCode(200) - return [response, json] - } + async getRoles(): Promise<[Response, Role[]]> { + const response = await this.api.get(`/roles`) + const json = await response.json() + expect(response).toHaveStatusCode(200) + return [response, json] + } - async updateInfo(body: any): Promise<[Response, User]> { - const response = await this.api.post(`/global/users/`, { body }) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json._id).toEqual(body._id) - expect(json._rev).not.toEqual(body._rev) - return [response, json] - } + async updateInfo(body: any): Promise<[Response, User]> { + const response = await this.api.post(`/global/users/`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json._id).toEqual(body._id) + expect(json._rev).not.toEqual(body._rev) + return [response, json] + } - async forcePasswordReset(body: any): Promise<[Response, User]> { - const response = await this.api.post(`/global/users/`, { body }) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json._id).toEqual(body._id) - expect(json._rev).not.toEqual(body._rev) - return [response, json] - } + async forcePasswordReset(body: any): Promise<[Response, User]> { + const response = await this.api.post(`/global/users/`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json._id).toEqual(body._id) + expect(json._rev).not.toEqual(body._rev) + return [response, json] + } - async getInfo(userId: string): Promise<[Response, User]> { - const response = await this.api.get(`/global/users/${userId}`) - const json = await response.json() - expect(response).toHaveStatusCode(200) - return [response, json] - } + async getInfo(userId: string): Promise<[Response, User]> { + const response = await this.api.get(`/global/users/${userId}`) + const json = await response.json() + expect(response).toHaveStatusCode(200) + return [response, json] + } - async changeSelfPassword(body: Partial): Promise<[Response, User]> { - const response = await this.api.post(`/global/self`, { body }) - const json = await response.json() - expect(response).toHaveStatusCode(200) - expect(json._id).toEqual(body._id) - expect(json._rev).not.toEqual(body._rev) - return [response, json] - } + async changeSelfPassword(body: Partial): Promise<[Response, User]> { + const response = await this.api.post(`/global/self`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(200) + expect(json._id).toEqual(body._id) + expect(json._rev).not.toEqual(body._rev) + return [response, json] + } - async createRole(body: Partial): Promise<[Response, UserRoles]> { - const response = await this.api.post(`/roles`, { body }) - const json = await response.json() - expect(response).toHaveStatusCode(200) - return [response, json] - } -} \ No newline at end of file + async createRole(body: Partial): Promise<[Response, UserRoles]> { + const response = await this.api.post(`/roles`, { body }) + const json = await response.json() + expect(response).toHaveStatusCode(200) + return [response, json] + } +} diff --git a/qa-core/src/config/internal-api/fixtures/applications.ts b/qa-core/src/config/internal-api/fixtures/applications.ts index 0ce69bb889..45d82cf4f0 100644 --- a/qa-core/src/config/internal-api/fixtures/applications.ts +++ b/qa-core/src/config/internal-api/fixtures/applications.ts @@ -13,13 +13,12 @@ export const generateApp = ( // Applications type doesn't work here, save to add useTemplate parameter? export const appFromTemplate = (): any => { - return ({ + return { name: generator.word(), url: `/${generator.word()}`, useTemplate: "true", templateName: "Near Miss Register", templateKey: "app/near-miss-register", templateFile: undefined, - }) + } } - diff --git a/qa-core/src/config/internal-api/fixtures/userManagement.ts b/qa-core/src/config/internal-api/fixtures/userManagement.ts index c036589089..90ea6bd738 100644 --- a/qa-core/src/config/internal-api/fixtures/userManagement.ts +++ b/qa-core/src/config/internal-api/fixtures/userManagement.ts @@ -1,80 +1,82 @@ -import generator from "../../generator"; -import { User } from "@budibase/types"; - +import generator from "../../generator" +import { User } from "@budibase/types" const generateDeveloper = (): Partial => { - const randomId = generator.guid(); - return ({ - email: `pedro+${randomId}@budibase.com`, - password: randomId, - roles: {}, - forceResetPassword: true, - builder: { - global: true - } - }) + const randomId = generator.guid() + return { + email: `pedro+${randomId}@budibase.com`, + password: randomId, + roles: {}, + forceResetPassword: true, + builder: { + global: true, + }, + } } const generateAdmin = (): Partial => { - const randomId = generator.guid(); - return ({ - email: `pedro+${randomId}@budibase.com`, - password: randomId, - roles: {}, - forceResetPassword: true, - admin: { - global: true - }, - builder: { - global: true - } - }) + const randomId = generator.guid() + return { + email: `pedro+${randomId}@budibase.com`, + password: randomId, + roles: {}, + forceResetPassword: true, + admin: { + global: true, + }, + builder: { + global: true, + }, + } } const generateAppUser = (): Partial => { - const randomId = generator.guid(); - return ({ - email: `pedro+${randomId}@budibase.com`, - password: randomId, - roles: {}, - forceResetPassword: true, - admin: { - global: false - }, - builder: { - global: false - } - }) - + const randomId = generator.guid() + return { + email: `pedro+${randomId}@budibase.com`, + password: randomId, + roles: {}, + forceResetPassword: true, + admin: { + global: false, + }, + builder: { + global: false, + }, + } } export const generateInviteUser = (): Object[] => { - const randomId = generator.guid(); - return [{ - email: `pedro+${randomId}@budibase.com`, - userInfo: { - userGroups: [] - } - }] - + const randomId = generator.guid() + return [ + { + email: `pedro+${randomId}@budibase.com`, + userInfo: { + userGroups: [], + }, + }, + ] } -export const generateUser = (amount: number = 1, role?: string): Partial[] => { - const userList: Partial[] = []; - for (let i = 0; i < amount; i++) { - switch (role) { - case "admin": - userList.push(generateAdmin()); - break; - case "developer": - userList.push(generateDeveloper()); - break; - case "appUser": - userList.push(generateAppUser()); - break; - default: - userList.push(generateAppUser()); - break; - } +export const generateUser = ( + amount: number = 1, + role?: string +): Partial[] => { + const userList: Partial[] = [] + for (let i = 0; i < amount; i++) { + switch (role) { + case "admin": + userList.push(generateAdmin()) + break + case "developer": + userList.push(generateDeveloper()) + break + case "appUser": + userList.push(generateAppUser()) + break + default: + userList.push(generateAppUser()) + break } - return userList -} \ No newline at end of file + } + return userList +} diff --git a/qa-core/src/tests/internal-api/applications/applications.spec.ts b/qa-core/src/tests/internal-api/applications/applications.spec.ts index 7d889b7e87..70724232bb 100644 --- a/qa-core/src/tests/internal-api/applications/applications.spec.ts +++ b/qa-core/src/tests/internal-api/applications/applications.spec.ts @@ -2,7 +2,10 @@ import TestConfiguration from "../../../config/internal-api/TestConfiguration" import { Application } from "@budibase/server/api/controllers/public/mapping/types" import { db } from "@budibase/backend-core" import InternalAPIClient from "../../../config/internal-api/TestConfiguration/InternalAPIClient" -import { generateApp, appFromTemplate } from "../../../config/internal-api/fixtures/applications" +import { + generateApp, + appFromTemplate, +} from "../../../config/internal-api/fixtures/applications" import generator from "../../../config/generator" import generateScreen from "../../../config/internal-api/fixtures/screens" @@ -18,7 +21,6 @@ describe("Internal API - Application creation, update, publish and delete", () = await config.afterAll() }) - it("Get applications without applications", async () => { await config.applications.fetchEmptyAppList() }) diff --git a/qa-core/src/tests/internal-api/screens/screens.spec.ts b/qa-core/src/tests/internal-api/screens/screens.spec.ts index 1d2a21a8c7..06d2115af4 100644 --- a/qa-core/src/tests/internal-api/screens/screens.spec.ts +++ b/qa-core/src/tests/internal-api/screens/screens.spec.ts @@ -1,7 +1,10 @@ import TestConfiguration from "../../../config/internal-api/TestConfiguration" import { App } from "@budibase/types" import InternalAPIClient from "../../../config/internal-api/TestConfiguration/InternalAPIClient" -import { generateApp, appFromTemplate } from "../../../config/internal-api/fixtures/applications" +import { + generateApp, + appFromTemplate, +} from "../../../config/internal-api/fixtures/applications" import { Screen } from "@budibase/types" import generateScreen from "../../../config/internal-api/fixtures/screens" diff --git a/qa-core/src/tests/internal-api/userManagement/appSpecificRoles.spec.ts b/qa-core/src/tests/internal-api/userManagement/appSpecificRoles.spec.ts index 2447a31558..502ce3d767 100644 --- a/qa-core/src/tests/internal-api/userManagement/appSpecificRoles.spec.ts +++ b/qa-core/src/tests/internal-api/userManagement/appSpecificRoles.spec.ts @@ -1,627 +1,705 @@ import TestConfiguration from "../../../config/internal-api/TestConfiguration" import { Application } from "@budibase/server/api/controllers/public/mapping/types" import InternalAPIClient from "../../../config/internal-api/TestConfiguration/InternalAPIClient" -import { generateApp, appFromTemplate } from "../../../config/internal-api/fixtures/applications" +import { + generateApp, + appFromTemplate, +} from "../../../config/internal-api/fixtures/applications" import { generateUser } from "../../../config/internal-api/fixtures/userManagement" import { User } from "@budibase/types" -import { generateNewColumnForTable, generateTable } from "../../../config/internal-api/fixtures/table" +import { + generateNewColumnForTable, + generateTable, +} from "../../../config/internal-api/fixtures/table" import generateScreen from "../../../config/internal-api/fixtures/screens" import { db } from "@budibase/backend-core" describe("Internal API - App Specific Roles & Permissions", () => { - const api = new InternalAPIClient() - const config = new TestConfiguration(api) + const api = new InternalAPIClient() + const config = new TestConfiguration(api) - // Before each test, login as admin. Some tests will require login as a different user - beforeEach(async () => { - await config.loginAsAdmin() + // Before each test, login as admin. Some tests will require login as a different user + beforeEach(async () => { + await config.loginAsAdmin() + }) + + afterAll(async () => { + await config.afterAll() + }) + + it("Add BASIC user to app", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = await config.users.addMultiple( + appUser + ) + + const app = await config.applications.create(appFromTemplate()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "BASIC", + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("BASIC") + }) + + it("Add ADMIN user to app", async () => { + const adminUser = generateUser(1, "admin") + expect(adminUser[0].builder?.global).toEqual(true) + expect(adminUser[0].admin?.global).toEqual(true) + const [createUserResponse, createUserJson] = await config.users.addMultiple( + adminUser + ) + + //const app = await config.applications.create(generateApp()) + //config.applications.api.appId = app.appId + + const app = await config.applications.create(appFromTemplate()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "ADMIN", + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("ADMIN") + + // publish app + await config.applications.publish(app.appId) + // check published app renders + config.applications.api.appId = db.getProdAppID(app.appId!) + await config.applications.canRender() + }) + + it("Add POWER user to app", async () => { + const powerUser = generateUser(1, "developer") + expect(powerUser[0].builder?.global).toEqual(true) + + const [createUserResponse, createUserJson] = await config.users.addMultiple( + powerUser + ) + + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "POWER", + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("POWER") + }) + + describe("Check Access for default roles", () => { + it("Check Table access for app user", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) + + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "BASIC", + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("BASIC") + + const [createdTableResponse, createdTableData] = await config.tables.save( + generateTable() + ) + await config.login(appUser[0].email, appUser[0].password) + const newColumn = generateNewColumnForTable(createdTableData) + await config.tables.forbiddenSave(newColumn) + await config.tables.forbiddenSave(generateTable()) }) - afterAll(async () => { - await config.afterAll() + it("Check Table access for developer", async () => { + const developer = generateUser(1, "developer") + expect(developer[0].builder?.global).toEqual(true) + + const [createUserResponse, createUserJson] = + await config.users.addMultiple(developer) + + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "POWER", + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("POWER") + + const [createdTableResponse, createdTableData] = await config.tables.save( + generateTable() + ) + await config.login( + developer[0].email, + developer[0].password + ) + const newColumn = generateNewColumnForTable(createdTableData) + const [addColumnResponse, addColumnData] = await config.tables.save( + newColumn, + true + ) }) - it("Add BASIC user to app", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) + it("Check Table access for admin", async () => { + const adminUser = generateUser(1, "admin") + expect(adminUser[0].builder?.global).toEqual(true) + expect(adminUser[0].admin?.global).toEqual(true) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(adminUser) - const app = await config.applications.create(appFromTemplate()) - config.applications.api.appId = app.appId + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - roles: { - [app.appId]: "BASIC", - } - } - await config.users.updateInfo(body) + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + roles: { + [app.appId]: "ADMIN", + }, + } + await config.users.updateInfo(body) - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[app.appId]).toBeDefined() - expect(changedUserInfoJson.roles[app.appId]).toEqual("BASIC") + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[app.appId]).toBeDefined() + expect(changedUserInfoJson.roles[app.appId]).toEqual("ADMIN") + await config.login( + adminUser[0].email, + adminUser[0].password + ) + const [createdTableResponse, createdTableData] = await config.tables.save( + generateTable() + ) + const newColumn = generateNewColumnForTable(createdTableData) + const [addColumnResponse, addColumnData] = await config.tables.save( + newColumn, + true + ) + }) + }) + + describe("Screen Access for App specific roles", () => { + it("Check Screen access for BASIC Role", async () => { + // Set up user + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) + + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) + + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: "BASIC", + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual("BASIC") + + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) + + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) + + // login with BASIC user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() + + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(1) + expect(appPackageJson.screens[0].routing.roleId).toEqual("BASIC") }) - it("Add ADMIN user to app", async () => { - const adminUser = generateUser(1, "admin") - expect(adminUser[0].builder?.global).toEqual(true) - expect(adminUser[0].admin?.global).toEqual(true) - const [createUserResponse, createUserJson] = await config.users.addMultiple(adminUser) + it("Check Screen access for POWER role", async () => { + // Set up user + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) - //const app = await config.applications.create(generateApp()) - //config.applications.api.appId = app.appId + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId - const app = await config.applications.create(appFromTemplate()) - config.applications.api.appId = app.appId + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - roles: { - [app.appId]: "ADMIN", - } - } - await config.users.updateInfo(body) + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: "POWER", + }, + } + await config.users.updateInfo(body) - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[app.appId]).toBeDefined() - expect(changedUserInfoJson.roles[app.appId]).toEqual("ADMIN") + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual("POWER") - // publish app - await config.applications.publish(app.appId) - // check published app renders - config.applications.api.appId = db.getProdAppID(app.appId!) - await config.applications.canRender() + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) + + // login with POWER user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() + + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(2) }) - it("Add POWER user to app", async () => { - const powerUser = generateUser(1, 'developer') - expect(powerUser[0].builder?.global).toEqual(true) + it("Check Screen access for ADMIN role", async () => { + // Set up user + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) - const [createUserResponse, createUserJson] = await config.users.addMultiple(powerUser) + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - roles: { - [app.appId]: "POWER", - } - } - await config.users.updateInfo(body) + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: "ADMIN", + }, + } + await config.users.updateInfo(body) - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[app.appId]).toBeDefined() - expect(changedUserInfoJson.roles[app.appId]).toEqual("POWER") + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual("ADMIN") + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) + + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) + + // login with ADMIN user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() + + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(3) }) + }) + describe("Screen Access for custom roles", () => { + it("Custom role access for level 1 permissions", async () => { + // Set up user + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) - describe("Check Access for default roles", () => { - it("Check Table access for app user", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId + //Create level 1 role + const role = { + inherits: "BASIC", + permissionId: "public", + name: "level 1", + } + const [createRoleResponse, createRoleJson] = + await config.users.createRole(role) - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - roles: { - [app.appId]: "BASIC", - } - } - await config.users.updateInfo(body) + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[app.appId]).toBeDefined() - expect(changedUserInfoJson.roles[app.appId]).toEqual("BASIC") + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: createRoleJson._id, + }, + } + await config.users.updateInfo(body) - const [createdTableResponse, createdTableData] = await config.tables.save( - generateTable() - ) - await config.login(appUser[0].email, appUser[0].password) - const newColumn = generateNewColumnForTable(createdTableData) - await config.tables.forbiddenSave( - newColumn) - await config.tables.forbiddenSave(generateTable()) - }) + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) - it("Check Table access for developer", async () => { - const developer = generateUser(1, 'developer') - expect(developer[0].builder?.global).toEqual(true) + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) - const [createUserResponse, createUserJson] = await config.users.addMultiple(developer) + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId + // login with level 1 user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - roles: { - [app.appId]: "POWER", - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[app.appId]).toBeDefined() - expect(changedUserInfoJson.roles[app.appId]).toEqual("POWER") - - const [createdTableResponse, createdTableData] = await config.tables.save( - generateTable() - ) - await config.login(developer[0].email, developer[0].password) - const newColumn = generateNewColumnForTable(createdTableData) - const [addColumnResponse, addColumnData] = await config.tables.save( - newColumn, - true - ) - }) - - it("Check Table access for admin", async () => { - const adminUser = generateUser(1, "admin") - expect(adminUser[0].builder?.global).toEqual(true) - expect(adminUser[0].admin?.global).toEqual(true) - const [createUserResponse, createUserJson] = await config.users.addMultiple(adminUser) - - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId - - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - roles: { - [app.appId]: "ADMIN", - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[app.appId]).toBeDefined() - expect(changedUserInfoJson.roles[app.appId]).toEqual("ADMIN") - - await config.login(adminUser[0].email, adminUser[0].password) - const [createdTableResponse, createdTableData] = await config.tables.save( - generateTable() - ) - const newColumn = generateNewColumnForTable(createdTableData) - const [addColumnResponse, addColumnData] = await config.tables.save( - newColumn, - true - ) - }) + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(1) }) + it("Custom role access for level 2 permissions", async () => { + // Set up user + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) - describe("Screen Access for App specific roles", () => { - it("Check Screen access for BASIC Role", async () => { - // Set up user - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId + //Create level 1 role + const role = { + inherits: "BASIC", + permissionId: "read_only", + name: "level 2", + } + const [createRoleResponse, createRoleJson] = + await config.users.createRole(role) - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: "BASIC", - } - } - await config.users.updateInfo(body) + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: createRoleJson._id, + }, + } + await config.users.updateInfo(body) - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual("BASIC") + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) - // login with BASIC user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() + // login with level 1 user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(1) - expect(appPackageJson.screens[0].routing.roleId).toEqual("BASIC") - }) - - it("Check Screen access for POWER role", async () => { - // Set up user - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) - - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId - - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) - - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: "POWER", - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual("POWER") - - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) - - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) - - // login with POWER user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(2) - }) - - it("Check Screen access for ADMIN role", async () => { - // Set up user - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) - - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId - - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) - - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: "ADMIN", - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual("ADMIN") - - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) - - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) - - // login with ADMIN user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(3) - }) + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(1) }) - describe("Screen Access for custom roles", () => { - it("Custom role access for level 1 permissions", async () => { - // Set up user - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) + it("Custom role access for level 3 permissions", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId - //Create level 1 role - const role = { - inherits: "BASIC", - permissionId: "public", - name: "level 1" - } - const [createRoleResponse, createRoleJson] = await config.users.createRole(role) + //Create level 1 role + const role = { + inherits: "BASIC", + permissionId: "write", + name: "level 3", + } + const [createRoleResponse, createRoleJson] = + await config.users.createRole(role) + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: createRoleJson._id, + }, + } + await config.users.updateInfo(body) - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: createRoleJson._id, - } - } - await config.users.updateInfo(body) + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) + // login with level 1 user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) - - // login with level 1 user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(1) - }) - it("Custom role access for level 2 permissions", async () => {// Set up user - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) - - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId - - //Create level 1 role - const role = { - inherits: "BASIC", - permissionId: "read_only", - name: "level 2" - } - const [createRoleResponse, createRoleJson] = await config.users.createRole(role) - - - - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) - - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: createRoleJson._id, - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) - - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) - - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) - - // login with level 1 user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(1) - }) - it("Custom role access for level 3 permissions", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) - - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId - - //Create level 1 role - const role = { - inherits: "BASIC", - permissionId: "write", - name: "level 3" - } - const [createRoleResponse, createRoleJson] = await config.users.createRole(role) - - - - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) - - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: createRoleJson._id, - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) - - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) - - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) - - // login with level 1 user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(1) - }) - it("Custom role access for level 4 permissions", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) - - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId - - //Create level 1 role - const role = { - inherits: "BASIC", - permissionId: "power", - name: "level 4" - } - const [createRoleResponse, createRoleJson] = await config.users.createRole(role) - - - - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) - - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: createRoleJson._id, - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) - - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) - - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) - - // login with level 1 user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(1) - }) - it("Custom role access for level 5 permissions", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) - - // Create App - const app = await config.applications.create(generateApp()) - config.applications.api.appId = app.appId - - //Create level 1 role - const role = { - inherits: "BASIC", - permissionId: "admin", - name: "level 5" - } - const [createRoleResponse, createRoleJson] = await config.users.createRole(role) - - - - // Update user roles - const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - const prodAppId = db.getProdAppID(app.appId!) - - // Roles must always be set with prod appID - const body: User = { - ...userInfoJson, - roles: { - [prodAppId]: createRoleJson._id, - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) - expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() - expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) - - await config.screen.create(generateScreen("BASIC")) - await config.screen.create(generateScreen("POWER")) - await config.screen.create(generateScreen("ADMIN")) - - await config.applications.publish(app.appId) - const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId) - expect(firstappPackageJson.screens).toBeDefined() - expect(firstappPackageJson.screens.length).toEqual(3) - - // login with level 1 user - await config.login(appUser[0].email!, appUser[0].password!) - const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() - - // fetch app package - const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!) - expect(appPackageJson.screens).toBeDefined() - expect(appPackageJson.screens.length).toEqual(1) - }) + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(1) }) + it("Custom role access for level 4 permissions", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + //Create level 1 role + const role = { + inherits: "BASIC", + permissionId: "power", + name: "level 4", + } + const [createRoleResponse, createRoleJson] = + await config.users.createRole(role) + + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) + + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: createRoleJson._id, + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) + + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) + + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) + + // login with level 1 user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() + + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(1) + }) + it("Custom role access for level 5 permissions", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [createUserResponse, createUserJson] = + await config.users.addMultiple(appUser) + + // Create App + const app = await config.applications.create(generateApp()) + config.applications.api.appId = app.appId + + //Create level 1 role + const role = { + inherits: "BASIC", + permissionId: "admin", + name: "level 5", + } + const [createRoleResponse, createRoleJson] = + await config.users.createRole(role) + + // Update user roles + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + createUserJson.created.successful[0]._id + ) + const prodAppId = db.getProdAppID(app.appId!) + + // Roles must always be set with prod appID + const body: User = { + ...userInfoJson, + roles: { + [prodAppId]: createRoleJson._id, + }, + } + await config.users.updateInfo(body) + + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(createUserJson.created.successful[0]._id) + expect(changedUserInfoJson.roles[prodAppId]).toBeDefined() + expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id) + + await config.screen.create(generateScreen("BASIC")) + await config.screen.create(generateScreen("POWER")) + await config.screen.create(generateScreen("ADMIN")) + + await config.applications.publish(app.appId) + const [firstappPackageResponse, firstappPackageJson] = + await config.applications.getAppPackage(app.appId) + expect(firstappPackageJson.screens).toBeDefined() + expect(firstappPackageJson.screens.length).toEqual(3) + + // login with level 1 user + await config.login(appUser[0].email!, appUser[0].password!) + const [selfInfoResponse, selfInfoJson] = await config.users.getSelf() + + // fetch app package + const [appPackageResponse, appPackageJson] = + await config.applications.getAppPackage(app.appId!) + expect(appPackageJson.screens).toBeDefined() + expect(appPackageJson.screens.length).toEqual(1) + }) + }) }) diff --git a/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts b/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts index 32820b8b7f..ea235d7cc7 100644 --- a/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts +++ b/qa-core/src/tests/internal-api/userManagement/userManagement.spec.ts @@ -5,86 +5,84 @@ import { generateUser } from "../../../config/internal-api/fixtures/userManageme import { User } from "@budibase/types" describe("Internal API - User Management & Permissions", () => { - const api = new InternalAPIClient() - const config = new TestConfiguration(api) + const api = new InternalAPIClient() + const config = new TestConfiguration(api) - // Before each test, login as admin. Some tests will require login as a different user - beforeEach(async () => { - await config.loginAsAdmin() - }) + // Before each test, login as admin. Some tests will require login as a different user + beforeEach(async () => { + await config.loginAsAdmin() + }) - afterAll(async () => { - await config.afterAll() - }) + afterAll(async () => { + await config.afterAll() + }) - it("Add Users with different roles", async () => { - await config.users.search() - await config.users.getRoles() + it("Add Users with different roles", async () => { + await config.users.search() + await config.users.getRoles() - const admin = generateUser(1, "admin") - expect(admin[0].builder?.global).toEqual(true) - expect(admin[0].admin?.global).toEqual(true) - const developer = generateUser(1, "developer") - expect(developer[0].builder?.global).toEqual(true) - const appUser = generateUser(1, "appUser") - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) + const admin = generateUser(1, "admin") + expect(admin[0].builder?.global).toEqual(true) + expect(admin[0].admin?.global).toEqual(true) + const developer = generateUser(1, "developer") + expect(developer[0].builder?.global).toEqual(true) + const appUser = generateUser(1, "appUser") + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) - const userList = [...admin, ...developer, ...appUser] + const userList = [...admin, ...developer, ...appUser] - await config.users.addMultiple(userList) + await config.users.addMultiple(userList) - const [allUsersResponse, allUsersJson] = await config.users.getAll() - expect(allUsersJson.length).toBeGreaterThan(0) + const [allUsersResponse, allUsersJson] = await config.users.getAll() + expect(allUsersJson.length).toBeGreaterThan(0) + }) + it("Delete User", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [userResponse, userJson] = await config.users.addMultiple(appUser) + const userId = userJson.created.successful[0]._id + await config.users.delete(userId) + }) + it("Reset Password", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [userResponse, userJson] = await config.users.addMultiple(appUser) + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + userJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + password: "newPassword", + } + await config.users.forcePasswordReset(body) + }) - }) - - it("Delete User", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [userResponse, userJson] = await config.users.addMultiple(appUser) - const userId = userJson.created.successful[0]._id - await config.users.delete(userId) - }) - - it("Reset Password", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [userResponse, userJson] = await config.users.addMultiple(appUser) - const [userInfoResponse, userInfoJson] = await config.users.getInfo(userJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - password: "newPassword" - - } - await config.users.forcePasswordReset(body) - }) - - it("Change User information", async () => { - const appUser = generateUser() - expect(appUser[0].builder?.global).toEqual(false) - expect(appUser[0].admin?.global).toEqual(false) - const [userResponse, userJson] = await config.users.addMultiple(appUser) - const [userInfoResponse, userInfoJson] = await config.users.getInfo(userJson.created.successful[0]._id) - const body: User = { - ...userInfoJson, - firstName: "newFirstName", - lastName: "newLastName", - builder: { - global: true - } - } - await config.users.updateInfo(body) - - const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(userJson.created.successful[0]._id) - expect(changedUserInfoJson.builder?.global).toBeDefined() - expect(changedUserInfoJson.builder?.global).toEqual(true) - }) - - + it("Change User information", async () => { + const appUser = generateUser() + expect(appUser[0].builder?.global).toEqual(false) + expect(appUser[0].admin?.global).toEqual(false) + const [userResponse, userJson] = await config.users.addMultiple(appUser) + const [userInfoResponse, userInfoJson] = await config.users.getInfo( + userJson.created.successful[0]._id + ) + const body: User = { + ...userInfoJson, + firstName: "newFirstName", + lastName: "newLastName", + builder: { + global: true, + }, + } + await config.users.updateInfo(body) + const [changedUserInfoResponse, changedUserInfoJson] = + await config.users.getInfo(userJson.created.successful[0]._id) + expect(changedUserInfoJson.builder?.global).toBeDefined() + expect(changedUserInfoJson.builder?.global).toEqual(true) + }) }) diff --git a/qa-core/src/tests/public-api/applications/applications.spec.ts b/qa-core/src/tests/public-api/applications/applications.spec.ts index ae0be01b75..cf85e6daf2 100644 --- a/qa-core/src/tests/public-api/applications/applications.spec.ts +++ b/qa-core/src/tests/public-api/applications/applications.spec.ts @@ -73,15 +73,15 @@ describe("Public API - /applications endpoints", () => { }) it("POST - unpublish an unpublished application", async () => { - const [response] = await config.applications.unpublish( - config.context._id - ) + const [response] = await config.applications.unpublish(config.context._id) expect(response).toHaveStatusCode(400) }) it("DELETE - delete a published application and the dev application", async () => { await config.applications.publish(config.context._id) - const [response, deletion] = await config.applications.delete(config.context._id) + const [response, deletion] = await config.applications.delete( + config.context._id + ) expect(response).toHaveStatusCode(200) expect(deletion._id).toEqual(config.context._id)