Add unhappy paths tests

This commit is contained in:
Adria Navarro 2023-08-24 11:23:30 +02:00
parent 84a6f239a9
commit 8359185a22
2 changed files with 58 additions and 9 deletions

View File

@ -82,8 +82,14 @@ const resourceIdTranformers: Partial<
> = {
[PermissionType.VIEW]: async ctx => {
const { resourceId } = ctx
if (!resourceId) {
ctx.throw(400, `Cannot obtain the view id`)
return
}
if (!isViewID(resourceId)) {
ctx.throw(400, `"${resourceId}" is not a valid viewId`)
ctx.throw(400, `"${resourceId}" is not a valid view id`)
return
}
if (await features.isViewPermissionEnabled()) {
@ -121,17 +127,17 @@ const authorized =
permLevel === PermissionLevel.READ
? PermissionLevel.WRITE
: PermissionLevel.READ
const appId = context.getAppId()
if (resourcePath) {
// Reusing the existing middleware to extract the value
paramResource(resourcePath)(ctx, () => {})
}
if (appId && hasResource(ctx)) {
if (resourceIdTranformers[permType]) {
await resourceIdTranformers[permType]!(ctx)
}
if (hasResource(ctx)) {
resourceRoles = await roles.getRequiredResourceRole(permLevel!, ctx)
if (opts && opts.schema) {
otherLevelRoles = await roles.getRequiredResourceRole(otherLevel, ctx)

View File

@ -3,13 +3,16 @@ jest.mock("../../environment", () => ({
isTest: () => true,
// @ts-ignore
isProd: () => this.prod,
_set: function (key: string, value: string) {
_set: function (_key: string, value: string) {
this.prod = value === "production"
},
}))
import { PermissionType, PermissionLevel } from "@budibase/types"
import authorizedMiddleware from "../authorized"
import env from "../../environment"
import { PermissionType, PermissionLevel } from "@budibase/types"
import { generateTableID, generateViewID } from "../../db/utils"
const APP_ID = ""
@ -51,7 +54,7 @@ class TestConfiguration {
this.middleware = authorizedMiddleware(...perms)
}
setResourceId(id: string) {
setResourceId(id?: string) {
this.ctx.resourceId = id
}
@ -85,6 +88,7 @@ describe("Authorization middleware", () => {
})
beforeEach(() => {
jest.clearAllMocks()
config = new TestConfiguration()
})
@ -172,5 +176,44 @@ describe("Authorization middleware", () => {
"User does not have permission"
)
})
describe("view type", () => {
const tableId = generateTableID()
const viewId = generateViewID(tableId)
beforeEach(() => {
config.setMiddlewareRequiredPermission(
PermissionType.VIEW,
PermissionLevel.READ
)
config.setResourceId(viewId)
config.setUser({
role: {
_id: "",
},
})
})
it("throw an exception if the resource id is not provided", async () => {
config.setResourceId(undefined)
await config.executeMiddleware()
expect(config.throw).toHaveBeenNthCalledWith(
1,
400,
"Cannot obtain the view id"
)
})
it("throw an exception if the resource id is not a valid view id", async () => {
config.setResourceId(tableId)
await config.executeMiddleware()
expect(config.throw).toHaveBeenNthCalledWith(
1,
400,
`"${tableId}" is not a valid view id`
)
})
})
})
})