Add for app specific custom roles

This commit is contained in:
Pedro Silva 2022-12-16 18:17:30 +00:00
parent c0eb8c039a
commit 8cc8db7842
2 changed files with 327 additions and 17 deletions

View File

@ -1,5 +1,5 @@
import { Response } from "node-fetch" import { Response } from "node-fetch"
import { Role, User, UserDeletedEvent } from "@budibase/types" import { Role, User, UserDeletedEvent, UserRoles } from "@budibase/types"
import InternalAPIClient from "./InternalAPIClient" import InternalAPIClient from "./InternalAPIClient"
import { responseMessage } from "../fixtures/types/responseMessage" import { responseMessage } from "../fixtures/types/responseMessage"
@ -87,7 +87,6 @@ export default class UserManagementApi {
const response = await this.api.get(`/roles`) const response = await this.api.get(`/roles`)
const json = await response.json() const json = await response.json()
expect(response).toHaveStatusCode(200) expect(response).toHaveStatusCode(200)
expect(json.length).toEqual(4)
return [response, json] return [response, json]
} }
@ -124,4 +123,11 @@ export default class UserManagementApi {
expect(json._rev).not.toEqual(body._rev) expect(json._rev).not.toEqual(body._rev)
return [response, json] return [response, json]
} }
async createRole(body: Partial<UserRoles>): Promise<[Response, UserRoles]> {
const response = await this.api.post(`/roles`, { body })
const json = await response.json()
expect(response).toHaveStatusCode(200)
return [response, json]
}
} }

View File

@ -252,72 +252,376 @@ describe("Internal API - App Specific Roles & Permissions", () => {
}) })
it("Check Screen access for POWER role", async () => { it("Check Screen access for POWER role", async () => {
// Set up user
const appUser = generateUser() const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false) expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false) expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
// Create App
const app = await config.applications.create(generateApp()) const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId config.applications.api.appId = app.appId
// Update user roles
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const prodAppId = db.getProdAppID(app.appId!)
// Roles must always be set with prod appID
const body: User = { const body: User = {
...userInfoJson, ...userInfoJson,
roles: { roles: {
[app.appId!]: "POWER", [prodAppId]: "POWER",
} }
} }
await config.users.updateInfo(body) await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[app.appId!]).toBeDefined() expect(changedUserInfoJson.roles[prodAppId]).toBeDefined()
expect(changedUserInfoJson.roles[app.appId!]).toEqual("POWER") expect(changedUserInfoJson.roles[prodAppId]).toEqual("POWER")
await config.screen.create(generateScreen("BASIC")) await config.screen.create(generateScreen("BASIC"))
await config.screen.create(generateScreen("POWER")) await config.screen.create(generateScreen("POWER"))
await config.screen.create(generateScreen("ADMIN")) await config.screen.create(generateScreen("ADMIN"))
await config.applications.publish(<string>app.url) await config.applications.publish(<string>app.url)
const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(app.appId!) const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(<string>app.appId)
expect(firstappPackageJson.screens).toBeDefined() expect(firstappPackageJson.screens).toBeDefined()
expect(firstappPackageJson.screens.length).toEqual(3) expect(firstappPackageJson.screens.length).toEqual(3)
// login with POWER user
await config.login(appUser[0].email!, appUser[0].password!) await config.login(appUser[0].email!, appUser[0].password!)
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(<string>app.appId) const [selfInfoResponse, selfInfoJson] = await config.users.getSelf()
// fetch app package
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!)
expect(appPackageJson.screens).toBeDefined() expect(appPackageJson.screens).toBeDefined()
expect(appPackageJson.screens.length).toEqual(2) expect(appPackageJson.screens.length).toEqual(2)
}) })
it("Check Screen access for ADMIN role", async () => { it("Check Screen access for ADMIN role", async () => {
// Set up user
const appUser = generateUser() const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false) expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false) expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser) const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
// Create App
const app = await config.applications.create(generateApp()) const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId config.applications.api.appId = app.appId
// Update user roles
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const prodAppId = db.getProdAppID(app.appId!)
// Roles must always be set with prod appID
const body: User = { const body: User = {
...userInfoJson, ...userInfoJson,
roles: { roles: {
[<string>app.appId]: "ADMIN", [prodAppId]: "ADMIN",
} }
} }
await config.users.updateInfo(body) await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id) const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[<string>app.appId]).toBeDefined() expect(changedUserInfoJson.roles[prodAppId]).toBeDefined()
expect(changedUserInfoJson.roles[<string>app.appId]).toEqual("ADMIN") expect(changedUserInfoJson.roles[prodAppId]).toEqual("ADMIN")
await config.screen.create(generateScreen("BASIC"))
await config.screen.create(generateScreen("POWER"))
await config.screen.create(generateScreen("ADMIN"))
await config.applications.publish(<string>app.url)
const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(<string>app.appId)
expect(firstappPackageJson.screens).toBeDefined()
expect(firstappPackageJson.screens.length).toEqual(3)
// login with ADMIN user
await config.login(appUser[0].email!, appUser[0].password!)
const [selfInfoResponse, selfInfoJson] = await config.users.getSelf()
// fetch app package
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!)
expect(appPackageJson.screens).toBeDefined()
expect(appPackageJson.screens.length).toEqual(3)
}) })
}) })
describe.skip("Screen Access for custom roles", () => { describe("Screen Access for custom roles", () => {
it("Custom role access for level 1 permissions", async () => { }) it("Custom role access for level 1 permissions", async () => {
it("Custom role access for level 2 permissions", async () => { }) // Set up user
it("Custom role access for level 3 permissions", async () => { }) const appUser = generateUser()
it("Custom role access for level 4 permissions", async () => { }) expect(appUser[0].builder?.global).toEqual(false)
it("Custom role access for level 5 permissions", async () => { }) expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
// Create App
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
//Create level 1 role
const role = {
inherits: "BASIC",
permissionId: "public",
name: "level 1"
}
const [createRoleResponse, createRoleJson] = await config.users.createRole(role)
// Update user roles
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const prodAppId = db.getProdAppID(app.appId!)
// Roles must always be set with prod appID
const body: User = {
...userInfoJson,
roles: {
[prodAppId]: createRoleJson._id,
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[prodAppId]).toBeDefined()
expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id)
await config.screen.create(generateScreen("BASIC"))
await config.screen.create(generateScreen("POWER"))
await config.screen.create(generateScreen("ADMIN"))
await config.applications.publish(<string>app.url)
const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(<string>app.appId)
expect(firstappPackageJson.screens).toBeDefined()
expect(firstappPackageJson.screens.length).toEqual(3)
// login with level 1 user
await config.login(appUser[0].email!, appUser[0].password!)
const [selfInfoResponse, selfInfoJson] = await config.users.getSelf()
// fetch app package
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!)
expect(appPackageJson.screens).toBeDefined()
expect(appPackageJson.screens.length).toEqual(1)
})
it("Custom role access for level 2 permissions", async () => {// Set up user
const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
// Create App
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
//Create level 1 role
const role = {
inherits: "BASIC",
permissionId: "read_only",
name: "level 2"
}
const [createRoleResponse, createRoleJson] = await config.users.createRole(role)
// Update user roles
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const prodAppId = db.getProdAppID(app.appId!)
// Roles must always be set with prod appID
const body: User = {
...userInfoJson,
roles: {
[prodAppId]: createRoleJson._id,
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[prodAppId]).toBeDefined()
expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id)
await config.screen.create(generateScreen("BASIC"))
await config.screen.create(generateScreen("POWER"))
await config.screen.create(generateScreen("ADMIN"))
await config.applications.publish(<string>app.url)
const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(<string>app.appId)
expect(firstappPackageJson.screens).toBeDefined()
expect(firstappPackageJson.screens.length).toEqual(3)
// login with level 1 user
await config.login(appUser[0].email!, appUser[0].password!)
const [selfInfoResponse, selfInfoJson] = await config.users.getSelf()
// fetch app package
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!)
expect(appPackageJson.screens).toBeDefined()
expect(appPackageJson.screens.length).toEqual(1)
})
it("Custom role access for level 3 permissions", async () => {
const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
// Create App
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
//Create level 1 role
const role = {
inherits: "BASIC",
permissionId: "write",
name: "level 3"
}
const [createRoleResponse, createRoleJson] = await config.users.createRole(role)
// Update user roles
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const prodAppId = db.getProdAppID(app.appId!)
// Roles must always be set with prod appID
const body: User = {
...userInfoJson,
roles: {
[prodAppId]: createRoleJson._id,
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[prodAppId]).toBeDefined()
expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id)
await config.screen.create(generateScreen("BASIC"))
await config.screen.create(generateScreen("POWER"))
await config.screen.create(generateScreen("ADMIN"))
await config.applications.publish(<string>app.url)
const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(<string>app.appId)
expect(firstappPackageJson.screens).toBeDefined()
expect(firstappPackageJson.screens.length).toEqual(3)
// login with level 1 user
await config.login(appUser[0].email!, appUser[0].password!)
const [selfInfoResponse, selfInfoJson] = await config.users.getSelf()
// fetch app package
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!)
expect(appPackageJson.screens).toBeDefined()
expect(appPackageJson.screens.length).toEqual(1)
})
it("Custom role access for level 4 permissions", async () => {
const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
// Create App
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
//Create level 1 role
const role = {
inherits: "BASIC",
permissionId: "power",
name: "level 4"
}
const [createRoleResponse, createRoleJson] = await config.users.createRole(role)
// Update user roles
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const prodAppId = db.getProdAppID(app.appId!)
// Roles must always be set with prod appID
const body: User = {
...userInfoJson,
roles: {
[prodAppId]: createRoleJson._id,
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[prodAppId]).toBeDefined()
expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id)
await config.screen.create(generateScreen("BASIC"))
await config.screen.create(generateScreen("POWER"))
await config.screen.create(generateScreen("ADMIN"))
await config.applications.publish(<string>app.url)
const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(<string>app.appId)
expect(firstappPackageJson.screens).toBeDefined()
expect(firstappPackageJson.screens.length).toEqual(3)
// login with level 1 user
await config.login(appUser[0].email!, appUser[0].password!)
const [selfInfoResponse, selfInfoJson] = await config.users.getSelf()
// fetch app package
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!)
expect(appPackageJson.screens).toBeDefined()
expect(appPackageJson.screens.length).toEqual(1)
})
it("Custom role access for level 5 permissions", async () => {
const appUser = generateUser()
expect(appUser[0].builder?.global).toEqual(false)
expect(appUser[0].admin?.global).toEqual(false)
const [createUserResponse, createUserJson] = await config.users.addMultiple(appUser)
// Create App
const app = await config.applications.create(generateApp())
config.applications.api.appId = app.appId
//Create level 1 role
const role = {
inherits: "BASIC",
permissionId: "admin",
name: "level 5"
}
const [createRoleResponse, createRoleJson] = await config.users.createRole(role)
// Update user roles
const [userInfoResponse, userInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
const prodAppId = db.getProdAppID(app.appId!)
// Roles must always be set with prod appID
const body: User = {
...userInfoJson,
roles: {
[prodAppId]: createRoleJson._id,
}
}
await config.users.updateInfo(body)
const [changedUserInfoResponse, changedUserInfoJson] = await config.users.getInfo(createUserJson.created.successful[0]._id)
expect(changedUserInfoJson.roles[prodAppId]).toBeDefined()
expect(changedUserInfoJson.roles[prodAppId]).toEqual(createRoleJson._id)
await config.screen.create(generateScreen("BASIC"))
await config.screen.create(generateScreen("POWER"))
await config.screen.create(generateScreen("ADMIN"))
await config.applications.publish(<string>app.url)
const [firstappPackageResponse, firstappPackageJson] = await config.applications.getAppPackage(<string>app.appId)
expect(firstappPackageJson.screens).toBeDefined()
expect(firstappPackageJson.screens.length).toEqual(3)
// login with level 1 user
await config.login(appUser[0].email!, appUser[0].password!)
const [selfInfoResponse, selfInfoJson] = await config.users.getSelf()
// fetch app package
const [appPackageResponse, appPackageJson] = await config.applications.getAppPackage(app.appId!)
expect(appPackageJson.screens).toBeDefined()
expect(appPackageJson.screens.length).toEqual(1)
})
}) })
}) })