Test adding when forbidden

This commit is contained in:
Adria Navarro 2023-08-22 10:26:46 +03:00
parent f1232eac90
commit 96f9a34136
2 changed files with 39 additions and 11 deletions

View File

@ -1,14 +1,18 @@
import * as permissionSdk from "../../../sdk/app/permissions"
jest.mock(
"../../../sdk/app/permissions",
(): jest.Mocked<typeof permissionSdk> => ({
const mockedSdk = sdk.permissions as jest.Mocked<typeof sdk.permissions>
jest.mock("../../../sdk/app/permissions", () => ({
resourceActionAllowed: jest.fn(),
})
)
const mockedSdk = permissionSdk as jest.Mocked<typeof permissionSdk>
}))
import sdk from "../../../sdk"
import { roles } from "@budibase/backend-core"
import { Document, Row, Table } from "@budibase/types"
import {
Document,
DocumentType,
PermissionLevel,
Row,
Table,
} from "@budibase/types"
import * as setup from "./utilities"
const { basicRow } = setup.structures
@ -78,7 +82,11 @@ describe("/permission", () => {
})
it("should get resource permissions with multiple roles", async () => {
perms = await config.addPermission(HIGHER_ROLE_ID, table._id, "write")
perms = await config.addPermission(
HIGHER_ROLE_ID,
table._id,
PermissionLevel.WRITE
)
const res = await getTablePermissions()
expect(res.body["read"]).toEqual(STD_ROLE_ID)
expect(res.body["write"]).toEqual(HIGHER_ROLE_ID)
@ -90,6 +98,26 @@ describe("/permission", () => {
expect(allRes.body[table._id]["write"]).toEqual(HIGHER_ROLE_ID)
expect(allRes.body[table._id]["read"]).toEqual(STD_ROLE_ID)
})
it("throw forbidden if the action is not allowed for the resource", async () => {
mockedSdk.resourceActionAllowed.mockResolvedValue({
allowed: false,
resourceType: DocumentType.DATASOURCE,
level: PermissionLevel.READ,
})
const response = await config.api.permission.create(
{
roleId: STD_ROLE_ID,
resourceId: table._id,
level: PermissionLevel.EXECUTE,
},
{ expectStatus: 403 }
)
expect(response.message).toEqual(
"You are not allowed to 'read' the resource type 'datasource'"
)
})
})
describe("remove", () => {

View File

@ -14,7 +14,7 @@ export class PermissionAPI extends TestAPI {
level,
}: { roleId: string; resourceId: string; level: PermissionLevel },
{ expectStatus } = { expectStatus: 200 }
): Promise<AnyDocument[]> => {
): Promise<any> => {
const res = await this.request
.post(`/api/permission/${roleId}/${resourceId}/${level}`)
.set(this.config.defaultHeaders())