MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add inheritance tests

This commit is contained in:
Adria Navarro 2023-08-24 09:39:38 +02:00
parent b380207064
commit 972cc9916b
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
packages/server/src/api/routes/tests/permissions.spec.ts
View File

@ -12,6 +12,7 @@ import {
PermissionLevel, PermissionLevel,
Row, Row,
Table, Table,
ViewV2,
} from "@budibase/types" } from "@budibase/types"
import * as setup from "./utilities" import * as setup from "./utilities"
@ -27,6 +28,7 @@ describe("/permission", () => {
let table: Table & { _id: string } let table: Table & { _id: string }
let perms: Document[] let perms: Document[]
let row: Row let row: Row
let view: ViewV2
afterAll(setup.afterAll) afterAll(setup.afterAll)
@ -39,6 +41,7 @@ describe("/permission", () => {
table = (await config.createTable()) as typeof table table = (await config.createTable()) as typeof table
row = await config.createRow() row = await config.createRow()
view = await config.api.viewV2.create({ tableId: table._id })
perms = await config.api.permission.set({ perms = await config.api.permission.set({
roleId: STD_ROLE_ID, roleId: STD_ROLE_ID,
resourceId: table._id, resourceId: table._id,
@ -162,6 +165,29 @@ describe("/permission", () => {
expect(res.body[0]._id).toEqual(row._id) expect(res.body[0]._id).toEqual(row._id)
}) })
it("should be able to access the view data when the table is set to public and with no view permissions overrides", async () => {
// replicate changes before checking permissions
await config.publish()
const res = await config.api.viewV2.search(view.id, undefined, {
usePublicUser: true,
})
expect(res.body.rows[0]._id).toEqual(row._id)
})
it("should be able to access the view data when the table is set to public and with no view permissions overrides", async () => {
await config.api.permission.revoke({
roleId: STD_ROLE_ID,
resourceId: table._id,
level: PermissionLevel.READ,
})
await config.api.viewV2.search(view.id, undefined, {
expectStatus: 403,
usePublicUser: true,
})
})
it("shouldn't allow writing from a public user", async () => { it("shouldn't allow writing from a public user", async () => {
const res = await request const res = await request
.post(`/api/${table._id}/rows`) .post(`/api/${table._id}/rows`)

8
packages/server/src/tests/utilities/api/viewV2.ts
View File

@ -77,12 +77,16 @@ export class ViewV2API extends TestAPI {
search = async ( search = async (
viewId: string, viewId: string,
params?: SearchViewRowRequest, params?: SearchViewRowRequest,
{ expectStatus } = { expectStatus: 200 } { expectStatus = 200, usePublicUser = false } = {}
) => { ) => {
return this.request return this.request
.post(`/api/v2/views/${viewId}/search`) .post(`/api/v2/views/${viewId}/search`)
.send(params) .send(params)
.set(this.config.defaultHeaders()) .set(
usePublicUser
? this.config.publicHeaders()
: this.config.defaultHeaders()
)
.expect("Content-Type", /json/) .expect("Content-Type", /json/)
.expect(expectStatus) .expect(expectStatus)
} }