Add inheritance tests

2023-08-24 09:39:38 +02:00 · 2023-08-24 09:39:38 +02:00 · 972cc9916b
parent b380207064
commit 972cc9916b
2 changed files with 32 additions and 2 deletions
--- a/packages/server/src/api/routes/tests/permissions.spec.ts
+++ b/packages/server/src/api/routes/tests/permissions.spec.ts
@ -12,6 +12,7 @@ import {
  PermissionLevel,
  Row,
  Table,
+  ViewV2,
 } from "@budibase/types"
 import * as setup from "./utilities"

@ -27,6 +28,7 @@ describe("/permission", () => {
  let table: Table & { _id: string }
  let perms: Document[]
  let row: Row
+  let view: ViewV2

  afterAll(setup.afterAll)

@ -39,6 +41,7 @@ describe("/permission", () => {

    table = (await config.createTable()) as typeof table
    row = await config.createRow()
+    view = await config.api.viewV2.create({ tableId: table._id })
    perms = await config.api.permission.set({
      roleId: STD_ROLE_ID,
      resourceId: table._id,
@ -162,6 +165,29 @@ describe("/permission", () => {
      expect(res.body[0]._id).toEqual(row._id)
    })

+    it("should be able to access the view data when the table is set to public and with no view permissions overrides", async () => {
+      // replicate changes before checking permissions
+      await config.publish()
+
+      const res = await config.api.viewV2.search(view.id, undefined, {
+        usePublicUser: true,
+      })
+      expect(res.body.rows[0]._id).toEqual(row._id)
+    })
+
+    it("should be able to access the view data when the table is set to public and with no view permissions overrides", async () => {
+      await config.api.permission.revoke({
+        roleId: STD_ROLE_ID,
+        resourceId: table._id,
+        level: PermissionLevel.READ,
+      })
+
+      await config.api.viewV2.search(view.id, undefined, {
+        expectStatus: 403,
+        usePublicUser: true,
+      })
+    })
+
    it("shouldn't allow writing from a public user", async () => {
      const res = await request
        .post(`/api/${table._id}/rows`)
--- a/packages/server/src/tests/utilities/api/viewV2.ts
+++ b/packages/server/src/tests/utilities/api/viewV2.ts
@ -77,12 +77,16 @@ export class ViewV2API extends TestAPI {
  search = async (
    viewId: string,
    params?: SearchViewRowRequest,
-    { expectStatus } = { expectStatus: 200 }
+    { expectStatus = 200, usePublicUser = false } = {}
  ) => {
    return this.request
      .post(`/api/v2/views/${viewId}/search`)
      .send(params)
-      .set(this.config.defaultHeaders())
+      .set(
+        usePublicUser
+          ? this.config.publicHeaders()
+          : this.config.defaultHeaders()
+      )
      .expect("Content-Type", /json/)
      .expect(expectStatus)
  }