MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

changin syntax to permission function

This commit is contained in:
Mateus Badan de Pieri 2023-04-17 10:04:50 +01:00
parent 643ca614a4
commit de968b5332
1 changed files with 66 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
packages/backend-core/src/security/tests/permissions.spec.ts
View File

@ -1,132 +1,145 @@
import { cloneDeep } from "lodash" import { cloneDeep } from "lodash"
import { import * as permissions from "../permissions"
doesHaveBasePermission,
getBuiltinPermissionByID,
isPermissionLevelHigherThanRead,
PermissionLevel,
PermissionType,
levelToNumber,
getAllowedLevels,
BuiltinPermissionID,
getBuiltinPermissions,
BUILTIN_PERMISSIONS,
Permission,
} from "../permissions"
import { BUILTIN_ROLE_IDS } from "../roles" import { BUILTIN_ROLE_IDS } from "../roles"
describe("levelToNumber", () => { describe("levelToNumber", () => {
it("should return 0 for EXECUTE", () => { it("should return 0 for EXECUTE", () => {
expect(levelToNumber(PermissionLevel.EXECUTE)).toBe(0) expect(permissions.levelToNumber(permissions.PermissionLevel.EXECUTE)).toBe(
0
)
}) })
it("should return 1 for READ", () => { it("should return 1 for READ", () => {
expect(levelToNumber(PermissionLevel.READ)).toBe(1) expect(permissions.levelToNumber(permissions.PermissionLevel.READ)).toBe(1)
}) })
it("should return 2 for WRITE", () => { it("should return 2 for WRITE", () => {
expect(levelToNumber(PermissionLevel.WRITE)).toBe(2) expect(permissions.levelToNumber(permissions.PermissionLevel.WRITE)).toBe(2)
}) })
it("should return 3 for ADMIN", () => { it("should return 3 for ADMIN", () => {
expect(levelToNumber(PermissionLevel.ADMIN)).toBe(3) expect(permissions.levelToNumber(permissions.PermissionLevel.ADMIN)).toBe(3)
}) })
it("should return -1 for an unknown permission level", () => { it("should return -1 for an unknown permission level", () => {
expect(levelToNumber("unknown" as PermissionLevel)).toBe(-1) expect(
permissions.levelToNumber("unknown" as permissions.PermissionLevel)
).toBe(-1)
}) })
}) })
describe("getAllowedLevels", () => { describe("getAllowedLevels", () => {
it('should return ["execute"] for EXECUTE', () => { it('should return ["execute"] for EXECUTE', () => {
expect(getAllowedLevels(PermissionLevel.EXECUTE)).toEqual([ expect(
PermissionLevel.EXECUTE, permissions.getAllowedLevels(permissions.PermissionLevel.EXECUTE)
]) ).toEqual([permissions.PermissionLevel.EXECUTE])
}) })
it('should return ["execute", "read"] for READ', () => { it('should return ["execute", "read"] for READ', () => {
expect(getAllowedLevels(PermissionLevel.READ)).toEqual([ expect(
PermissionLevel.EXECUTE, permissions.getAllowedLevels(permissions.PermissionLevel.READ)
PermissionLevel.READ, ).toEqual([
permissions.PermissionLevel.EXECUTE,
permissions.PermissionLevel.READ,
]) ])
}) })
it('should return ["execute", "read", "write"] for WRITE', () => { it('should return ["execute", "read", "write"] for WRITE', () => {
expect(getAllowedLevels(PermissionLevel.WRITE)).toEqual([ expect(
PermissionLevel.EXECUTE, permissions.getAllowedLevels(permissions.PermissionLevel.WRITE)
PermissionLevel.READ, ).toEqual([
PermissionLevel.WRITE, permissions.PermissionLevel.EXECUTE,
permissions.PermissionLevel.READ,
permissions.PermissionLevel.WRITE,
]) ])
}) })
it('should return ["execute", "read", "write"] for ADMIN', () => { it('should return ["execute", "read", "write"] for ADMIN', () => {
expect(getAllowedLevels(PermissionLevel.ADMIN)).toEqual([ expect(
PermissionLevel.EXECUTE, permissions.getAllowedLevels(permissions.PermissionLevel.ADMIN)
PermissionLevel.READ, ).toEqual([
PermissionLevel.WRITE, permissions.PermissionLevel.EXECUTE,
permissions.PermissionLevel.READ,
permissions.PermissionLevel.WRITE,
]) ])
}) })
it("should return [] for an unknown permission level", () => { it("should return [] for an unknown permission level", () => {
expect(getAllowedLevels("unknown" as PermissionLevel)).toEqual([]) expect(
permissions.getAllowedLevels("unknown" as permissions.PermissionLevel)
).toEqual([])
}) })
}) })
describe("doesHaveBasePermission", () => { describe("doesHaveBasePermission", () => {
it("should return true if base permission has the required level", () => { it("should return true if base permission has the required level", () => {
const permType = PermissionType.USER const permType = permissions.PermissionType.USER
const permLevel = PermissionLevel.READ const permLevel = permissions.PermissionLevel.READ
const rolesHierarchy = [ const rolesHierarchy = [
{ {
roleId: BUILTIN_ROLE_IDS.ADMIN, roleId: BUILTIN_ROLE_IDS.ADMIN,
permissionId: BuiltinPermissionID.ADMIN, permissionId: permissions.BuiltinPermissionID.ADMIN,
}, },
] ]
expect(doesHaveBasePermission(permType, permLevel, rolesHierarchy)).toBe( expect(
true permissions.doesHaveBasePermission(permType, permLevel, rolesHierarchy)
) ).toBe(true)
}) })
it("should return false if base permission does not have the required level", () => { it("should return false if base permission does not have the required level", () => {
const permType = PermissionType.APP const permType = permissions.PermissionType.APP
const permLevel = PermissionLevel.READ const permLevel = permissions.PermissionLevel.READ
const rolesHierarchy = [ const rolesHierarchy = [
{ {
roleId: BUILTIN_ROLE_IDS.PUBLIC, roleId: BUILTIN_ROLE_IDS.PUBLIC,
permissionId: BuiltinPermissionID.PUBLIC, permissionId: permissions.BuiltinPermissionID.PUBLIC,
}, },
] ]
expect(doesHaveBasePermission(permType, permLevel, rolesHierarchy)).toBe( expect(
false permissions.doesHaveBasePermission(permType, permLevel, rolesHierarchy)
) ).toBe(false)
}) })
}) })
describe("isPermissionLevelHigherThanRead", () => { describe("isPermissionLevelHigherThanRead", () => {
it("should return true if level is higher than read", () => { it("should return true if level is higher than read", () => {
expect(isPermissionLevelHigherThanRead(PermissionLevel.WRITE)).toBe(true) expect(
permissions.isPermissionLevelHigherThanRead(
permissions.PermissionLevel.WRITE
)
).toBe(true)
}) })
it("should return false if level is read or lower", () => { it("should return false if level is read or lower", () => {
expect(isPermissionLevelHigherThanRead(PermissionLevel.READ)).toBe(false) expect(
permissions.isPermissionLevelHigherThanRead(
permissions.PermissionLevel.READ
)
).toBe(false)
}) })
}) })
describe("getBuiltinPermissions", () => { describe("getBuiltinPermissions", () => {
it("returns a clone of the builtin permissions", () => { it("returns a clone of the builtin permissions", () => {
const builtins = getBuiltinPermissions() const builtins = permissions.getBuiltinPermissions()
expect(builtins).toEqual(cloneDeep(BUILTIN_PERMISSIONS)) expect(builtins).toEqual(cloneDeep(permissions.BUILTIN_PERMISSIONS))
expect(builtins).not.toBe(BUILTIN_PERMISSIONS) expect(builtins).not.toBe(permissions.BUILTIN_PERMISSIONS)
}) })
}) })
describe("getBuiltinPermissionByID", () => { describe("getBuiltinPermissionByID", () => {
it("returns correct permission object for valid ID", () => { it("returns correct permission object for valid ID", () => {
const expectedPermission = { const expectedPermission = {
_id: BuiltinPermissionID.PUBLIC, _id: permissions.BuiltinPermissionID.PUBLIC,
name: "Public", name: "Public",
permissions: [ permissions: [
new Permission(PermissionType.WEBHOOK, PermissionLevel.EXECUTE), new permissions.Permission(
permissions.PermissionType.WEBHOOK,
permissions.PermissionLevel.EXECUTE
),
], ],
} }
expect(getBuiltinPermissionByID("public")).toEqual(expectedPermission) expect(permissions.getBuiltinPermissionByID("public")).toEqual(
expectedPermission
)
}) })
}) })