MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding test cases.

This commit is contained in:
mike12345567 2024-10-22 13:54:54 +01:00
parent 00fe28e557
commit f3d54f1b7d
3 changed files with 52 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
packages/backend-core/src/security/roles.ts
View File

@ -213,6 +213,22 @@ export function getBuiltinRole(roleId: string): Role | undefined {
return cloneDeep(role) return cloneDeep(role)
} }
export function validInherits(
allRoles: RoleDoc[],
inherits?: string | string[]
): boolean {
if (!inherits) {
return false
}
const find = (id: string) => allRoles.find(r => compareRoleIds(r._id!, id))
if (Array.isArray(inherits)) {
const filtered = inherits.filter(roleId => find(roleId))
return inherits.length !== 0 && filtered.length === inherits.length
} else {
return !!find(inherits)
}
}
/** /**
* Works through the inheritance ranks to see how far up the builtin stack this ID is. * Works through the inheritance ranks to see how far up the builtin stack this ID is.
*/ */

13
packages/server/src/api/controllers/role.ts
View File

@ -18,10 +18,12 @@ import {
UserCtx, UserCtx,
UserMetadata, UserMetadata,
DocumentType, DocumentType,
PermissionLevel,
} from "@budibase/types" } from "@budibase/types"
import { RoleColor, sdk as sharedSdk, helpers } from "@budibase/shared-core" import { RoleColor, sdk as sharedSdk, helpers } from "@budibase/shared-core"
import sdk from "../../sdk" import sdk from "../../sdk"
import { builderSocket } from "../../websockets" import { builderSocket } from "../../websockets"
import { validInherits } from "@budibase/backend-core/src/security/roles"
const UpdateRolesOptions = { const UpdateRolesOptions = {
CREATED: "created", CREATED: "created",
@ -125,6 +127,17 @@ export async function save(ctx: UserCtx<SaveRoleRequest, SaveRoleResponse>) {
ctx.throw(400, "Cannot change custom role name") ctx.throw(400, "Cannot change custom role name")
} }
// custom roles should always inherit basic - if they don't inherit anything else
if (!inherits && roles.validInherits(allRoles, dbRole?.inherits)) {
inherits = dbRole?.inherits
} else if (!roles.validInherits(allRoles, inherits)) {
inherits = [roles.BUILTIN_ROLE_IDS.BASIC]
}
// assume write permission level for newly created roles
if (isCreate && !permissionId) {
permissionId = PermissionLevel.WRITE
}
const role = new roles.Role(_id, name, permissionId, { const role = new roles.Role(_id, name, permissionId, {
displayName: uiMetadata?.displayName || name, displayName: uiMetadata?.displayName || name,
description: uiMetadata?.description || "Custom role", description: uiMetadata?.description || "Custom role",

23
packages/server/src/api/routes/tests/role.spec.ts
View File

@ -38,6 +38,16 @@ describe("/roles", () => {
_id: dbCore.prefixRoleID(res._id!), _id: dbCore.prefixRoleID(res._id!),
}) })
}) })
it("handle a role with no inherits", async () => {
const role = basicRole()
role.inherits = []
const res = await config.api.roles.save(role, {
status: 200,
})
expect(res.inherits).toEqual([BUILTIN_ROLE_IDS.BASIC])
})
}) })
describe("update", () => { describe("update", () => {
@ -149,6 +159,19 @@ describe("/roles", () => {
{ status: 400, body: { message: LOOP_ERROR } } { status: 400, body: { message: LOOP_ERROR } }
) )
}) })
it("handle updating a role, without its inherits", async () => {
const res = await config.api.roles.save({
...basicRole(),
inherits: [BUILTIN_ROLE_IDS.ADMIN],
})
// save again
const updatedRes = await config.api.roles.save({
...res,
inherits: undefined,
})
expect(updatedRes.inherits).toEqual([BUILTIN_ROLE_IDS.ADMIN])
})
}) })
describe("fetch", () => { describe("fetch", () => {