import {setupApphierarchy, basicAppHierarchyCreator_WithFields} from "./specHelpers"; import { permissionTypes, ACCESS_LEVELS_FILE, ACCESS_LEVELS_LOCK_FILE} from "../src/authApi/authCommon"; import {permission} from "../src/authApi/permissions"; import {cloneDeep} from "lodash/fp"; import {getLock} from "../src/common/lock"; describe("getNewAccessLevel", () => { it("should create item with correct properties", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const accLev = authApi.getNewAccessLevel(); expect(accLev.name).toBe(""); expect(accLev.permissions).toEqual([]); }); }); describe("validateAccessLevels", () => { it("should return no errors with valid access level", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const accessLevel = validAccessLevel(authApi); const errs = authApi.validateAccessLevels([accessLevel]); expect(errs).toEqual([]); }); it("should error when access level name not set", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const accessLevel = validAccessLevel(authApi); accessLevel.name = ""; const errs = authApi.validateAccessLevels([accessLevel]); expect(errs.length).toEqual(1); expect(errs[0].field).toBe("name"); }); it("should error when 2 access levels with the same name", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const accessLevel1 = validAccessLevel(authApi); const accessLevel2 = validAccessLevel(authApi); const errs = authApi.validateAccessLevels([accessLevel1, accessLevel2]); expect(errs.length).toEqual(2); expect(errs[0].field).toBe("name"); expect(errs[0].item).toBe(accessLevel1); expect(errs[1].field).toBe("name"); expect(errs[1].item).toBe(accessLevel2); }); it("should error when permission is not recognised", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const accessLevel = validAccessLevel(authApi); accessLevel.permissions[0].type = "not valid"; const errs = authApi.validateAccessLevels([accessLevel]); expect(errs.length).toEqual(1); expect(errs[0].field).toBe("type"); expect(errs[0].item).toBe(accessLevel.permissions[0]); }); it("should error when record permision has invalid nodeKey", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const accessLevel = validAccessLevel(authApi); accessLevel.permissions[0].type = permissionTypes.CREATE_RECORD; accessLevel.permissions[0].nodeKey = "nota a valid node key"; const errs = authApi.validateAccessLevels([accessLevel]); expect(errs.length).toEqual(1); expect(errs[0].field).toBe("nodeKey"); expect(errs[0].item).toBe(accessLevel.permissions[0]); }); }); describe("save and load access level", () => { it("should save and load valid access levels", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); await authApi.saveAccessLevels(levels); const loadedLevels = await authApi.loadAccessLevels(); expect(loadedLevels.levels.length).toBe(2); expect(loadedLevels.levels[0].name).toBe("level 1"); expect(loadedLevels.levels[1].name).toBe("level 2"); expect(loadedLevels.version).toBe(1); }); it("should not save invalid access levels", async () => { const {authApi} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); levels.levels[0].name = ""; let e; try { await authApi.saveAccessLevels(levels); } catch(ex) { e = ex; } expect(e).toBeDefined(); const loadedLevels = await authApi.loadAccessLevels(); expect(loadedLevels.levels.length).toBe(0); expect(loadedLevels.version).toBe(0); }); it("should not save access level when version has increased since loading", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); const updatedLevels = cloneDeep(levels); updatedLevels.version = 1; await app.datastore.updateJson(ACCESS_LEVELS_FILE, updatedLevels); let e; try { await authApi.saveAccessLevels(levels); } catch(ex) { e = ex; } expect(e).toBeDefined(); const loadedLevels = await authApi.loadAccessLevels(); expect(loadedLevels.levels.length).toBe(2); expect(loadedLevels.version).toBe(1); }); it("should not save access level when locked", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); await getLock(app, ACCESS_LEVELS_LOCK_FILE, 10000, 0,0); let e; try { await authApi.saveAccessLevels(levels); } catch(ex) { e = ex; } expect(e).toBeDefined(); const loadedLevels = await authApi.loadAccessLevels(); expect(loadedLevels.levels.length).toBe(0); expect(loadedLevels.version).toBe(0); }); it("save should throw error when user user does not have permission", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); app.removePermission(permission.writeAccessLevels.get()); expect(authApi.saveAccessLevels(levels)).rejects.toThrow(/Unauthorized/); }); it("save should not depend on having any other permissions", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); app.withOnlyThisPermission(permission.writeAccessLevels.get()); await authApi.saveAccessLevels(levels) }); it("load should throw error when user user does not have permission", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); await authApi.saveAccessLevels(levels) app.removePermission(permission.listAccessLevels.get()); expect(authApi.loadAccessLevels()).rejects.toThrow(/Unauthorized/); }); it("load should not depend on having any other permissions", async () => { const {authApi, app} = await setupApphierarchy(basicAppHierarchyCreator_WithFields); const levels = validAccessLevels(authApi); await authApi.saveAccessLevels(levels) app.withOnlyThisPermission(permission.listAccessLevels.get()); await authApi.loadAccessLevels(); }); }); const validAccessLevels = (authApi) => { const accessLevel1 = validAccessLevel(authApi); accessLevel1.name = "level 1"; const accessLevel2 = validAccessLevel(authApi); accessLevel2.name = "level 2"; return {version:0, levels: [accessLevel1, accessLevel2]}; } const validAccessLevel = (authApi) => { const lev = authApi.getNewAccessLevel(); lev.name = "test level"; permission.writeTemplates.add(lev); return lev; }