budibase/packages/core/test/authApi.createAccessLevels....

215 lines
7.1 KiB
JavaScript

import {
setupApphierarchy,
basicAppHierarchyCreator_WithFields,
} from "./specHelpers"
import {
permissionTypes,
ACCESS_LEVELS_FILE,
ACCESS_LEVELS_LOCK_FILE,
} from "../src/authApi/authCommon"
import { permission } from "../src/authApi/permissions"
import { cloneDeep } from "lodash/fp"
import { getLock } from "../src/common/lock"
describe("getNewAccessLevel", () => {
it("should create item with correct properties", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const accLev = authApi.getNewAccessLevel()
expect(accLev.name).toBe("")
expect(accLev.permissions).toEqual([])
})
})
describe("validateAccessLevels", () => {
it("should return no errors with valid access level", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const accessLevel = validAccessLevel(authApi)
const errs = authApi.validateAccessLevels([accessLevel])
expect(errs).toEqual([])
})
it("should error when access level name not set", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const accessLevel = validAccessLevel(authApi)
accessLevel.name = ""
const errs = authApi.validateAccessLevels([accessLevel])
expect(errs.length).toEqual(1)
expect(errs[0].field).toBe("name")
})
it("should error when 2 access levels with the same name", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const accessLevel1 = validAccessLevel(authApi)
const accessLevel2 = validAccessLevel(authApi)
const errs = authApi.validateAccessLevels([accessLevel1, accessLevel2])
expect(errs.length).toEqual(2)
expect(errs[0].field).toBe("name")
expect(errs[0].item).toBe(accessLevel1)
expect(errs[1].field).toBe("name")
expect(errs[1].item).toBe(accessLevel2)
})
it("should error when permission is not recognised", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const accessLevel = validAccessLevel(authApi)
accessLevel.permissions[0].type = "not valid"
const errs = authApi.validateAccessLevels([accessLevel])
expect(errs.length).toEqual(1)
expect(errs[0].field).toBe("type")
expect(errs[0].item).toBe(accessLevel.permissions[0])
})
it("should error when record permision has invalid nodeKey", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const accessLevel = validAccessLevel(authApi)
accessLevel.permissions[0].type = permissionTypes.CREATE_RECORD
accessLevel.permissions[0].nodeKey = "nota a valid node key"
const errs = authApi.validateAccessLevels([accessLevel])
expect(errs.length).toEqual(1)
expect(errs[0].field).toBe("nodeKey")
expect(errs[0].item).toBe(accessLevel.permissions[0])
})
})
describe("save and load access level", () => {
it("should save and load valid access levels", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
await authApi.saveAccessLevels(levels)
const loadedLevels = await authApi.loadAccessLevels()
expect(loadedLevels.levels.length).toBe(2)
expect(loadedLevels.levels[0].name).toBe("level 1")
expect(loadedLevels.levels[1].name).toBe("level 2")
expect(loadedLevels.version).toBe(1)
})
it("should not save invalid access levels", async () => {
const { authApi } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
levels.levels[0].name = ""
let e
try {
await authApi.saveAccessLevels(levels)
} catch (ex) {
e = ex
}
expect(e).toBeDefined()
const loadedLevels = await authApi.loadAccessLevels()
expect(loadedLevels.levels.length).toBe(0)
expect(loadedLevels.version).toBe(0)
})
it("should not save access level when version has increased since loading", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
const updatedLevels = cloneDeep(levels)
updatedLevels.version = 1
await app.datastore.updateJson(ACCESS_LEVELS_FILE, updatedLevels)
let e
try {
await authApi.saveAccessLevels(levels)
} catch (ex) {
e = ex
}
expect(e).toBeDefined()
const loadedLevels = await authApi.loadAccessLevels()
expect(loadedLevels.levels.length).toBe(2)
expect(loadedLevels.version).toBe(1)
})
it("should not save access level when locked", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
await getLock(app, ACCESS_LEVELS_LOCK_FILE, 10000, 0, 0)
let e
try {
await authApi.saveAccessLevels(levels)
} catch (ex) {
e = ex
}
expect(e).toBeDefined()
const loadedLevels = await authApi.loadAccessLevels()
expect(loadedLevels.levels.length).toBe(0)
expect(loadedLevels.version).toBe(0)
})
it("save should throw error when user user does not have permission", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
app.removePermission(permission.writeAccessLevels.get())
expect(authApi.saveAccessLevels(levels)).rejects.toThrow(/Unauthorized/)
})
it("save should not depend on having any other permissions", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
app.withOnlyThisPermission(permission.writeAccessLevels.get())
await authApi.saveAccessLevels(levels)
})
it("load should throw error when user user does not have permission", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
await authApi.saveAccessLevels(levels)
app.removePermission(permission.listAccessLevels.get())
expect(authApi.loadAccessLevels()).rejects.toThrow(/Unauthorized/)
})
it("load should not depend on having any other permissions", async () => {
const { authApi, app } = await setupApphierarchy(
basicAppHierarchyCreator_WithFields
)
const levels = validAccessLevels(authApi)
await authApi.saveAccessLevels(levels)
app.withOnlyThisPermission(permission.listAccessLevels.get())
await authApi.loadAccessLevels()
})
})
const validAccessLevels = authApi => {
const accessLevel1 = validAccessLevel(authApi)
accessLevel1.name = "level 1"
const accessLevel2 = validAccessLevel(authApi)
accessLevel2.name = "level 2"
return { version: 0, levels: [accessLevel1, accessLevel2] }
}
const validAccessLevel = authApi => {
const lev = authApi.getNewAccessLevel()
lev.name = "test level"
permission.writeTemplates.add(lev)
return lev
}