UNPKG

apostrophe/test/permissions.js

Version:

4.8 kBJavaScriptView Raw

1var t = require('../test-lib/test.js');
2var assert = require('assert');
3var _ = require('@sailshq/lodash');
4
5describe('Permissions', function() {
6
this.timeout(t.timeout);
8
var apos;
10
after(function(done) {
  return t.destroy(apos, function() {
    return done();
  });
});
16
it('should have a permissions property', function(done) {
  apos = require('../index.js')({
    root: module,
    shortName: 'test',
    modules: {
      'apostrophe-express': {
        secret: 'xxx',
        port: 7900
      }
    },
    afterInit: function(callback) {
      assert(apos.permissions);
      // In tests this will be the name of the test file,
      // so override that in order to get apostrophe to
      // listen normally and not try to run a task. -Tom
      apos.argv._ = [];
      return callback(null);
    },
    afterListen: function(err) {
      assert(!err);
      done();
    }
  });
});
41
// mock up a request
function req(d) {
  var o = {
    traceIn: function() {},
    traceOut: function() {}
  };
  _.extend(o, d);
  return o;
}
51
describe('test permissions.can', function() {
  it('allows view-doc in the generic case', function() {
    assert(apos.permissions.can(req(), 'view-doc'));
  });
  it('rejects edit-doc in the generic case', function() {
    assert(!apos.permissions.can(req(), 'edit-doc'));
  });
  it('forbids view-doc for public with loginRequired', function() {
    assert(!apos.permissions.can(req(), 'view-doc', { published: true, loginRequired: 'loginRequired' }));
  });
  it('permits view-doc for public without loginRequired', function() {
    assert(apos.permissions.can(req(), 'view-doc', { published: true }));
  });
  it('prohibits view-doc for public without published', function() {
    assert(!apos.permissions.can(req(), 'view-doc', {}));
  });
  it('prohibits view-doc for public with loginRequired', function() {
    assert(!apos.permissions.can(req(), 'view-doc', { published: true, loginRequired: 'loginRequired' }));
  });
  it('permits view-doc for guest user with loginRequired', function() {
    assert(apos.permissions.can(req({ user: { _permissions: { guest: 1 } } }), 'view-doc', { published: true, loginRequired: 'loginRequired' }));
  });
  it('permits view-doc for individual with proper id', function() {
    assert(apos.permissions.can(req({ user: { _id: 1 } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1' ] }));
  });
  it('forbids view-doc for individual with wrong id', function() {
    assert(!apos.permissions.can(req({ user: { _id: 2 } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1' ] }));
  });
  it('permits view-doc for individual with group id', function() {
    assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ] } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1002' ] }));
  });
  it('forbids view-doc for individual with wrong group id', function() {
    assert(!apos.permissions.can(req({ user: { _id: 2, groupIds: [ 1001, 1002 ] } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1003' ] }));
  });
  it('certainUsers will not let you slide past to an unpublished doc', function() {
    assert(!apos.permissions.can(req({ user: { _id: 1 } }), 'view-doc', { loginRequired: 'certainUsers', docPermissions: [ 'view-1' ] }));
  });
  it('permits view-doc for unpublished doc for individual with group id for editing', function() {
    assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ] } }), 'view-doc', { docPermissions: [ 'edit-1002' ] }));
  });
  it('permits edit-doc for individual with group id for editing and the edit permission', function() {
    assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ], _permissions: { edit: true } } }), 'edit-doc', { docPermissions: [ 'edit-1002' ] }));
  });
  it('forbids edit-doc for individual with group id for editing but no edit permission', function() {
    assert(!apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ] } }), 'edit-doc', { docPermissions: [ 'edit-1002' ] }));
  });
  it('permits edit-doc for individual with group id for managing and edit permission', function() {
    assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ], _permissions: { edit: true } } }), 'edit-doc', { docPermissions: [ 'publish-1002' ] }));
  });
  it('forbids edit-doc for other person', function() {
    assert(!apos.permissions.can(req({ user: { _id: 7 } }), 'edit-doc', { docPermissions: [ 'publish-1002' ] }));
  });
});
105});

1	`var t = require('../test-lib/test.js');`
2	`var assert = require('assert');`
3	`var _ = require('@sailshq/lodash');`
4
5	`describe('Permissions', function() {`
6
7	`this.timeout(t.timeout);`
8
9	`var apos;`
10
11	`after(function(done) {`
12	`return t.destroy(apos, function() {`
13	`return done();`
14	`});`
15	`});`
16
17	`it('should have a permissions property', function(done) {`
18	`apos = require('../index.js')({`
19	`root: module,`
20	`shortName: 'test',`
21	`modules: {`
22	`'apostrophe-express': {`
23	`secret: 'xxx',`
24	`port: 7900`
25	`}`
26	`},`
27	`afterInit: function(callback) {`
28	`assert(apos.permissions);`
29	`// In tests this will be the name of the test file,`
30	`// so override that in order to get apostrophe to`
31	`// listen normally and not try to run a task. -Tom`
32	`apos.argv._ = [];`
33	`return callback(null);`
34	`},`
35	`afterListen: function(err) {`
36	`assert(!err);`
37	`done();`
38	`}`
39	`});`
40	`});`
41
42	`// mock up a request`
43	`function req(d) {`
44	`var o = {`
45	`traceIn: function() {},`
46	`traceOut: function() {}`
47	`};`
48	`_.extend(o, d);`
49	`return o;`
50	`}`
51
52	`describe('test permissions.can', function() {`
53	`it('allows view-doc in the generic case', function() {`
54	`assert(apos.permissions.can(req(), 'view-doc'));`
55	`});`
56	`it('rejects edit-doc in the generic case', function() {`
57	`assert(!apos.permissions.can(req(), 'edit-doc'));`
58	`});`
59	`it('forbids view-doc for public with loginRequired', function() {`
60	`assert(!apos.permissions.can(req(), 'view-doc', { published: true, loginRequired: 'loginRequired' }));`
61	`});`
62	`it('permits view-doc for public without loginRequired', function() {`
63	`assert(apos.permissions.can(req(), 'view-doc', { published: true }));`
64	`});`
65	`it('prohibits view-doc for public without published', function() {`
66	`assert(!apos.permissions.can(req(), 'view-doc', {}));`
67	`});`
68	`it('prohibits view-doc for public with loginRequired', function() {`
69	`assert(!apos.permissions.can(req(), 'view-doc', { published: true, loginRequired: 'loginRequired' }));`
70	`});`
71	`it('permits view-doc for guest user with loginRequired', function() {`
72	`assert(apos.permissions.can(req({ user: { _permissions: { guest: 1 } } }), 'view-doc', { published: true, loginRequired: 'loginRequired' }));`
73	`});`
74	`it('permits view-doc for individual with proper id', function() {`
75	`assert(apos.permissions.can(req({ user: { _id: 1 } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1' ] }));`
76	`});`
77	`it('forbids view-doc for individual with wrong id', function() {`
78	`assert(!apos.permissions.can(req({ user: { _id: 2 } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1' ] }));`
79	`});`
80	`it('permits view-doc for individual with group id', function() {`
81	`assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ] } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1002' ] }));`
82	`});`
83	`it('forbids view-doc for individual with wrong group id', function() {`
84	`assert(!apos.permissions.can(req({ user: { _id: 2, groupIds: [ 1001, 1002 ] } }), 'view-doc', { published: true, loginRequired: 'certainUsers', docPermissions: [ 'view-1003' ] }));`
85	`});`
86	`it('certainUsers will not let you slide past to an unpublished doc', function() {`
87	`assert(!apos.permissions.can(req({ user: { _id: 1 } }), 'view-doc', { loginRequired: 'certainUsers', docPermissions: [ 'view-1' ] }));`
88	`});`
89	`it('permits view-doc for unpublished doc for individual with group id for editing', function() {`
90	`assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ] } }), 'view-doc', { docPermissions: [ 'edit-1002' ] }));`
91	`});`
92	`it('permits edit-doc for individual with group id for editing and the edit permission', function() {`
93	`assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ], _permissions: { edit: true } } }), 'edit-doc', { docPermissions: [ 'edit-1002' ] }));`
94	`});`
95	`it('forbids edit-doc for individual with group id for editing but no edit permission', function() {`
96	`assert(!apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ] } }), 'edit-doc', { docPermissions: [ 'edit-1002' ] }));`
97	`});`
98	`it('permits edit-doc for individual with group id for managing and edit permission', function() {`
99	`assert(apos.permissions.can(req({ user: { _id: 1, groupIds: [ 1001, 1002 ], _permissions: { edit: true } } }), 'edit-doc', { docPermissions: [ 'publish-1002' ] }));`
100	`});`
101	`it('forbids edit-doc for other person', function() {`
102	`assert(!apos.permissions.can(req({ user: { _id: 7 } }), 'edit-doc', { docPermissions: [ 'publish-1002' ] }));`
103	`});`
104	`});`
105	`});`