UNPKG

formio/test/nested.js

Version:

23.8 kBJavaScriptView Raw

1/* eslint-env mocha */
2'use strict';
3
4var request = require('supertest');
5var assert = require('assert');
6var docker = process.env.DOCKER;
7
8module.exports = function(app, template, hook) {
var Helper = require('./helper')(app);
10
describe('Nested Resources', function() {
  var customerResource = null;
  it('A Project Owner should be able to Create a Customer Resource', function(done) {
    request(app)
      .post(hook.alter('url', '/form', template))
      .set('x-jwt-token', template.users.admin.token)
      .send({
        title: 'Customer',
        name: 'customer',
        path: 'customer',
        type: 'resource',
        access: [],
        submissionAccess: [
          {
            type: 'read_own',
            roles: [template.roles.authenticated._id.toString()]
          },
          {
            type: 'update_own',
            roles: [template.roles.authenticated._id.toString()]
          },
          {
            type: 'delete_own',
            roles: [template.roles.authenticated._id.toString()]
          }
        ],
        components: [
          {
            type: 'textfield',
            validate: {
              custom: '',
              pattern: '',
              maxLength: '',
              minLength: '',
              required: false
            },
            defaultValue: '',
            multiple: false,
            suffix: '',
            prefix: '',
            placeholder: 'First Name',
            key: 'firstName',
            label: 'First Name',
            inputMask: '',
            inputType: 'text',
            input: true
          },
          {
            type: 'textfield',
            validate: {
              custom: '',
              pattern: '',
              maxLength: '',
              minLength: '',
              required: false
            },
            defaultValue: '',
            multiple: false,
            suffix: '',
            prefix: '',
            placeholder: 'Last Name',
            key: 'lastName',
            label: 'Last Name',
            inputMask: '',
            inputType: 'text',
            input: true
          }
        ]
      })
      .expect('Content-Type', /json/)
      .expect(201)
      .end(function(err, res) {
        if (err) {
          return done(err);
        }
86
        customerResource = res.body;
        assert(res.body.hasOwnProperty('_id'), 'The response should contain an `_id`.');
        assert(res.body.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
        assert(res.body.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
        assert(res.body.hasOwnProperty('access'), 'The response should contain an the `access`.');
        assert.equal(res.body.title, 'Customer');
        assert.equal(res.body.name, 'customer');
        assert.equal(res.body.path, 'customer');
        assert.equal(res.body.type, 'resource');
        template.forms.customerForm = res.body;
97
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
100
        done();
      });
  });
104
  var customerForm = null;
  it('Should be able to create a Customer Survey form', function(done) {
    request(app)
      .post(hook.alter('url', '/form', template))
      .set('x-jwt-token', template.users.admin.token)
      .send({
        title: 'Customer Survey',
        name: 'survey',
        path: 'survey',
        type: 'form',
        access: [],
        submissionAccess: [
          {
            type: 'read_own',
            roles: [template.roles.authenticated._id.toString()]
          },
          {
            type: 'update_own',
            roles: [template.roles.authenticated._id.toString()]
          },
          {
            type: 'delete_own',
            roles: [template.roles.authenticated._id.toString()]
          }
        ],
        components: [
          {
            type: 'textfield',
            validate: {
              custom: '',
              pattern: '',
              maxLength: '',
              minLength: '',
              required: false
            },
            defaultValue: '',
            multiple: false,
            suffix: '',
            prefix: '',
            placeholder: 'First Name',
            key: 'firstName',
            label: 'First Name',
            inputMask: '',
            inputType: 'text',
            input: true
          },
          {
            type: 'textfield',
            validate: {
              custom: '',
              pattern: '',
              maxLength: '',
              minLength: '',
              required: false
            },
            defaultValue: '',
            multiple: false,
            suffix: '',
            prefix: '',
            placeholder: 'Last Name',
            key: 'lastName',
            label: 'Last Name',
            inputMask: '',
            inputType: 'text',
            input: true
          }
        ]
      })
      .expect('Content-Type', /json/)
      .expect(201)
      .end(function(err, res) {
        if (err) {
          return done(err);
        }
179
        customerForm = res.body;
        assert(res.body.hasOwnProperty('_id'), 'The response should contain an `_id`.');
        assert(res.body.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
        assert(res.body.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
        assert(res.body.hasOwnProperty('access'), 'The response should contain an the `access`.');
        assert.equal(res.body.title, 'Customer Survey');
        assert.equal(res.body.name, 'survey');
        assert.equal(res.body.path, 'survey');
        assert.equal(res.body.type, 'form');
        template.forms.surveyForm = res.body;
190
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
193
        done();
      });
  });
197
  it('Should be able to create the save resource to another field action', function(done) {
    var saveResourceAction = {
      title: 'Save Submission',
      name: 'save',
      handler: ['before'],
      method: ['create', 'update'],
      priority: 11,
      settings: {
        resource: customerResource._id.toString(),
        property: 'customer',
        fields: {
          firstName: 'firstName',
          lastName: 'lastName'
        }
      }
    };
214
    request(app)
      .post(hook.alter('url', '/form/' + customerForm._id + '/action', template))
      .set('x-jwt-token', template.users.admin.token)
      .send(saveResourceAction)
      .expect('Content-Type', /json/)
      .expect(201)
      .end(function(err, res) {
        if (err) {
          return done(err);
        }
225
        var response = res.body;
        assert(response.hasOwnProperty('_id'), 'The response should contain an `_id`.');
        assert.equal(response.title, saveResourceAction.title);
        assert.equal(response.name, saveResourceAction.name);
        assert.deepEqual(response.handler, saveResourceAction.handler);
        assert.deepEqual(response.method, saveResourceAction.method);
        assert.equal(response.priority, saveResourceAction.priority);
        assert.deepEqual(response.settings, saveResourceAction.settings);
        assert.equal(response.form, customerForm._id);
        saveResourceAction = response;
236
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
239
        done();
      });
  });
243
  var survey = null;
  it('Should be able to create a submission in the survey', function(done) {
    request(app)
      .post(hook.alter('url', '/form/' + template.forms.surveyForm._id + '/submission', template))
      .set('x-jwt-token', template.users.admin.token)
      .send({
        data: {
          'firstName': 'Joe',
          'lastName': 'Smith'
        }
      })
      .expect('Content-Type', /json/)
      .expect(201)
      .end(function(err, res) {
        if(err) {
          return done(err);
        }
261
        var response = res.body;
        assert(response.hasOwnProperty('data'), 'The response body should have data.');
        assert(response.hasOwnProperty('created'), 'The submission should have a created date');
        assert(response.hasOwnProperty('modified'), 'The submission should have a modified date');
        assert(response.hasOwnProperty('_id'), 'The response should have an _id');
        assert(response.data.hasOwnProperty('customer'), 'The response body should have a customer.');
        assert(response.data.customer.hasOwnProperty('created'), 'The data should have created timestamp.');
        assert(response.data.customer.hasOwnProperty('modified'), 'Make sure there is a modified date');
        assert(response.data.customer.hasOwnProperty('_id'), 'The customer should have an ID.');
        assert.equal(response.data.customer.form, template.forms.customerForm._id);
        assert.equal(response.data.customer.data.firstName, 'Joe');
        assert.equal(response.data.customer.data.lastName, 'Smith');
        survey = res.body;
275
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
278
        done();
      });
  });
282
  it('Should be able to get the customer', function(done) {
    request(app)
      .get(hook.alter('url', '/form/' + template.forms.customerForm._id + '/submission/' + survey.data.customer._id, template))
      .set('x-jwt-token', template.users.admin.token)
      .expect('Content-Type', /json/)
      .expect(200)
      .end(function(err, res) {
        if (err) {
          return done(err);
        }
293
        var response = res.body;
295
        assert(response.hasOwnProperty('data'), 'The response should have data.');
        assert.equal(response.form, template.forms.customerForm._id);
        assert.equal(response.data.firstName, 'Joe');
        assert.equal(response.data.lastName, 'Smith');
300
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
303
        done();
      });
  });
307
  it('Should be able to query the survey submission', function(done) {
    request(app)
      .get(hook.alter('url', '/form/' + template.forms.surveyForm._id + '/submission/' + survey._id, template))
      .set('x-jwt-token', template.users.admin.token)
      .expect('Content-Type', /json/)
      .expect(200)
      .end(function(err, res) {
        if (err) {
          return done(err);
        }
318
        var response = res.body;
        assert(response.hasOwnProperty('data'), 'The response should have data.');
        assert.equal(response.form, template.forms.surveyForm._id);
        assert(response.data.hasOwnProperty('customer'), 'Customer object was not found');
        assert(response.data.customer.hasOwnProperty('_id'), 'Customer should have an _id');
        assert.equal(response.data.customer.data.firstName, 'Joe');
        assert.equal(response.data.customer.data.lastName, 'Smith');
326
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
329
        done();
      });
  });
});
334
describe('Nested Resource Permissions', () => {
  var helper = null;
  var savedSubmission = null;
  it('Create the project with a new user account.', (done) => {
    var owner = (app.hasProjects || docker) ? template.formio.owner : template.users.admin;
    helper = new Helper(owner);
    helper.project().user('user', 'user1').execute(done);
  });
343
  it('Create the resource', function(done) {
    helper
      .resource('resourcea', [
        {
          type: 'textfield',
          persistent: true,
          unique: false,
          protected: false,
          defaultValue: '',
          suffix: '',
          prefix: '',
          placeholder: '',
          key: 'a',
          label: 'a',
          inputType: 'text',
          tableView: true,
          input: true
        },
        {
          type: 'textfield',
          persistent: true,
          unique: false,
          protected: false,
          defaultValue: '',
          suffix: '',
          prefix: '',
          placeholder: '',
          key: 'b',
          label: 'b',
          inputType: 'text',
          tableView: true,
          input: true
        },
        {
          type: 'textfield',
          persistent: true,
          unique: false,
          protected: false,
          defaultValue: '',
          suffix: '',
          prefix: '',
          placeholder: '',
          key: 'c',
          label: 'c',
          inputType: 'text',
          tableView: true,
          input: true
        }
      ], {
        submissionAccess: [
          {
            type: 'create_own',
            roles: [helper.template.roles.authenticated._id.toString()]
          },
          {
            type: 'read_own',
            roles: [helper.template.roles.authenticated._id.toString()]
          },
          {
            type: 'update_own',
            roles: [helper.template.roles.authenticated._id.toString()]
          }
        ]
      }).execute(done);
  });
409
  it('Create the form', (done) => {
    helper
      .form('savetoa', [
        {
          type: 'textfield',
          persistent: true,
          unique: false,
          protected: false,
          defaultValue: '',
          suffix: '',
          prefix: '',
          placeholder: '',
          key: 'a',
          label: 'a',
          inputType: 'text',
          tableView: true,
          input: true
        },
        {
          type: 'textfield',
          persistent: true,
          unique: false,
          protected: false,
          defaultValue: '',
          suffix: '',
          prefix: '',
          placeholder: '',
          key: 'b',
          label: 'b',
          inputType: 'text',
          tableView: true,
          input: true
        },
        {
          type: 'textfield',
          persistent: true,
          unique: false,
          protected: false,
          defaultValue: '',
          suffix: '',
          prefix: '',
          placeholder: '',
          key: 'c',
          label: 'c',
          inputType: 'text',
          tableView: true,
          input: true
        }
      ], {
        submissionAccess: [
          {
            type: 'create_own',
            roles: [helper.template.roles.authenticated._id.toString()]
          },
          {
            type: 'read_own',
            roles: [helper.template.roles.authenticated._id.toString()]
          },
          {
            type: 'update_own',
            roles: [helper.template.roles.authenticated._id.toString()]
          }
        ]
      })
      .action({
        title: 'Save to A',
        name: 'save',
        handler: ['before'],
        method: ['create', 'update'],
        priority: 11,
        settings: {
          resource: helper.template.forms.resourcea._id.toString(),
          fields: {
            a: 'a',
            b: 'b',
            c: 'c'
          }
        }
      }).execute(done);
  });
490
  it('Create a new submission in "savetoa" form as Authenticated user.', (done) => {
    helper.createSubmission('savetoa', {
      data: {
        a: 'one',
        b: 'two',
        c: 'three'
      }
    }, 'user1', (err, submission) => {
      if (err) {
        return done(err);
      }
502
      assert(submission, 'There must be a submission');
      assert.equal(submission.owner, helper.template.users.user1._id);
      done();
    });
  });
508
  it('Should be able retrieve the first submission from resource as an admin user.', (done) => {
    helper.getSubmission('resourcea', 0, (err, submission) => {
      if (err) {
        return done(err);
      }
      assert(submission._id, 'The submission must have an id.');
      // The owner should be set to the original users id.
      assert.equal(submission.owner, helper.template.users.user1._id);
      assert.deepEqual(submission.data, {
        a: 'one',
        b: 'two',
        c: 'three'
      });
      done();
    });
  });
525
  it('Should be able to retrieve the first submission as user1 user', (done) => {
    helper.getSubmission('resourcea', 0, 'user1', (err, submission) => {
      if (err) {
        return done(err);
      }
      assert(submission._id, 'The submission must have an id.');
      // The owner should be set to the original users id.
      assert.equal(submission.owner, helper.template.users.user1._id);
      assert.deepEqual(submission.data, {
        a: 'one',
        b: 'two',
        c: 'three'
      });
      savedSubmission = submission;
      done();
    });
  });
543
  it('Should be able to update the submission as user1', (done) => {
    savedSubmission.data.a = 'one updated';
    savedSubmission.data.b = 'two updated';
    savedSubmission.data.c = 'three updated';
    helper.updateSubmission(savedSubmission, 'user1', (err, updated) => {
      if (err) {
        return done(err);
      }
552
      assert.deepEqual(savedSubmission.data, updated.data);
      done();
    });
  });
557
  it('An admin should also be able to update the submission', (done) => {
    savedSubmission.data.a = 'one updated again';
    savedSubmission.data.b = 'two updated again';
    savedSubmission.data.c = 'three updated again';
    helper.updateSubmission(savedSubmission, (err, updated) => {
      if (err) {
        return done(err);
      }
566
      assert.deepEqual(savedSubmission.data, updated.data);
      done();
    });
  });
571
  it('Should NOT be able to delete the submission as user1 since they don\'t have permission', (done) => {
    helper.deleteSubmission(savedSubmission, 'user1', [/text\/plain/, 401], done);
  });
575
  it('Should be able to delete the submission as admin.', (done) => {
    helper.deleteSubmission(savedSubmission, done);
  });
});
580
describe('Nested Passwords', function() {
  it('Should be able to create a form with a Password component in a panel component', function(done) {
    request(app)
      .post(hook.alter('url', '/form', template))
      .set('x-jwt-token', template.users.admin.token)
      .send({
        title: 'Nested Password Test',
        name: 'nestedPassword',
        path: 'nestedPassword',
        type: 'form',
        access: [],
        submissionAccess: [
          {
            type: 'read_own',
            roles: [template.roles.authenticated._id.toString()]
          },
          {
            type: 'update_own',
            roles: [template.roles.authenticated._id.toString()]
          },
          {
            type: 'delete_own',
            roles: [template.roles.authenticated._id.toString()]
          }
        ],
        components: [
          {
            type: 'panel',
            input: false,
            title: 'Panel',
            theme: 'default',
            components: [
              {
                input: true,
                tableView: false,
                inputType: 'password',
                label: 'Panel Password',
                key: 'panelPassword',
                placeholder: '',
                prefix: '',
                suffix: '',
                protected: true,
                persistent: true,
                type: 'password'
              }
            ]
          }
        ]
      })
      .expect('Content-Type', /json/)
      .expect(201)
      .end(function(err, res) {
        if (err) {
          return done(err);
        }
636
        assert(res.body.hasOwnProperty('_id'), 'The response should contain an `_id`.');
        assert(res.body.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
        assert(res.body.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
        assert(res.body.hasOwnProperty('access'), 'The response should contain an the `access`.');
        assert.equal(res.body.title, 'Nested Password Test');
        assert.equal(res.body.name, 'nestedPassword');
        assert.equal(res.body.path, 'nestedpassword');
        assert.equal(res.body.type, 'form');
        template.forms.nestedPasswordForm = res.body;
646
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
649
        done();
      });
  });
653
  var submission;
  it('Should be able to create a submission in the form, and not get the password in response', function(done) {
    request(app)
      .post(hook.alter('url', '/form/' + template.forms.nestedPasswordForm._id + '/submission', template))
      .set('x-jwt-token', template.users.admin.token)
      .send({
        data: {
          'panelPassword': 'hunter2'
        }
      })
      .expect('Content-Type', /json/)
      .expect(201)
      .end(function(err, res) {
        if(err) {
          return done(err);
        }
670
        var response = res.body;
        assert(response.hasOwnProperty('data'), 'The response body should have data.');
        assert(response.hasOwnProperty('created'), 'The submission should have a created date');
        assert(response.hasOwnProperty('modified'), 'The submission should have a modified date');
        assert(response.hasOwnProperty('_id'), 'The response should have an _id');
        assert.equal(response.data.panelPassword, undefined);
677
        submission = response;
679
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
682
        done();
      });
  });
686
  it('Should be able to get a submission in the form, and not get the password in response', function(done) {
    request(app)
      .get(hook.alter('url', '/form/' + template.forms.nestedPasswordForm._id + '/submission/' + submission._id, template))
      .set('x-jwt-token', template.users.admin.token)
      .send()
      .expect('Content-Type', /json/)
      .expect(200)
      .end(function(err, res) {
        if(err) {
          return done(err);
        }
        var response = res.body;
        assert(response.hasOwnProperty('data'), 'The response body should have data.');
        assert(response.hasOwnProperty('created'), 'The submission should have a created date');
        assert(response.hasOwnProperty('modified'), 'The submission should have a modified date');
        assert(response.hasOwnProperty('_id'), 'The response should have an _id');
        assert.equal(response.data.panelPassword, undefined);
704
        // Store the JWT for future API calls.
        template.users.admin.token = res.headers['x-jwt-token'];
707
        done();
      });
  });
});
712};

1	`/* eslint-env mocha */`
2	`'use strict';`
3
4	`var request = require('supertest');`
5	`var assert = require('assert');`
6	`var docker = process.env.DOCKER;`
7
8	`module.exports = function(app, template, hook) {`
9	`var Helper = require('./helper')(app);`
10
11	`describe('Nested Resources', function() {`
12	`var customerResource = null;`
13	`it('A Project Owner should be able to Create a Customer Resource', function(done) {`
14	`request(app)`
15	`.post(hook.alter('url', '/form', template))`
16	`.set('x-jwt-token', template.users.admin.token)`
17	`.send({`
18	`title: 'Customer',`
19	`name: 'customer',`
20	`path: 'customer',`
21	`type: 'resource',`
22	`access: [],`
23	`submissionAccess: [`
24	`{`
25	`type: 'read_own',`
26	`roles: [template.roles.authenticated._id.toString()]`
27	`},`
28	`{`
29	`type: 'update_own',`
30	`roles: [template.roles.authenticated._id.toString()]`
31	`},`
32	`{`
33	`type: 'delete_own',`
34	`roles: [template.roles.authenticated._id.toString()]`
35	`}`
36	`],`
37	`components: [`
38	`{`
39	`type: 'textfield',`
40	`validate: {`
41	`custom: '',`
42	`pattern: '',`
43	`maxLength: '',`
44	`minLength: '',`
45	`required: false`
46	`},`
47	`defaultValue: '',`
48	`multiple: false,`
49	`suffix: '',`
50	`prefix: '',`
51	`placeholder: 'First Name',`
52	`key: 'firstName',`
53	`label: 'First Name',`
54	`inputMask: '',`
55	`inputType: 'text',`
56	`input: true`
57	`},`
58	`{`
59	`type: 'textfield',`
60	`validate: {`
61	`custom: '',`
62	`pattern: '',`
63	`maxLength: '',`
64	`minLength: '',`
65	`required: false`
66	`},`
67	`defaultValue: '',`
68	`multiple: false,`
69	`suffix: '',`
70	`prefix: '',`
71	`placeholder: 'Last Name',`
72	`key: 'lastName',`
73	`label: 'Last Name',`
74	`inputMask: '',`
75	`inputType: 'text',`
76	`input: true`
77	`}`
78	`]`
79	`})`
80	`.expect('Content-Type', /json/)`
81	`.expect(201)`
82	`.end(function(err, res) {`
83	`if (err) {`
84	`return done(err);`
85	`}`
86
87	`customerResource = res.body;`
88	assert(res.body.hasOwnProperty('_id'), 'The response should contain an `_id`.');
89	assert(res.body.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
90	assert(res.body.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
91	assert(res.body.hasOwnProperty('access'), 'The response should contain an the `access`.');
92	`assert.equal(res.body.title, 'Customer');`
93	`assert.equal(res.body.name, 'customer');`
94	`assert.equal(res.body.path, 'customer');`
95	`assert.equal(res.body.type, 'resource');`
96	`template.forms.customerForm = res.body;`
97
98	`// Store the JWT for future API calls.`
99	`template.users.admin.token = res.headers['x-jwt-token'];`
100
101	`done();`
102	`});`
103	`});`
104
105	`var customerForm = null;`
106	`it('Should be able to create a Customer Survey form', function(done) {`
107	`request(app)`
108	`.post(hook.alter('url', '/form', template))`
109	`.set('x-jwt-token', template.users.admin.token)`
110	`.send({`
111	`title: 'Customer Survey',`
112	`name: 'survey',`
113	`path: 'survey',`
114	`type: 'form',`
115	`access: [],`
116	`submissionAccess: [`
117	`{`
118	`type: 'read_own',`
119	`roles: [template.roles.authenticated._id.toString()]`
120	`},`
121	`{`
122	`type: 'update_own',`
123	`roles: [template.roles.authenticated._id.toString()]`
124	`},`
125	`{`
126	`type: 'delete_own',`
127	`roles: [template.roles.authenticated._id.toString()]`
128	`}`
129	`],`
130	`components: [`
131	`{`
132	`type: 'textfield',`
133	`validate: {`
134	`custom: '',`
135	`pattern: '',`
136	`maxLength: '',`
137	`minLength: '',`
138	`required: false`
139	`},`
140	`defaultValue: '',`
141	`multiple: false,`
142	`suffix: '',`
143	`prefix: '',`
144	`placeholder: 'First Name',`
145	`key: 'firstName',`
146	`label: 'First Name',`
147	`inputMask: '',`
148	`inputType: 'text',`
149	`input: true`
150	`},`
151	`{`
152	`type: 'textfield',`
153	`validate: {`
154	`custom: '',`
155	`pattern: '',`
156	`maxLength: '',`
157	`minLength: '',`
158	`required: false`
159	`},`
160	`defaultValue: '',`
161	`multiple: false,`
162	`suffix: '',`
163	`prefix: '',`
164	`placeholder: 'Last Name',`
165	`key: 'lastName',`
166	`label: 'Last Name',`
167	`inputMask: '',`
168	`inputType: 'text',`
169	`input: true`
170	`}`
171	`]`
172	`})`
173	`.expect('Content-Type', /json/)`
174	`.expect(201)`
175	`.end(function(err, res) {`
176	`if (err) {`
177	`return done(err);`
178	`}`
179
180	`customerForm = res.body;`
181	assert(res.body.hasOwnProperty('_id'), 'The response should contain an `_id`.');
182	assert(res.body.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
183	assert(res.body.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
184	assert(res.body.hasOwnProperty('access'), 'The response should contain an the `access`.');
185	`assert.equal(res.body.title, 'Customer Survey');`
186	`assert.equal(res.body.name, 'survey');`
187	`assert.equal(res.body.path, 'survey');`
188	`assert.equal(res.body.type, 'form');`
189	`template.forms.surveyForm = res.body;`
190
191	`// Store the JWT for future API calls.`
192	`template.users.admin.token = res.headers['x-jwt-token'];`
193
194	`done();`
195	`});`
196	`});`
197
198	`it('Should be able to create the save resource to another field action', function(done) {`
199	`var saveResourceAction = {`
200	`title: 'Save Submission',`
201	`name: 'save',`
202	`handler: ['before'],`
203	`method: ['create', 'update'],`
204	`priority: 11,`
205	`settings: {`
206	`resource: customerResource._id.toString(),`
207	`property: 'customer',`
208	`fields: {`
209	`firstName: 'firstName',`
210	`lastName: 'lastName'`
211	`}`
212	`}`
213	`};`
214
215	`request(app)`
216	`.post(hook.alter('url', '/form/' + customerForm._id + '/action', template))`
217	`.set('x-jwt-token', template.users.admin.token)`
218	`.send(saveResourceAction)`
219	`.expect('Content-Type', /json/)`
220	`.expect(201)`
221	`.end(function(err, res) {`
222	`if (err) {`
223	`return done(err);`
224	`}`
225
226	`var response = res.body;`
227	assert(response.hasOwnProperty('_id'), 'The response should contain an `_id`.');
228	`assert.equal(response.title, saveResourceAction.title);`
229	`assert.equal(response.name, saveResourceAction.name);`
230	`assert.deepEqual(response.handler, saveResourceAction.handler);`
231	`assert.deepEqual(response.method, saveResourceAction.method);`
232	`assert.equal(response.priority, saveResourceAction.priority);`
233	`assert.deepEqual(response.settings, saveResourceAction.settings);`
234	`assert.equal(response.form, customerForm._id);`
235	`saveResourceAction = response;`
236
237	`// Store the JWT for future API calls.`
238	`template.users.admin.token = res.headers['x-jwt-token'];`
239
240	`done();`
241	`});`
242	`});`
243
244	`var survey = null;`
245	`it('Should be able to create a submission in the survey', function(done) {`
246	`request(app)`
247	`.post(hook.alter('url', '/form/' + template.forms.surveyForm._id + '/submission', template))`
248	`.set('x-jwt-token', template.users.admin.token)`
249	`.send({`
250	`data: {`
251	`'firstName': 'Joe',`
252	`'lastName': 'Smith'`
253	`}`
254	`})`
255	`.expect('Content-Type', /json/)`
256	`.expect(201)`
257	`.end(function(err, res) {`
258	`if(err) {`
259	`return done(err);`
260	`}`
261
262	`var response = res.body;`
263	`assert(response.hasOwnProperty('data'), 'The response body should have data.');`
264	`assert(response.hasOwnProperty('created'), 'The submission should have a created date');`
265	`assert(response.hasOwnProperty('modified'), 'The submission should have a modified date');`
266	`assert(response.hasOwnProperty('_id'), 'The response should have an _id');`
267	`assert(response.data.hasOwnProperty('customer'), 'The response body should have a customer.');`
268	`assert(response.data.customer.hasOwnProperty('created'), 'The data should have created timestamp.');`
269	`assert(response.data.customer.hasOwnProperty('modified'), 'Make sure there is a modified date');`
270	`assert(response.data.customer.hasOwnProperty('_id'), 'The customer should have an ID.');`
271	`assert.equal(response.data.customer.form, template.forms.customerForm._id);`
272	`assert.equal(response.data.customer.data.firstName, 'Joe');`
273	`assert.equal(response.data.customer.data.lastName, 'Smith');`
274	`survey = res.body;`
275
276	`// Store the JWT for future API calls.`
277	`template.users.admin.token = res.headers['x-jwt-token'];`
278
279	`done();`
280	`});`
281	`});`
282
283	`it('Should be able to get the customer', function(done) {`
284	`request(app)`
285	`.get(hook.alter('url', '/form/' + template.forms.customerForm._id + '/submission/' + survey.data.customer._id, template))`
286	`.set('x-jwt-token', template.users.admin.token)`
287	`.expect('Content-Type', /json/)`
288	`.expect(200)`
289	`.end(function(err, res) {`
290	`if (err) {`
291	`return done(err);`
292	`}`
293
294	`var response = res.body;`
295
296	`assert(response.hasOwnProperty('data'), 'The response should have data.');`
297	`assert.equal(response.form, template.forms.customerForm._id);`
298	`assert.equal(response.data.firstName, 'Joe');`
299	`assert.equal(response.data.lastName, 'Smith');`
300
301	`// Store the JWT for future API calls.`
302	`template.users.admin.token = res.headers['x-jwt-token'];`
303
304	`done();`
305	`});`
306	`});`
307
308	`it('Should be able to query the survey submission', function(done) {`
309	`request(app)`
310	`.get(hook.alter('url', '/form/' + template.forms.surveyForm._id + '/submission/' + survey._id, template))`
311	`.set('x-jwt-token', template.users.admin.token)`
312	`.expect('Content-Type', /json/)`
313	`.expect(200)`
314	`.end(function(err, res) {`
315	`if (err) {`
316	`return done(err);`
317	`}`
318
319	`var response = res.body;`
320	`assert(response.hasOwnProperty('data'), 'The response should have data.');`
321	`assert.equal(response.form, template.forms.surveyForm._id);`
322	`assert(response.data.hasOwnProperty('customer'), 'Customer object was not found');`
323	`assert(response.data.customer.hasOwnProperty('_id'), 'Customer should have an _id');`
324	`assert.equal(response.data.customer.data.firstName, 'Joe');`
325	`assert.equal(response.data.customer.data.lastName, 'Smith');`
326
327	`// Store the JWT for future API calls.`
328	`template.users.admin.token = res.headers['x-jwt-token'];`
329
330	`done();`
331	`});`
332	`});`
333	`});`
334
335	`describe('Nested Resource Permissions', () => {`
336	`var helper = null;`
337	`var savedSubmission = null;`
338	`it('Create the project with a new user account.', (done) => {`
339	`var owner = (app.hasProjects \|\| docker) ? template.formio.owner : template.users.admin;`
340	`helper = new Helper(owner);`
341	`helper.project().user('user', 'user1').execute(done);`
342	`});`
343
344	`it('Create the resource', function(done) {`
345	`helper`
346	`.resource('resourcea', [`
347	`{`
348	`type: 'textfield',`
349	`persistent: true,`
350	`unique: false,`
351	`protected: false,`
352	`defaultValue: '',`
353	`suffix: '',`
354	`prefix: '',`
355	`placeholder: '',`
356	`key: 'a',`
357	`label: 'a',`
358	`inputType: 'text',`
359	`tableView: true,`
360	`input: true`
361	`},`
362	`{`
363	`type: 'textfield',`
364	`persistent: true,`
365	`unique: false,`
366	`protected: false,`
367	`defaultValue: '',`
368	`suffix: '',`
369	`prefix: '',`
370	`placeholder: '',`
371	`key: 'b',`
372	`label: 'b',`
373	`inputType: 'text',`
374	`tableView: true,`
375	`input: true`
376	`},`
377	`{`
378	`type: 'textfield',`
379	`persistent: true,`
380	`unique: false,`
381	`protected: false,`
382	`defaultValue: '',`
383	`suffix: '',`
384	`prefix: '',`
385	`placeholder: '',`
386	`key: 'c',`
387	`label: 'c',`
388	`inputType: 'text',`
389	`tableView: true,`
390	`input: true`
391	`}`
392	`], {`
393	`submissionAccess: [`
394	`{`
395	`type: 'create_own',`
396	`roles: [helper.template.roles.authenticated._id.toString()]`
397	`},`
398	`{`
399	`type: 'read_own',`
400	`roles: [helper.template.roles.authenticated._id.toString()]`
401	`},`
402	`{`
403	`type: 'update_own',`
404	`roles: [helper.template.roles.authenticated._id.toString()]`
405	`}`
406	`]`
407	`}).execute(done);`
408	`});`
409
410	`it('Create the form', (done) => {`
411	`helper`
412	`.form('savetoa', [`
413	`{`
414	`type: 'textfield',`
415	`persistent: true,`
416	`unique: false,`
417	`protected: false,`
418	`defaultValue: '',`
419	`suffix: '',`
420	`prefix: '',`
421	`placeholder: '',`
422	`key: 'a',`
423	`label: 'a',`
424	`inputType: 'text',`
425	`tableView: true,`
426	`input: true`
427	`},`
428	`{`
429	`type: 'textfield',`
430	`persistent: true,`
431	`unique: false,`
432	`protected: false,`
433	`defaultValue: '',`
434	`suffix: '',`
435	`prefix: '',`
436	`placeholder: '',`
437	`key: 'b',`
438	`label: 'b',`
439	`inputType: 'text',`
440	`tableView: true,`
441	`input: true`
442	`},`
443	`{`
444	`type: 'textfield',`
445	`persistent: true,`
446	`unique: false,`
447	`protected: false,`
448	`defaultValue: '',`
449	`suffix: '',`
450	`prefix: '',`
451	`placeholder: '',`
452	`key: 'c',`
453	`label: 'c',`
454	`inputType: 'text',`
455	`tableView: true,`
456	`input: true`
457	`}`
458	`], {`
459	`submissionAccess: [`
460	`{`
461	`type: 'create_own',`
462	`roles: [helper.template.roles.authenticated._id.toString()]`
463	`},`
464	`{`
465	`type: 'read_own',`
466	`roles: [helper.template.roles.authenticated._id.toString()]`
467	`},`
468	`{`
469	`type: 'update_own',`
470	`roles: [helper.template.roles.authenticated._id.toString()]`
471	`}`
472	`]`
473	`})`
474	`.action({`
475	`title: 'Save to A',`
476	`name: 'save',`
477	`handler: ['before'],`
478	`method: ['create', 'update'],`
479	`priority: 11,`
480	`settings: {`
481	`resource: helper.template.forms.resourcea._id.toString(),`
482	`fields: {`
483	`a: 'a',`
484	`b: 'b',`
485	`c: 'c'`
486	`}`
487	`}`
488	`}).execute(done);`
489	`});`
490
491	`it('Create a new submission in "savetoa" form as Authenticated user.', (done) => {`
492	`helper.createSubmission('savetoa', {`
493	`data: {`
494	`a: 'one',`
495	`b: 'two',`
496	`c: 'three'`
497	`}`
498	`}, 'user1', (err, submission) => {`
499	`if (err) {`
500	`return done(err);`
501	`}`
502
503	`assert(submission, 'There must be a submission');`
504	`assert.equal(submission.owner, helper.template.users.user1._id);`
505	`done();`
506	`});`
507	`});`
508
509	`it('Should be able retrieve the first submission from resource as an admin user.', (done) => {`
510	`helper.getSubmission('resourcea', 0, (err, submission) => {`
511	`if (err) {`
512	`return done(err);`
513	`}`
514	`assert(submission._id, 'The submission must have an id.');`
515	`// The owner should be set to the original users id.`
516	`assert.equal(submission.owner, helper.template.users.user1._id);`
517	`assert.deepEqual(submission.data, {`
518	`a: 'one',`
519	`b: 'two',`
520	`c: 'three'`
521	`});`
522	`done();`
523	`});`
524	`});`
525
526	`it('Should be able to retrieve the first submission as user1 user', (done) => {`
527	`helper.getSubmission('resourcea', 0, 'user1', (err, submission) => {`
528	`if (err) {`
529	`return done(err);`
530	`}`
531	`assert(submission._id, 'The submission must have an id.');`
532	`// The owner should be set to the original users id.`
533	`assert.equal(submission.owner, helper.template.users.user1._id);`
534	`assert.deepEqual(submission.data, {`
535	`a: 'one',`
536	`b: 'two',`
537	`c: 'three'`
538	`});`
539	`savedSubmission = submission;`
540	`done();`
541	`});`
542	`});`
543
544	`it('Should be able to update the submission as user1', (done) => {`
545	`savedSubmission.data.a = 'one updated';`
546	`savedSubmission.data.b = 'two updated';`
547	`savedSubmission.data.c = 'three updated';`
548	`helper.updateSubmission(savedSubmission, 'user1', (err, updated) => {`
549	`if (err) {`
550	`return done(err);`
551	`}`
552
553	`assert.deepEqual(savedSubmission.data, updated.data);`
554	`done();`
555	`});`
556	`});`
557
558	`it('An admin should also be able to update the submission', (done) => {`
559	`savedSubmission.data.a = 'one updated again';`
560	`savedSubmission.data.b = 'two updated again';`
561	`savedSubmission.data.c = 'three updated again';`
562	`helper.updateSubmission(savedSubmission, (err, updated) => {`
563	`if (err) {`
564	`return done(err);`
565	`}`
566
567	`assert.deepEqual(savedSubmission.data, updated.data);`
568	`done();`
569	`});`
570	`});`
571
572	`it('Should NOT be able to delete the submission as user1 since they don\'t have permission', (done) => {`
573	`helper.deleteSubmission(savedSubmission, 'user1', [/text\/plain/, 401], done);`
574	`});`
575
576	`it('Should be able to delete the submission as admin.', (done) => {`
577	`helper.deleteSubmission(savedSubmission, done);`
578	`});`
579	`});`
580
581	`describe('Nested Passwords', function() {`
582	`it('Should be able to create a form with a Password component in a panel component', function(done) {`
583	`request(app)`
584	`.post(hook.alter('url', '/form', template))`
585	`.set('x-jwt-token', template.users.admin.token)`
586	`.send({`
587	`title: 'Nested Password Test',`
588	`name: 'nestedPassword',`
589	`path: 'nestedPassword',`
590	`type: 'form',`
591	`access: [],`
592	`submissionAccess: [`
593	`{`
594	`type: 'read_own',`
595	`roles: [template.roles.authenticated._id.toString()]`
596	`},`
597	`{`
598	`type: 'update_own',`
599	`roles: [template.roles.authenticated._id.toString()]`
600	`},`
601	`{`
602	`type: 'delete_own',`
603	`roles: [template.roles.authenticated._id.toString()]`
604	`}`
605	`],`
606	`components: [`
607	`{`
608	`type: 'panel',`
609	`input: false,`
610	`title: 'Panel',`
611	`theme: 'default',`
612	`components: [`
613	`{`
614	`input: true,`
615	`tableView: false,`
616	`inputType: 'password',`
617	`label: 'Panel Password',`
618	`key: 'panelPassword',`
619	`placeholder: '',`
620	`prefix: '',`
621	`suffix: '',`
622	`protected: true,`
623	`persistent: true,`
624	`type: 'password'`
625	`}`
626	`]`
627	`}`
628	`]`
629	`})`
630	`.expect('Content-Type', /json/)`
631	`.expect(201)`
632	`.end(function(err, res) {`
633	`if (err) {`
634	`return done(err);`
635	`}`
636
637	assert(res.body.hasOwnProperty('_id'), 'The response should contain an `_id`.');
638	assert(res.body.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
639	assert(res.body.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
640	assert(res.body.hasOwnProperty('access'), 'The response should contain an the `access`.');
641	`assert.equal(res.body.title, 'Nested Password Test');`
642	`assert.equal(res.body.name, 'nestedPassword');`
643	`assert.equal(res.body.path, 'nestedpassword');`
644	`assert.equal(res.body.type, 'form');`
645	`template.forms.nestedPasswordForm = res.body;`
646
647	`// Store the JWT for future API calls.`
648	`template.users.admin.token = res.headers['x-jwt-token'];`
649
650	`done();`
651	`});`
652	`});`
653
654	`var submission;`
655	`it('Should be able to create a submission in the form, and not get the password in response', function(done) {`
656	`request(app)`
657	`.post(hook.alter('url', '/form/' + template.forms.nestedPasswordForm._id + '/submission', template))`
658	`.set('x-jwt-token', template.users.admin.token)`
659	`.send({`
660	`data: {`
661	`'panelPassword': 'hunter2'`
662	`}`
663	`})`
664	`.expect('Content-Type', /json/)`
665	`.expect(201)`
666	`.end(function(err, res) {`
667	`if(err) {`
668	`return done(err);`
669	`}`
670
671	`var response = res.body;`
672	`assert(response.hasOwnProperty('data'), 'The response body should have data.');`
673	`assert(response.hasOwnProperty('created'), 'The submission should have a created date');`
674	`assert(response.hasOwnProperty('modified'), 'The submission should have a modified date');`
675	`assert(response.hasOwnProperty('_id'), 'The response should have an _id');`
676	`assert.equal(response.data.panelPassword, undefined);`
677
678	`submission = response;`
679
680	`// Store the JWT for future API calls.`
681	`template.users.admin.token = res.headers['x-jwt-token'];`
682
683	`done();`
684	`});`
685	`});`
686
687	`it('Should be able to get a submission in the form, and not get the password in response', function(done) {`
688	`request(app)`
689	`.get(hook.alter('url', '/form/' + template.forms.nestedPasswordForm._id + '/submission/' + submission._id, template))`
690	`.set('x-jwt-token', template.users.admin.token)`
691	`.send()`
692	`.expect('Content-Type', /json/)`
693	`.expect(200)`
694	`.end(function(err, res) {`
695	`if(err) {`
696	`return done(err);`
697	`}`
698	`var response = res.body;`
699	`assert(response.hasOwnProperty('data'), 'The response body should have data.');`
700	`assert(response.hasOwnProperty('created'), 'The submission should have a created date');`
701	`assert(response.hasOwnProperty('modified'), 'The submission should have a modified date');`
702	`assert(response.hasOwnProperty('_id'), 'The response should have an _id');`
703	`assert.equal(response.data.panelPassword, undefined);`
704
705	`// Store the JWT for future API calls.`
706	`template.users.admin.token = res.headers['x-jwt-token'];`
707
708	`done();`
709	`});`
710	`});`
711	`});`
712	`};`