UNPKG

16.8 kBJavaScriptView Raw
1/* eslint-env mocha */
2'use strict';
3
4var request = require('supertest');
5var assert = require('assert');
6var _ = require('lodash');
7
8module.exports = function(app, template, hook) {
9 var ignoreFields = ['config'];
10
11 describe('Resources', function() {
12 // Store the temp resource for this test suite.
13 var tempResource = {
14 title: 'tempResource',
15 name: 'tempResource',
16 path: 'temp',
17 type: 'resource',
18 access: [],
19 submissionAccess: [],
20 components: [
21 {
22 type: 'textfield',
23 validate: {
24 custom: '',
25 pattern: '',
26 maxLength: '',
27 minLength: '',
28 required: false
29 },
30 defaultValue: '',
31 multiple: false,
32 suffix: '',
33 prefix: '',
34 placeholder: 'foo',
35 key: 'foo',
36 label: 'foo',
37 inputMask: '',
38 inputType: 'text',
39 input: true
40 }
41 ]
42 };
43
44 describe('Permissions - Resource Level - Project Owner', function() {
45 it('An administrator should be able to Create a Resource', function(done) {
46 request(app)
47 .post(hook.alter('url', '/form', template))
48 .set('x-jwt-token', template.users.admin.token)
49 .send(tempResource)
50 .expect('Content-Type', /json/)
51 .expect(201)
52 .end(function(err, res) {
53 if (err) {
54 return done(err);
55 }
56
57 var response = res.body;
58 assert(response.hasOwnProperty('_id'), 'The response should contain an `_id`.');
59 assert(response.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
60 assert(response.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
61 assert(response.hasOwnProperty('access'), 'The response should contain an the `access`.');
62 assert.equal(response.title, tempResource.title);
63 assert.equal(response.name, tempResource.name);
64 assert.equal(response.path, tempResource.path);
65 assert.equal(response.type, 'resource');
66 assert.deepEqual(response.components, tempResource.components);
67 template.resources.tempResource = response;
68
69 // Store the JWT for future API calls.
70 template.users.admin.token = res.headers['x-jwt-token'];
71 done();
72 });
73 });
74
75 it('A Project Owner should be able to Read a Resource', function(done) {
76 request(app)
77 .get(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
78 .set('x-jwt-token', template.users.admin.token)
79 .expect('Content-Type', /json/)
80 .expect(200)
81 .end(function(err, res) {
82 if (err) {
83 return done(err);
84 }
85
86 var response = res.body;
87 assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
88
89 // Store the JWT for future API calls.
90 template.users.admin.token = res.headers['x-jwt-token'];
91
92 done();
93 });
94 });
95
96 it('A Project Owner should be able to Update a Resource', function(done) {
97 var updatedResource = _.clone(template.resources.tempResource);
98 updatedResource.title = 'Updated';
99
100 request(app)
101 .put(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
102 .set('x-jwt-token', template.users.admin.token)
103 .send({title: updatedResource.title})
104 .expect('Content-Type', /json/)
105 .expect(200)
106 .end(function(err, res) {
107 if (err) {
108 return done(err);
109 }
110
111 var response = res.body;
112 // Update the modified timestamp, before comparison.
113 updatedResource.modified = response.modified;
114 assert.deepEqual(_.omit(response, ignoreFields), _.omit(updatedResource, ignoreFields));
115
116 // Save this resource for later use.
117 template.resources.tempResource = response;
118
119 // Store the JWT for future API calls.
120 template.users.admin.token = res.headers['x-jwt-token'];
121
122 done();
123 });
124 });
125
126 it('A Project Owner should be able to Read the Index of Resources', function(done) {
127 request(app)
128 .get(hook.alter('url', '/form?type=resource', template))
129 .set('x-jwt-token', template.users.admin.token)
130 .expect('Content-Type', /json/)
131 .expect(200)
132 .end(function(err, res) {
133 if (err) {
134 return done(err);
135 }
136
137 var response = res.body;
138 assert.equal(response.length, _.size(template.resources));
139 _.each(response, function(resource) {
140 assert(template.resources.hasOwnProperty(resource.name), 'Resource not found.');
141 });
142
143 // Store the JWT for future API calls.
144 template.users.admin.token = res.headers['x-jwt-token'];
145
146 done();
147 });
148 });
149
150 it('A Project Owner should be able to Read a Resource using its alias', function(done) {
151 request(app)
152 .get(hook.alter('url', '/' + template.resources.tempResource.path, template))
153 .set('x-jwt-token', template.users.admin.token)
154 .expect('Content-Type', /json/)
155 .expect(200)
156 .end(function(err, res) {
157 if (err) {
158 return done(err);
159 }
160
161 var response = res.body;
162 assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
163
164 // Store the JWT for future API calls.
165 template.users.admin.token = res.headers['x-jwt-token'];
166
167 done();
168 });
169 });
170
171 it('A Project Owner should be able to Update a Resource using its alias', function(done) {
172 var updatedResource = _.clone(template.resources.tempResource);
173 updatedResource.title = 'Updated2';
174
175 request(app)
176 .put(hook.alter('url', '/' + template.resources.tempResource.path, template))
177 .set('x-jwt-token', template.users.admin.token)
178 .send({title: updatedResource.title})
179 .expect('Content-Type', /json/)
180 .expect(200)
181 .end(function(err, res) {
182 if (err) {
183 return done(err);
184 }
185
186 var response = res.body;
187 // Update the modified timestamp, before comparison.
188 updatedResource.modified = response.modified;
189 assert.deepEqual(_.omit(response, ignoreFields), _.omit(updatedResource, ignoreFields));
190
191 // Save this resource for later use.
192 template.resources.tempResource = response;
193
194 // Store the JWT for future API calls.
195 template.users.admin.token = res.headers['x-jwt-token'];
196
197 done();
198 });
199 });
200 });
201
202 describe('Permissions - Resource Level - Authenticated User', function() {
203 it('An user should not be able to Create a Resource for a User-Created Project', function(done) {
204 request(app)
205 .post(hook.alter('url', '/form', template))
206 .set('x-jwt-token', template.users.user1.token)
207 .send(template.resources.tempResource)
208 .expect('Content-Type', /text\/plain/)
209 .expect(401)
210 .end(done);
211 });
212
213 it('A user should be able to Read a Resource for a User-Created Project', function(done) {
214 request(app)
215 .get(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
216 .set('x-jwt-token', template.users.user1.token)
217 .expect('Content-Type', /json/)
218 .expect(200)
219 .end(function(err, res) {
220 if (err) {
221 return done(err);
222 }
223
224 var response = res.body;
225 assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
226
227 done();
228 });
229 });
230
231 it('A user should not be able to Update a Resource for a User-Created Project', function(done) {
232 var updatedResource = _.clone(template.resources.tempResource);
233 updatedResource.title = 'Updated';
234
235 request(app)
236 .put(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
237 .set('x-jwt-token', template.users.user1.token)
238 .send({title: updatedResource.title})
239 .expect('Content-Type', /text\/plain/)
240 .expect(401)
241 .end(done);
242 });
243
244 it('A user should be able to Read the Index of Resource for a User-Created Project', function(done) {
245 request(app)
246 .get(hook.alter('url', '/form?type=resource', template))
247 .set('x-jwt-token', template.users.user1.token)
248 .expect('Content-Type', template.project ? /text\/plain/ : /json/)
249 .expect(template.project ? 401 : 200)
250 .end(done);
251 });
252
253 it('A user should not be able to Read a Resource for a User-Created Project using it alias', function(done) {
254 request(app)
255 .get(hook.alter('url', '/' + template.resources.tempResource.path, template))
256 .set('x-jwt-token', template.users.user1.token)
257 .expect('Content-Type', /json/)
258 .expect(200)
259 .end(function(err, res) {
260 if (err) {
261 return done(err);
262 }
263
264 var response = res.body;
265 assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
266
267 done();
268 });
269 });
270
271 it('A user should not be able to Update a Resource for a User-Created Project using it alias', function(done) {
272 var updatedResource = _.clone(template.resources.tempResource);
273 updatedResource.title = 'Updated2';
274
275 request(app)
276 .put(hook.alter('url', '/' + template.resources.tempResource.path, template))
277 .set('x-jwt-token', template.users.user1.token)
278 .expect('Content-Type', /text\/plain/)
279 .expect(401)
280 .end(done);
281 });
282 });
283
284 describe('Permissions - Resource Level - Anonymous User', function() {
285 it('An Anonymous user should not be able to Create a Resource for a User-Created Project', function(done) {
286 request(app)
287 .post(hook.alter('url', '/form', template))
288 .send(template.resources.tempResource)
289 .expect('Content-Type', /text\/plain/)
290 .expect(401)
291 .end(done);
292 });
293
294 it('An Anonymous user should be able to Read a Resource for a User-Created Project', function(done) {
295 request(app)
296 .get(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
297 .expect('Content-Type', /json/)
298 .expect(200)
299 .end(function(err, res) {
300 if (err) {
301 return done(err);
302 }
303
304 var response = res.body;
305 assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
306
307 done();
308 });
309 });
310
311 it('An Anonymous user should not be able to Update a Resource for a User-Created Project', function(done) {
312 var updatedResource = _.clone(template.resources.tempResource);
313 updatedResource.title = 'Updated';
314
315 request(app)
316 .put(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
317 .send({title: updatedResource.title})
318 .expect('Content-Type', /text\/plain/)
319 .expect(401)
320 .end(done);
321 });
322
323 it('An Anonymous user should be able to Read the Index of Resource for a User-Created Project', function(done) {
324 request(app)
325 .get(hook.alter('url', '/form?type=resource', template))
326 .expect('Content-Type', template.project ? /text\/plain/ : /json/)
327 .expect(template.project ? 401 : 200)
328 .end(done);
329 });
330
331 it('An Anonymous user should not be able to Read a Resource for a User-Created Project using it alias', function(done) {
332 request(app)
333 .get(hook.alter('url', '/' + template.resources.tempResource.path, template))
334 .expect('Content-Type', /json/)
335 .expect(200)
336 .end(function(err, res) {
337 if (err) {
338 return done(err);
339 }
340
341 var response = res.body;
342 assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
343
344 done();
345 });
346 });
347
348 it('An Anonymous user should not be able to Update a Resource for a User-Created Project using it alias', function(done) {
349 var updatedResource = _.clone(template.resources.tempResource);
350 updatedResource.title = 'Updated2';
351
352 request(app)
353 .put(hook.alter('url', '/' + template.resources.tempResource.path, template))
354 .expect('Content-Type', /text\/plain/)
355 .expect(401)
356 .end(done);
357 });
358 });
359
360 describe('Resource Normalization', function() {
361 it('A Project Owner should be able to Delete a Resource', function(done) {
362 request(app)
363 .delete(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
364 .set('x-jwt-token', template.users.admin.token)
365 .expect(200)
366 .end(function(err, res) {
367 if (err) {
368 return done(err);
369 }
370
371 var response = res.body;
372 assert.deepEqual(response, {});
373
374 // Store the JWT for future API calls.
375 template.users.admin.token = res.headers['x-jwt-token'];
376
377 done();
378 });
379 });
380
381 it('A Project Owner should be able to Create a User Resource', function(done) {
382 var userResource = {
383 title: 'Users',
384 name: 'user2',
385 path: 'user2',
386 type: 'resource',
387 access: [],
388 submissionAccess: [
389 {
390 type: 'read_own',
391 roles: [template.roles.authenticated._id.toString()]
392 },
393 {
394 type: 'update_own',
395 roles: [template.roles.authenticated._id.toString()]
396 },
397 {
398 type: 'delete_own',
399 roles: [template.roles.authenticated._id.toString()]
400 }
401 ],
402 components: [
403 {
404 type: 'textfield',
405 validate: {
406 custom: '',
407 pattern: '',
408 maxLength: '',
409 minLength: '',
410 required: false
411 },
412 defaultValue: '',
413 multiple: false,
414 suffix: '',
415 prefix: '',
416 placeholder: 'username',
417 key: 'username',
418 label: 'username',
419 inputMask: '',
420 inputType: 'text',
421 input: true
422 },
423 {
424 type: 'password',
425 suffix: '',
426 prefix: '',
427 placeholder: 'password',
428 key: 'password',
429 label: 'password',
430 inputType: 'password',
431 input: true
432 }
433 ]
434 };
435
436 request(app)
437 .post(hook.alter('url', '/form', template))
438 .set('x-jwt-token', template.users.admin.token)
439 .send(userResource)
440 .expect('Content-Type', /json/)
441 .expect(201)
442 .end(function(err, res) {
443 if (err) {
444 return done(err);
445 }
446
447 var response = res.body;
448 assert(response.hasOwnProperty('_id'), 'The response should contain an `_id`.');
449 assert(response.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
450 assert(response.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
451 assert(response.hasOwnProperty('access'), 'The response should contain an the `access`.');
452 assert.equal(response.title, userResource.title);
453 assert.equal(response.name, userResource.name);
454 assert.equal(response.path, userResource.path);
455 assert.equal(response.type, 'resource');
456 assert.deepEqual(response.components, userResource.components);
457
458 // Store the JWT for future API calls.
459 template.users.admin.token = res.headers['x-jwt-token'];
460
461 done();
462 });
463 });
464 });
465 });
466};