1 |
|
2 | 'use strict';
|
3 |
|
4 | var request = require('supertest');
|
5 | var assert = require('assert');
|
6 | var _ = require('lodash');
|
7 |
|
8 | module.exports = function(app, template, hook) {
|
9 | var ignoreFields = ['config'];
|
10 |
|
11 | describe('Resources', function() {
|
12 |
|
13 | var tempResource = {
|
14 | title: 'tempResource',
|
15 | name: 'tempResource',
|
16 | path: 'temp',
|
17 | type: 'resource',
|
18 | access: [],
|
19 | submissionAccess: [],
|
20 | components: [
|
21 | {
|
22 | type: 'textfield',
|
23 | validate: {
|
24 | custom: '',
|
25 | pattern: '',
|
26 | maxLength: '',
|
27 | minLength: '',
|
28 | required: false
|
29 | },
|
30 | defaultValue: '',
|
31 | multiple: false,
|
32 | suffix: '',
|
33 | prefix: '',
|
34 | placeholder: 'foo',
|
35 | key: 'foo',
|
36 | label: 'foo',
|
37 | inputMask: '',
|
38 | inputType: 'text',
|
39 | input: true
|
40 | }
|
41 | ]
|
42 | };
|
43 |
|
44 | describe('Permissions - Resource Level - Project Owner', function() {
|
45 | it('An administrator should be able to Create a Resource', function(done) {
|
46 | request(app)
|
47 | .post(hook.alter('url', '/form', template))
|
48 | .set('x-jwt-token', template.users.admin.token)
|
49 | .send(tempResource)
|
50 | .expect('Content-Type', /json/)
|
51 | .expect(201)
|
52 | .end(function(err, res) {
|
53 | if (err) {
|
54 | return done(err);
|
55 | }
|
56 |
|
57 | var response = res.body;
|
58 | assert(response.hasOwnProperty('_id'), 'The response should contain an `_id`.');
|
59 | assert(response.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
|
60 | assert(response.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
|
61 | assert(response.hasOwnProperty('access'), 'The response should contain an the `access`.');
|
62 | assert.equal(response.title, tempResource.title);
|
63 | assert.equal(response.name, tempResource.name);
|
64 | assert.equal(response.path, tempResource.path);
|
65 | assert.equal(response.type, 'resource');
|
66 | assert.deepEqual(response.components, tempResource.components);
|
67 | template.resources.tempResource = response;
|
68 |
|
69 |
|
70 | template.users.admin.token = res.headers['x-jwt-token'];
|
71 | done();
|
72 | });
|
73 | });
|
74 |
|
75 | it('A Project Owner should be able to Read a Resource', function(done) {
|
76 | request(app)
|
77 | .get(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
|
78 | .set('x-jwt-token', template.users.admin.token)
|
79 | .expect('Content-Type', /json/)
|
80 | .expect(200)
|
81 | .end(function(err, res) {
|
82 | if (err) {
|
83 | return done(err);
|
84 | }
|
85 |
|
86 | var response = res.body;
|
87 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
|
88 |
|
89 |
|
90 | template.users.admin.token = res.headers['x-jwt-token'];
|
91 |
|
92 | done();
|
93 | });
|
94 | });
|
95 |
|
96 | it('A Project Owner should be able to Update a Resource', function(done) {
|
97 | var updatedResource = _.clone(template.resources.tempResource);
|
98 | updatedResource.title = 'Updated';
|
99 |
|
100 | request(app)
|
101 | .put(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
|
102 | .set('x-jwt-token', template.users.admin.token)
|
103 | .send({title: updatedResource.title})
|
104 | .expect('Content-Type', /json/)
|
105 | .expect(200)
|
106 | .end(function(err, res) {
|
107 | if (err) {
|
108 | return done(err);
|
109 | }
|
110 |
|
111 | var response = res.body;
|
112 |
|
113 | updatedResource.modified = response.modified;
|
114 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(updatedResource, ignoreFields));
|
115 |
|
116 |
|
117 | template.resources.tempResource = response;
|
118 |
|
119 |
|
120 | template.users.admin.token = res.headers['x-jwt-token'];
|
121 |
|
122 | done();
|
123 | });
|
124 | });
|
125 |
|
126 | it('A Project Owner should be able to Read the Index of Resources', function(done) {
|
127 | request(app)
|
128 | .get(hook.alter('url', '/form?type=resource', template))
|
129 | .set('x-jwt-token', template.users.admin.token)
|
130 | .expect('Content-Type', /json/)
|
131 | .expect(200)
|
132 | .end(function(err, res) {
|
133 | if (err) {
|
134 | return done(err);
|
135 | }
|
136 |
|
137 | var response = res.body;
|
138 | assert.equal(response.length, _.size(template.resources));
|
139 | _.each(response, function(resource) {
|
140 | assert(template.resources.hasOwnProperty(resource.name), 'Resource not found.');
|
141 | });
|
142 |
|
143 |
|
144 | template.users.admin.token = res.headers['x-jwt-token'];
|
145 |
|
146 | done();
|
147 | });
|
148 | });
|
149 |
|
150 | it('A Project Owner should be able to Read a Resource using its alias', function(done) {
|
151 | request(app)
|
152 | .get(hook.alter('url', '/' + template.resources.tempResource.path, template))
|
153 | .set('x-jwt-token', template.users.admin.token)
|
154 | .expect('Content-Type', /json/)
|
155 | .expect(200)
|
156 | .end(function(err, res) {
|
157 | if (err) {
|
158 | return done(err);
|
159 | }
|
160 |
|
161 | var response = res.body;
|
162 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
|
163 |
|
164 |
|
165 | template.users.admin.token = res.headers['x-jwt-token'];
|
166 |
|
167 | done();
|
168 | });
|
169 | });
|
170 |
|
171 | it('A Project Owner should be able to Update a Resource using its alias', function(done) {
|
172 | var updatedResource = _.clone(template.resources.tempResource);
|
173 | updatedResource.title = 'Updated2';
|
174 |
|
175 | request(app)
|
176 | .put(hook.alter('url', '/' + template.resources.tempResource.path, template))
|
177 | .set('x-jwt-token', template.users.admin.token)
|
178 | .send({title: updatedResource.title})
|
179 | .expect('Content-Type', /json/)
|
180 | .expect(200)
|
181 | .end(function(err, res) {
|
182 | if (err) {
|
183 | return done(err);
|
184 | }
|
185 |
|
186 | var response = res.body;
|
187 |
|
188 | updatedResource.modified = response.modified;
|
189 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(updatedResource, ignoreFields));
|
190 |
|
191 |
|
192 | template.resources.tempResource = response;
|
193 |
|
194 |
|
195 | template.users.admin.token = res.headers['x-jwt-token'];
|
196 |
|
197 | done();
|
198 | });
|
199 | });
|
200 | });
|
201 |
|
202 | describe('Permissions - Resource Level - Authenticated User', function() {
|
203 | it('An user should not be able to Create a Resource for a User-Created Project', function(done) {
|
204 | request(app)
|
205 | .post(hook.alter('url', '/form', template))
|
206 | .set('x-jwt-token', template.users.user1.token)
|
207 | .send(template.resources.tempResource)
|
208 | .expect('Content-Type', /text\/plain/)
|
209 | .expect(401)
|
210 | .end(done);
|
211 | });
|
212 |
|
213 | it('A user should be able to Read a Resource for a User-Created Project', function(done) {
|
214 | request(app)
|
215 | .get(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
|
216 | .set('x-jwt-token', template.users.user1.token)
|
217 | .expect('Content-Type', /json/)
|
218 | .expect(200)
|
219 | .end(function(err, res) {
|
220 | if (err) {
|
221 | return done(err);
|
222 | }
|
223 |
|
224 | var response = res.body;
|
225 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
|
226 |
|
227 | done();
|
228 | });
|
229 | });
|
230 |
|
231 | it('A user should not be able to Update a Resource for a User-Created Project', function(done) {
|
232 | var updatedResource = _.clone(template.resources.tempResource);
|
233 | updatedResource.title = 'Updated';
|
234 |
|
235 | request(app)
|
236 | .put(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
|
237 | .set('x-jwt-token', template.users.user1.token)
|
238 | .send({title: updatedResource.title})
|
239 | .expect('Content-Type', /text\/plain/)
|
240 | .expect(401)
|
241 | .end(done);
|
242 | });
|
243 |
|
244 | it('A user should be able to Read the Index of Resource for a User-Created Project', function(done) {
|
245 | request(app)
|
246 | .get(hook.alter('url', '/form?type=resource', template))
|
247 | .set('x-jwt-token', template.users.user1.token)
|
248 | .expect('Content-Type', template.project ? /text\/plain/ : /json/)
|
249 | .expect(template.project ? 401 : 200)
|
250 | .end(done);
|
251 | });
|
252 |
|
253 | it('A user should not be able to Read a Resource for a User-Created Project using it alias', function(done) {
|
254 | request(app)
|
255 | .get(hook.alter('url', '/' + template.resources.tempResource.path, template))
|
256 | .set('x-jwt-token', template.users.user1.token)
|
257 | .expect('Content-Type', /json/)
|
258 | .expect(200)
|
259 | .end(function(err, res) {
|
260 | if (err) {
|
261 | return done(err);
|
262 | }
|
263 |
|
264 | var response = res.body;
|
265 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
|
266 |
|
267 | done();
|
268 | });
|
269 | });
|
270 |
|
271 | it('A user should not be able to Update a Resource for a User-Created Project using it alias', function(done) {
|
272 | var updatedResource = _.clone(template.resources.tempResource);
|
273 | updatedResource.title = 'Updated2';
|
274 |
|
275 | request(app)
|
276 | .put(hook.alter('url', '/' + template.resources.tempResource.path, template))
|
277 | .set('x-jwt-token', template.users.user1.token)
|
278 | .expect('Content-Type', /text\/plain/)
|
279 | .expect(401)
|
280 | .end(done);
|
281 | });
|
282 | });
|
283 |
|
284 | describe('Permissions - Resource Level - Anonymous User', function() {
|
285 | it('An Anonymous user should not be able to Create a Resource for a User-Created Project', function(done) {
|
286 | request(app)
|
287 | .post(hook.alter('url', '/form', template))
|
288 | .send(template.resources.tempResource)
|
289 | .expect('Content-Type', /text\/plain/)
|
290 | .expect(401)
|
291 | .end(done);
|
292 | });
|
293 |
|
294 | it('An Anonymous user should be able to Read a Resource for a User-Created Project', function(done) {
|
295 | request(app)
|
296 | .get(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
|
297 | .expect('Content-Type', /json/)
|
298 | .expect(200)
|
299 | .end(function(err, res) {
|
300 | if (err) {
|
301 | return done(err);
|
302 | }
|
303 |
|
304 | var response = res.body;
|
305 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
|
306 |
|
307 | done();
|
308 | });
|
309 | });
|
310 |
|
311 | it('An Anonymous user should not be able to Update a Resource for a User-Created Project', function(done) {
|
312 | var updatedResource = _.clone(template.resources.tempResource);
|
313 | updatedResource.title = 'Updated';
|
314 |
|
315 | request(app)
|
316 | .put(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
|
317 | .send({title: updatedResource.title})
|
318 | .expect('Content-Type', /text\/plain/)
|
319 | .expect(401)
|
320 | .end(done);
|
321 | });
|
322 |
|
323 | it('An Anonymous user should be able to Read the Index of Resource for a User-Created Project', function(done) {
|
324 | request(app)
|
325 | .get(hook.alter('url', '/form?type=resource', template))
|
326 | .expect('Content-Type', template.project ? /text\/plain/ : /json/)
|
327 | .expect(template.project ? 401 : 200)
|
328 | .end(done);
|
329 | });
|
330 |
|
331 | it('An Anonymous user should not be able to Read a Resource for a User-Created Project using it alias', function(done) {
|
332 | request(app)
|
333 | .get(hook.alter('url', '/' + template.resources.tempResource.path, template))
|
334 | .expect('Content-Type', /json/)
|
335 | .expect(200)
|
336 | .end(function(err, res) {
|
337 | if (err) {
|
338 | return done(err);
|
339 | }
|
340 |
|
341 | var response = res.body;
|
342 | assert.deepEqual(_.omit(response, ignoreFields), _.omit(template.resources.tempResource, ignoreFields));
|
343 |
|
344 | done();
|
345 | });
|
346 | });
|
347 |
|
348 | it('An Anonymous user should not be able to Update a Resource for a User-Created Project using it alias', function(done) {
|
349 | var updatedResource = _.clone(template.resources.tempResource);
|
350 | updatedResource.title = 'Updated2';
|
351 |
|
352 | request(app)
|
353 | .put(hook.alter('url', '/' + template.resources.tempResource.path, template))
|
354 | .expect('Content-Type', /text\/plain/)
|
355 | .expect(401)
|
356 | .end(done);
|
357 | });
|
358 | });
|
359 |
|
360 | describe('Resource Normalization', function() {
|
361 | it('A Project Owner should be able to Delete a Resource', function(done) {
|
362 | request(app)
|
363 | .delete(hook.alter('url', '/form/' + template.resources.tempResource._id, template))
|
364 | .set('x-jwt-token', template.users.admin.token)
|
365 | .expect(200)
|
366 | .end(function(err, res) {
|
367 | if (err) {
|
368 | return done(err);
|
369 | }
|
370 |
|
371 | var response = res.body;
|
372 | assert.deepEqual(response, {});
|
373 |
|
374 |
|
375 | template.users.admin.token = res.headers['x-jwt-token'];
|
376 |
|
377 | done();
|
378 | });
|
379 | });
|
380 |
|
381 | it('A Project Owner should be able to Create a User Resource', function(done) {
|
382 | var userResource = {
|
383 | title: 'Users',
|
384 | name: 'user2',
|
385 | path: 'user2',
|
386 | type: 'resource',
|
387 | access: [],
|
388 | submissionAccess: [
|
389 | {
|
390 | type: 'read_own',
|
391 | roles: [template.roles.authenticated._id.toString()]
|
392 | },
|
393 | {
|
394 | type: 'update_own',
|
395 | roles: [template.roles.authenticated._id.toString()]
|
396 | },
|
397 | {
|
398 | type: 'delete_own',
|
399 | roles: [template.roles.authenticated._id.toString()]
|
400 | }
|
401 | ],
|
402 | components: [
|
403 | {
|
404 | type: 'textfield',
|
405 | validate: {
|
406 | custom: '',
|
407 | pattern: '',
|
408 | maxLength: '',
|
409 | minLength: '',
|
410 | required: false
|
411 | },
|
412 | defaultValue: '',
|
413 | multiple: false,
|
414 | suffix: '',
|
415 | prefix: '',
|
416 | placeholder: 'username',
|
417 | key: 'username',
|
418 | label: 'username',
|
419 | inputMask: '',
|
420 | inputType: 'text',
|
421 | input: true
|
422 | },
|
423 | {
|
424 | type: 'password',
|
425 | suffix: '',
|
426 | prefix: '',
|
427 | placeholder: 'password',
|
428 | key: 'password',
|
429 | label: 'password',
|
430 | inputType: 'password',
|
431 | input: true
|
432 | }
|
433 | ]
|
434 | };
|
435 |
|
436 | request(app)
|
437 | .post(hook.alter('url', '/form', template))
|
438 | .set('x-jwt-token', template.users.admin.token)
|
439 | .send(userResource)
|
440 | .expect('Content-Type', /json/)
|
441 | .expect(201)
|
442 | .end(function(err, res) {
|
443 | if (err) {
|
444 | return done(err);
|
445 | }
|
446 |
|
447 | var response = res.body;
|
448 | assert(response.hasOwnProperty('_id'), 'The response should contain an `_id`.');
|
449 | assert(response.hasOwnProperty('modified'), 'The response should contain a `modified` timestamp.');
|
450 | assert(response.hasOwnProperty('created'), 'The response should contain a `created` timestamp.');
|
451 | assert(response.hasOwnProperty('access'), 'The response should contain an the `access`.');
|
452 | assert.equal(response.title, userResource.title);
|
453 | assert.equal(response.name, userResource.name);
|
454 | assert.equal(response.path, userResource.path);
|
455 | assert.equal(response.type, 'resource');
|
456 | assert.deepEqual(response.components, userResource.components);
|
457 |
|
458 |
|
459 | template.users.admin.token = res.headers['x-jwt-token'];
|
460 |
|
461 | done();
|
462 | });
|
463 | });
|
464 | });
|
465 | });
|
466 | };
|