1 |
|
2 | 'use strict';
|
3 |
|
4 | var request = require('supertest');
|
5 | var assert = require('assert');
|
6 | var _ = require('lodash');
|
7 | var async = require('async');
|
8 | var docker = process.env.DOCKER;
|
9 | var chance = new (require('chance'))();
|
10 |
|
11 | module.exports = function(app, template, hook) {
|
12 | var Helper = require('./helper')(app);
|
13 |
|
14 | describe('Roles', function() {
|
15 |
|
16 | var tempRole = {
|
17 | title: 'TestRole',
|
18 | description: 'A test role.'
|
19 | };
|
20 |
|
21 | describe('CRUD Operations', function() {
|
22 | it('An administrator should be able to Create a Role', function(done) {
|
23 | request(app)
|
24 | .post(hook.alter('url', '/role', template))
|
25 | .set('x-jwt-token', template.users.admin.token)
|
26 | .send(tempRole)
|
27 | .expect('Content-Type', /json/)
|
28 | .expect(201)
|
29 | .end(function(err, res) {
|
30 | if (err) {
|
31 | return done(err);
|
32 | }
|
33 |
|
34 | var response = res.body;
|
35 | assert(response.hasOwnProperty('_id'), 'Each role in the response should contain an `_id`.');
|
36 | assert(response.hasOwnProperty('modified'), 'Each role in the response should contain a `modified` timestamp.');
|
37 | assert(response.hasOwnProperty('created'), 'Each role in the response should contain a `created` timestamp.');
|
38 | assert.equal(response.title, tempRole.title);
|
39 | assert.equal(response.description, tempRole.description);
|
40 |
|
41 |
|
42 | template.roles.tempRole = response;
|
43 |
|
44 |
|
45 | template.users.admin.token = res.headers['x-jwt-token'];
|
46 |
|
47 | done();
|
48 | });
|
49 | });
|
50 |
|
51 | it('A user should NOT be able to create a role', function(done) {
|
52 | request(app)
|
53 | .post(hook.alter('url', '/role', template))
|
54 | .set('x-jwt-token', template.users.user1.token)
|
55 | .send(tempRole)
|
56 | .expect(401)
|
57 | .end(done);
|
58 | });
|
59 |
|
60 | it('An administrator should be able to Read an available Role', function(done) {
|
61 | request(app)
|
62 | .get(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
63 | .set('x-jwt-token', template.users.admin.token)
|
64 | .expect('Content-Type', /json/)
|
65 | .expect(200)
|
66 | .end(function(err, res) {
|
67 | if (err) {
|
68 | return done(err);
|
69 | }
|
70 |
|
71 | var response = res.body;
|
72 | assert.deepEqual(response, template.roles.tempRole);
|
73 |
|
74 |
|
75 | template.users.admin.token = res.headers['x-jwt-token'];
|
76 |
|
77 | done();
|
78 | });
|
79 | });
|
80 |
|
81 | it('A user should NOT be able to Read an available Role', function(done) {
|
82 | request(app)
|
83 | .get(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
84 | .set('x-jwt-token', template.users.user1.token)
|
85 | .expect(401)
|
86 | .end(done);
|
87 | });
|
88 |
|
89 | it('An administrator should be able to Update an available Role', function(done) {
|
90 | var updatedRole = _.clone(template.roles.tempRole);
|
91 | updatedRole.title = 'Update';
|
92 |
|
93 | request(app)
|
94 | .put(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
95 | .set('x-jwt-token', template.users.admin.token)
|
96 | .send({title: updatedRole.title})
|
97 | .expect('Content-Type', /json/)
|
98 | .expect(200)
|
99 | .end(function(err, res) {
|
100 | if (err) {
|
101 | return done(err);
|
102 | }
|
103 |
|
104 | var response = res.body;
|
105 |
|
106 | updatedRole.modified = response.modified;
|
107 | assert.deepEqual(response, updatedRole);
|
108 |
|
109 |
|
110 | template.roles.tempRole = response;
|
111 |
|
112 |
|
113 | template.users.admin.token = res.headers['x-jwt-token'];
|
114 |
|
115 | done();
|
116 | });
|
117 | });
|
118 |
|
119 | it('A user should NOT be able to update an available Role', function(done) {
|
120 | request(app)
|
121 | .put(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
122 | .set('x-jwt-token', template.users.user1.token)
|
123 | .send({title: 'THIS SHOULD NOT WORK!!!'})
|
124 | .expect(401)
|
125 | .end(done);
|
126 | });
|
127 |
|
128 | it('An administrator should be able to Read the Index of available Roles', function(done) {
|
129 | request(app)
|
130 | .get(hook.alter('url', '/role?limit=9999', template))
|
131 | .set('x-jwt-token', template.users.admin.token)
|
132 | .expect('Content-Type', /json/)
|
133 | .expect(200)
|
134 | .end(function(err, res) {
|
135 | if (err) {
|
136 | return done(err);
|
137 | }
|
138 |
|
139 | var response = res.body;
|
140 | assert.equal(response.length, 4);
|
141 |
|
142 |
|
143 | for (var a = 0; a < response.length; a++) {
|
144 | assert(response[a].hasOwnProperty('_id'), 'Each role in the response should contain an `_id`.');
|
145 | assert(response[a].hasOwnProperty('modified'), 'Each role in the response should contain a `modified` timestamp.');
|
146 | assert(response[a].hasOwnProperty('created'), 'Each role in the response should contain a `created` timestamp.');
|
147 |
|
148 |
|
149 | if (response[a].title === 'Administrator') {
|
150 | assert.equal(response[a].title, 'Administrator');
|
151 | assert.equal(response[a].description, 'A role for Administrative Users.');
|
152 | }
|
153 | else if (response[a].title === 'Authenticated') {
|
154 | assert.equal(response[a].title, 'Authenticated');
|
155 | assert.equal(response[a].description, 'A role for Authenticated Users.');
|
156 | }
|
157 | else if (response[a].title === 'Anonymous') {
|
158 | assert.equal(response[a].title, 'Anonymous');
|
159 | assert.equal(response[a].description, 'A role for Anonymous Users.');
|
160 | }
|
161 | }
|
162 |
|
163 |
|
164 | template.users.admin.token = res.headers['x-jwt-token'];
|
165 |
|
166 | done();
|
167 | });
|
168 | });
|
169 |
|
170 | it('Cant access a Role without a valid Role Id', function(done) {
|
171 | request(app)
|
172 | .get(hook.alter('url', '/role/2342342344234', template))
|
173 | .set('x-jwt-token', template.users.admin.token)
|
174 | .expect('Content-Type', /json/)
|
175 | .expect(400)
|
176 | .end(function(err, res) {
|
177 | if (err) {
|
178 | return done(err);
|
179 | }
|
180 |
|
181 |
|
182 | template.users.admin.token = res.headers['x-jwt-token'];
|
183 |
|
184 | done();
|
185 | });
|
186 | });
|
187 |
|
188 | it('A USER should NOT be able to Read the Index of available Roles', function(done) {
|
189 | request(app)
|
190 | .get(hook.alter('url', '/role', template))
|
191 | .set('x-jwt-token', template.users.user1.token)
|
192 | .expect(401)
|
193 | .end(done);
|
194 | });
|
195 |
|
196 | it('should not be able to PATCH a role', function(done) {
|
197 | request(app)
|
198 | .patch(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
199 | .set('x-jwt-token', template.users.admin.token)
|
200 | .send([{op: 'replace', path: 'default', value: false}])
|
201 | .expect(405)
|
202 | .end(done);
|
203 | });
|
204 | });
|
205 |
|
206 | describe('Permissions - Project Level - Anonymous User', function() {
|
207 | it('An Anonymous user should not be able to Create a Role for a User-Created Project', function(done) {
|
208 | request(app)
|
209 | .post(hook.alter('url', '/role', template))
|
210 | .send(template.roles.tempRole)
|
211 | .expect('Content-Type', /text\/plain/)
|
212 | .expect(401)
|
213 | .end(done);
|
214 | });
|
215 |
|
216 | it('An Anonymous user should not be able to Read a Role for a User-Created Project', function(done) {
|
217 | request(app)
|
218 | .get(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
219 | .expect('Content-Type', /text\/plain/)
|
220 | .expect(401)
|
221 | .end(done);
|
222 | });
|
223 |
|
224 | it('An Anonymous user should not be able to Update a Role for a User-Created Project', function(done) {
|
225 | request(app)
|
226 | .get(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
227 | .send({title: 'Some Update'})
|
228 | .expect('Content-Type', /text\/plain/)
|
229 | .expect(401)
|
230 | .end(done);
|
231 | });
|
232 |
|
233 | it('An Anonymous user should not be able to Read the Index of Roles for a User-Created Project', function(done) {
|
234 | request(app)
|
235 | .get(hook.alter('url', '/role', template))
|
236 | .expect('Content-Type', /text\/plain/)
|
237 | .expect(401)
|
238 | .end(done);
|
239 | });
|
240 |
|
241 | it('An Anonymous user should not be able to Delete a Role for a User-Created Project', function(done) {
|
242 | request(app)
|
243 | .delete(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
244 | .expect('Content-Type', /text\/plain/)
|
245 | .expect(401)
|
246 | .end(done);
|
247 | });
|
248 | });
|
249 |
|
250 | describe('Other Role Tests', function() {
|
251 | it('The defaultAccess Role for a Project cannot be deleted', function(done) {
|
252 | request(app)
|
253 | .delete(hook.alter('url', '/role/' + template.roles.anonymous._id, template))
|
254 | .set('x-jwt-token', template.users.admin.token)
|
255 | .expect('Content-Type', /text\/plain/)
|
256 | .expect(405)
|
257 | .end(function(err, res) {
|
258 | if (err) {
|
259 | return done(err);
|
260 | }
|
261 |
|
262 | var response = res.text;
|
263 | assert.equal(response, 'Method Not Allowed');
|
264 |
|
265 |
|
266 | template.users.admin.token = res.headers['x-jwt-token'];
|
267 |
|
268 | done();
|
269 | });
|
270 | });
|
271 |
|
272 | it('The default Admin Role for a Project cannot be deleted', function(done) {
|
273 | request(app)
|
274 | .delete(hook.alter('url', '/role/' + template.roles.administrator._id, template))
|
275 | .set('x-jwt-token', template.users.admin.token)
|
276 | .expect('Content-Type', /text\/plain/)
|
277 | .expect(405)
|
278 | .end(function(err, res) {
|
279 | if (err) {
|
280 | return done(err);
|
281 | }
|
282 |
|
283 | var response = res.text;
|
284 | assert.equal(response, 'Method Not Allowed');
|
285 |
|
286 |
|
287 | template.users.admin.token = res.headers['x-jwt-token'];
|
288 |
|
289 | done();
|
290 | });
|
291 | });
|
292 | });
|
293 |
|
294 | describe('Role Normalization', function() {
|
295 | it('A Form.io Project Owner should be able to Delete a Role', function(done) {
|
296 | request(app)
|
297 | .delete(hook.alter('url', '/role/' + template.roles.tempRole._id, template))
|
298 | .set('x-jwt-token', template.users.admin.token)
|
299 | .expect(200)
|
300 | .end(function(err, res) {
|
301 | if (err) {
|
302 | return done(err);
|
303 | }
|
304 |
|
305 | var response = res.body;
|
306 | assert.deepEqual(response, {});
|
307 |
|
308 |
|
309 | template.users.admin.token = res.headers['x-jwt-token'];
|
310 |
|
311 | done();
|
312 | });
|
313 | });
|
314 |
|
315 | if (!docker)
|
316 | it('Deleted roles should remain in the DB', function(done) {
|
317 | var formio = hook.alter('formio', app.formio);
|
318 | formio.resources.role.model.findOne({_id: template.roles.tempRole._id}, function(err, role) {
|
319 | if (err) {
|
320 | return done(err);
|
321 | }
|
322 | if (!role) {
|
323 | return done('No role found with _id: ' + template.roles.tempRole._id + ', expected 1.');
|
324 | }
|
325 |
|
326 | role = role.toObject();
|
327 | assert.notEqual(role.deleted, null);
|
328 | done();
|
329 | });
|
330 | });
|
331 |
|
332 | it('The default Project Roles should still be available', function(done) {
|
333 | request(app)
|
334 | .get(hook.alter('url', '/role?limit=9999', template))
|
335 | .set('x-jwt-token', template.users.admin.token)
|
336 | .expect('Content-Type', /json/)
|
337 | .expect(200)
|
338 | .end(function(err, res) {
|
339 | if (err) {
|
340 | return done(err);
|
341 | }
|
342 |
|
343 | var response = res.body;
|
344 | assert.equal(response.length, 3);
|
345 |
|
346 |
|
347 | template.users.admin.token = res.headers['x-jwt-token'];
|
348 |
|
349 | done();
|
350 | });
|
351 | });
|
352 | });
|
353 |
|
354 | describe('Form access on role modification', function() {
|
355 | var f1 = {
|
356 | title: 'Temp Form',
|
357 | name: 'tempForm',
|
358 | path: 'temp/form',
|
359 | type: 'form',
|
360 | access: [],
|
361 | submissionAccess: [],
|
362 | components: [
|
363 | {
|
364 | type: 'textfield',
|
365 | validate: {
|
366 | custom: '',
|
367 | pattern: '',
|
368 | maxLength: '',
|
369 | minLength: '',
|
370 | required: false
|
371 | },
|
372 | defaultValue: '',
|
373 | multiple: false,
|
374 | suffix: '',
|
375 | prefix: '',
|
376 | placeholder: 'foo',
|
377 | key: 'foo',
|
378 | label: 'foo',
|
379 | inputMask: '',
|
380 | inputType: 'text',
|
381 | input: true
|
382 | }
|
383 | ]
|
384 | };
|
385 | var f2 = {
|
386 | title: 'Temp Form',
|
387 | name: 'tempForm2',
|
388 | path: 'temp/form2',
|
389 | type: 'form',
|
390 | access: [],
|
391 | submissionAccess: [],
|
392 | components: [
|
393 | {
|
394 | type: 'textfield',
|
395 | validate: {
|
396 | custom: '',
|
397 | pattern: '',
|
398 | maxLength: '',
|
399 | minLength: '',
|
400 | required: false
|
401 | },
|
402 | defaultValue: '',
|
403 | multiple: false,
|
404 | suffix: '',
|
405 | prefix: '',
|
406 | placeholder: 'foo',
|
407 | key: 'foo',
|
408 | label: 'foo',
|
409 | inputMask: '',
|
410 | inputType: 'text',
|
411 | input: true
|
412 | }
|
413 | ]
|
414 | };
|
415 | var r1 = _.clone(tempRole);
|
416 |
|
417 | describe('Role tests', function() {
|
418 | it('Create a test form', function(done) {
|
419 | request(app)
|
420 | .post(hook.alter('url', '/form', template))
|
421 | .set('x-jwt-token', template.users.admin.token)
|
422 | .send(f1)
|
423 | .expect('Content-Type', /json/)
|
424 | .expect(201)
|
425 | .end(function(err, res) {
|
426 | if (err) {
|
427 | return done(err);
|
428 | }
|
429 |
|
430 | var response = res.body;
|
431 | assert.notEqual(response.access, []);
|
432 | assert.equal(response.access.length, 1);
|
433 | assert.equal(response.access[0].type, 'read_all');
|
434 | assert.equal(response.access[0].roles.length, 3);
|
435 | f1 = response;
|
436 |
|
437 |
|
438 | template.users.admin.token = res.headers['x-jwt-token'];
|
439 |
|
440 | done();
|
441 | });
|
442 | });
|
443 |
|
444 | it('Create a test role', function(done) {
|
445 | request(app)
|
446 | .post(hook.alter('url', '/role', template))
|
447 | .set('x-jwt-token', template.users.admin.token)
|
448 | .send(r1)
|
449 | .expect('Content-Type', /json/)
|
450 | .expect(201)
|
451 | .end(function(err, res) {
|
452 | if (err) {
|
453 | return done(err);
|
454 | }
|
455 |
|
456 | r1 = res.body;
|
457 |
|
458 |
|
459 | template.users.admin.token = res.headers['x-jwt-token'];
|
460 |
|
461 | done();
|
462 | });
|
463 | });
|
464 |
|
465 | it('Existing forms should get updated with any new roles', function(done) {
|
466 | request(app)
|
467 | .get(hook.alter('url', '/form/' + f1._id, template))
|
468 | .set('x-jwt-token', template.users.admin.token)
|
469 | .expect('Content-Type', /json/)
|
470 | .expect(200)
|
471 | .end(function(err, res) {
|
472 | if (err) {
|
473 | return done(err);
|
474 | }
|
475 |
|
476 | var response = res.body;
|
477 | assert.notEqual(response.access, []);
|
478 | assert.equal(response.access.length, 1);
|
479 | assert.equal(response.access[0].type, 'read_all');
|
480 | assert.equal(response.access[0].roles.length, 4);
|
481 | assert.notEqual(response.access[0].roles.indexOf(r1._id), -1);
|
482 | f1 = response;
|
483 |
|
484 |
|
485 | template.users.admin.token = res.headers['x-jwt-token'];
|
486 |
|
487 | done();
|
488 | });
|
489 | });
|
490 |
|
491 | it('New forms should allow read access from all roles', function(done) {
|
492 | request(app)
|
493 | .post(hook.alter('url', '/form', template))
|
494 | .set('x-jwt-token', template.users.admin.token)
|
495 | .send(f2)
|
496 | .expect('Content-Type', /json/)
|
497 | .expect(201)
|
498 | .end(function(err, res) {
|
499 | if (err) {
|
500 | return done(err);
|
501 | }
|
502 |
|
503 | var response = res.body;
|
504 | assert.notEqual(response.access, []);
|
505 | assert.equal(response.access.length, 1);
|
506 | assert.equal(response.access[0].type, 'read_all');
|
507 | assert.equal(response.access[0].roles.length, 4);
|
508 | assert.notEqual(response.access[0].roles.indexOf(r1._id), -1);
|
509 | f2 = response;
|
510 |
|
511 |
|
512 | template.users.admin.token = res.headers['x-jwt-token'];
|
513 |
|
514 | done();
|
515 | });
|
516 | });
|
517 |
|
518 | it('Any custom role can be removed', function(done) {
|
519 | request(app)
|
520 | .delete(hook.alter('url', '/role/' + r1._id, template))
|
521 | .set('x-jwt-token', template.users.admin.token)
|
522 | .expect(200)
|
523 | .end(function(err, res) {
|
524 | if (err) {
|
525 | return done(err);
|
526 | }
|
527 |
|
528 | var response = res.body;
|
529 | assert.deepEqual(response, {});
|
530 |
|
531 |
|
532 | template.users.admin.token = res.headers['x-jwt-token'];
|
533 |
|
534 | done();
|
535 | });
|
536 | });
|
537 |
|
538 | it('Forms existing before new roles are added, should be updated after a role is removed', function(done) {
|
539 | request(app)
|
540 | .get(hook.alter('url', '/form/' + f1._id, template))
|
541 | .set('x-jwt-token', template.users.admin.token)
|
542 | .expect('Content-Type', /json/)
|
543 | .expect(200)
|
544 | .end(function(err, res) {
|
545 | if (err) {
|
546 | return done(err);
|
547 | }
|
548 |
|
549 | var response = res.body;
|
550 | assert.notEqual(response.access, []);
|
551 | assert.equal(response.access.length, 1);
|
552 | assert.equal(response.access[0].type, 'read_all');
|
553 | assert.equal(response.access[0].roles.length, 3);
|
554 | assert.equal(response.access[0].roles.indexOf(r1._id), -1);
|
555 | f1 = response;
|
556 |
|
557 |
|
558 | template.users.admin.token = res.headers['x-jwt-token'];
|
559 |
|
560 | done();
|
561 | });
|
562 | });
|
563 |
|
564 | it('Forms existing after new roles are added, should be updated after a role is removed', function(done) {
|
565 | request(app)
|
566 | .get(hook.alter('url', '/form/' + f2._id, template))
|
567 | .set('x-jwt-token', template.users.admin.token)
|
568 | .expect('Content-Type', /json/)
|
569 | .expect(200)
|
570 | .end(function(err, res) {
|
571 | if (err) {
|
572 | return done(err);
|
573 | }
|
574 |
|
575 | var response = res.body;
|
576 | assert.notEqual(response.access, []);
|
577 | assert.equal(response.access.length, 1);
|
578 | assert.equal(response.access[0].type, 'read_all');
|
579 | assert.equal(response.access[0].roles.length, 3);
|
580 | assert.equal(response.access[0].roles.indexOf(r1._id), -1);
|
581 | f2 = response;
|
582 |
|
583 |
|
584 | template.users.admin.token = res.headers['x-jwt-token'];
|
585 |
|
586 | done();
|
587 | });
|
588 | });
|
589 | });
|
590 |
|
591 | describe('Suite normalization', function() {
|
592 | it('Clean up the test forms', function(done) {
|
593 | async.each([f1, f2], function(form, cb) {
|
594 | request(app)
|
595 | .delete(hook.alter('url', '/form/' + form._id, template))
|
596 | .set('x-jwt-token', template.users.admin.token)
|
597 | .expect(200)
|
598 | .end(function(err, res) {
|
599 | if (err) {
|
600 | return cb(err);
|
601 | }
|
602 |
|
603 | var response = res.body;
|
604 | assert.deepEqual(response, {});
|
605 |
|
606 |
|
607 | template.users.admin.token = res.headers['x-jwt-token'];
|
608 |
|
609 | cb();
|
610 | });
|
611 | }, function(err) {
|
612 | if (err) {
|
613 | return done(err);
|
614 | }
|
615 |
|
616 | done();
|
617 | });
|
618 | });
|
619 | });
|
620 | });
|
621 |
|
622 | describe('Role MachineNames', function() {
|
623 | var _role;
|
624 | var name = chance.word();
|
625 | var helper;
|
626 |
|
627 | before(function() {
|
628 | helper = new Helper(template.users.admin, template);
|
629 | });
|
630 |
|
631 | after(function(done) {
|
632 | helper.deleteRole(name, done);
|
633 | });
|
634 |
|
635 | it('Roles expose their machineNames through the api', function(done) {
|
636 | helper
|
637 | .role({
|
638 | title: name
|
639 | })
|
640 | .execute(function(err, result) {
|
641 | if (err) {
|
642 | return done(err);
|
643 | }
|
644 |
|
645 | var role = result.getRole(name);
|
646 | assert(role.hasOwnProperty('machineName'));
|
647 | _role = role;
|
648 | done();
|
649 | });
|
650 | });
|
651 |
|
652 | it('A user can modify their role machineNames', function(done) {
|
653 | var newMachineName = chance.word();
|
654 |
|
655 | helper
|
656 | .role(name, {
|
657 | _id: _role._id,
|
658 | machineName: newMachineName
|
659 | })
|
660 | .execute(function(err, result) {
|
661 | if (err) {
|
662 | return done(err);
|
663 | }
|
664 |
|
665 | var role = result.getRole(name);
|
666 | assert(role.hasOwnProperty('machineName'));
|
667 | assert.equal(role.machineName, newMachineName);
|
668 | done();
|
669 | });
|
670 | });
|
671 | });
|
672 | });
|
673 |
|
674 | describe('Submission Role Access', () => {
|
675 | let accessHelper = null;
|
676 | let manager = null;
|
677 | let employee = null;
|
678 | it('Bootstrap', (done) => {
|
679 | const owner = (app.hasProjects || docker) ? template.formio.owner : template.users.admin;
|
680 | accessHelper = new Helper(owner, null, hook);
|
681 | accessHelper
|
682 | .project()
|
683 | .role({
|
684 | title: 'access-manager'
|
685 | })
|
686 | .role({
|
687 | title: 'access-employee'
|
688 | })
|
689 | .resource('access-manager', [
|
690 | {
|
691 | type: 'email',
|
692 | key: 'email',
|
693 | label: 'Email'
|
694 | },
|
695 | {
|
696 | type: 'password',
|
697 | key: 'password',
|
698 | label: 'Password'
|
699 | }
|
700 | ], {
|
701 | submissionAccess: [
|
702 | {
|
703 | type: 'create_all',
|
704 | roles: ['anonymous']
|
705 | },
|
706 | {
|
707 | type: 'update_own',
|
708 | roles: ['access-manager']
|
709 | }
|
710 | ]
|
711 | })
|
712 | .action('access-manager', {
|
713 | title: 'Save Submission',
|
714 | name: 'save',
|
715 | handler: ['before'],
|
716 | method: ['create', 'update'],
|
717 | priority: 11,
|
718 | settings: {}
|
719 | })
|
720 | .action('access-manager', {
|
721 | title: 'Role Assignment',
|
722 | name: 'role',
|
723 | priority: 1,
|
724 | handler: ['after'],
|
725 | method: ['create'],
|
726 | settings: {
|
727 | association: 'new',
|
728 | type: 'add',
|
729 | role: 'access-manager'
|
730 | }
|
731 | })
|
732 | .action('access-manager', {
|
733 | title: 'Role Assignment',
|
734 | name: 'role',
|
735 | priority: 2,
|
736 | handler: ['after'],
|
737 | method: ['create'],
|
738 | settings: {
|
739 | association: 'new',
|
740 | type: 'add',
|
741 | role: 'access-employee'
|
742 | }
|
743 | })
|
744 | .resource('access-employee', [
|
745 | {
|
746 | type: 'email',
|
747 | key: 'email',
|
748 | label: 'Email'
|
749 | },
|
750 | {
|
751 | type: 'password',
|
752 | key: 'password',
|
753 | label: 'Password'
|
754 | }
|
755 | ], {
|
756 | submissionAccess: [
|
757 | {
|
758 | type: 'create_all',
|
759 | roles: ['anonymous']
|
760 | },
|
761 | {
|
762 | type: 'update_own',
|
763 | roles: ['access-employee']
|
764 | }
|
765 | ]
|
766 | })
|
767 | .action('access-employee', {
|
768 | title: 'Save Submission',
|
769 | name: 'save',
|
770 | handler: ['before'],
|
771 | method: ['create', 'update'],
|
772 | priority: 11,
|
773 | settings: {}
|
774 | })
|
775 | .action('access-employee', {
|
776 | title: 'Role Assignment',
|
777 | name: 'role',
|
778 | priority: 1,
|
779 | handler: ['after'],
|
780 | method: ['create'],
|
781 | settings: {
|
782 | association: 'new',
|
783 | type: 'add',
|
784 | role: 'access-employee'
|
785 | }
|
786 | })
|
787 | .form('access-login', [
|
788 | {
|
789 | type: 'email',
|
790 | key: 'email',
|
791 | label: 'Email'
|
792 | },
|
793 | {
|
794 | type: 'password',
|
795 | key: 'password',
|
796 | label: 'Password'
|
797 | }
|
798 | ], {
|
799 | submissionAccess: [
|
800 | {
|
801 | type: 'create_own',
|
802 | roles: ['anonymous']
|
803 | }
|
804 | ]
|
805 | })
|
806 | .action('access-login', {
|
807 | title: 'Login',
|
808 | name: 'login',
|
809 | handler: ['before'],
|
810 | method: ['create'],
|
811 | priority: 0,
|
812 | settings: {
|
813 | resources: ['access-manager', 'access-employee'],
|
814 | username: 'email',
|
815 | password: 'password'
|
816 | }
|
817 | })
|
818 | .execute(function(err) {
|
819 | if (err) {
|
820 | return done(err);
|
821 | }
|
822 | done();
|
823 | });
|
824 | });
|
825 |
|
826 | it('Should allow an anonymous user to create a Manager record.', (done) => {
|
827 | accessHelper.submission('access-manager', {
|
828 | email: 'manager@example.com',
|
829 | password: 'manager123'
|
830 | }, null).execute((err) => {
|
831 | if (err) {
|
832 | return done(err);
|
833 | }
|
834 |
|
835 | manager = accessHelper.getLastSubmission();
|
836 |
|
837 |
|
838 | assert.equal(manager._id, manager.owner);
|
839 | assert.equal(_.intersection(manager.roles, [
|
840 | accessHelper.template.roles['access-manager']._id.toString(),
|
841 | accessHelper.template.roles['access-employee']._id.toString()]
|
842 | ).length, 2);
|
843 | done();
|
844 | });
|
845 | });
|
846 |
|
847 | it('Should allow an anonymous user to create an Employee record.', (done) => {
|
848 | accessHelper.submission('access-employee', {
|
849 | email: 'employee@example.com',
|
850 | password: 'employee123'
|
851 | }, null).execute((err) => {
|
852 | if (err) {
|
853 | return done(err);
|
854 | }
|
855 |
|
856 | employee = accessHelper.getLastSubmission();
|
857 |
|
858 |
|
859 | assert.equal(employee._id, employee.owner);
|
860 | assert.deepEqual(employee.roles, [
|
861 | accessHelper.template.roles['access-employee']._id.toString()
|
862 | ]);
|
863 | done();
|
864 | });
|
865 | });
|
866 |
|
867 | it('Should allow the manager to log in', (done) => {
|
868 | accessHelper.submission('access-login', {
|
869 | email: 'manager@example.com',
|
870 | password: 'manager123'
|
871 | }, null).execute((err) => {
|
872 | if (err) {
|
873 | return done(err);
|
874 | }
|
875 |
|
876 | manager.token = accessHelper.lastResponse.headers['x-jwt-token'];
|
877 | assert(!!manager.token, 'No token was created');
|
878 | done();
|
879 | });
|
880 | });
|
881 |
|
882 | it('Should allow the employee to log in', (done) => {
|
883 | accessHelper.submission('access-login', {
|
884 | email: 'employee@example.com',
|
885 | password: 'employee123'
|
886 | }, null).execute((err) => {
|
887 | if (err) {
|
888 | return done(err);
|
889 | }
|
890 |
|
891 | employee.token = accessHelper.lastResponse.headers['x-jwt-token'];
|
892 | assert(!!employee.token, 'No token was created');
|
893 | done();
|
894 | });
|
895 | });
|
896 |
|
897 | it('Should allow the manager to update their own record, but not roles.', (done) => {
|
898 | manager.data.email = 'manager2@example.com';
|
899 | manager.roles = [
|
900 | accessHelper.template.roles['access-manager']._id.toString(),
|
901 | accessHelper.template.roles['access-employee']._id.toString(),
|
902 | accessHelper.template.roles.authenticated._id.toString()
|
903 | ];
|
904 | accessHelper.submission('access-manager', manager, manager)
|
905 | .execute((err) => {
|
906 | if (err) {
|
907 | return done(err);
|
908 | }
|
909 |
|
910 |
|
911 | const updated = accessHelper.getLastSubmission();
|
912 | assert.equal(updated.data.email, 'manager2@example.com');
|
913 | assert.equal(_.intersection(updated.roles, [
|
914 | accessHelper.template.roles['access-manager']._id.toString(),
|
915 | accessHelper.template.roles['access-employee']._id.toString()]
|
916 | ).length, 2);
|
917 | _.assign(manager, updated);
|
918 | done();
|
919 | });
|
920 | });
|
921 |
|
922 | it('Should not allow an anonymous user to update the manager record', (done) => {
|
923 | manager.data.email = 'manager3@example.com';
|
924 | accessHelper.submission('access-manager', manager, null, [/text\/plain/, 401]).execute((err) => {
|
925 | if (err) {
|
926 | return done(err);
|
927 | }
|
928 |
|
929 | manager.data.email = 'manager2@example.com';
|
930 | done();
|
931 | });
|
932 | });
|
933 |
|
934 | it('Should not allow an employee user to update the manager record', (done) => {
|
935 | manager.data.email = 'manager3@example.com';
|
936 | accessHelper.submission('access-manager', manager, employee, [/text\/plain/, 401]).execute((err) => {
|
937 | if (err) {
|
938 | return done(err);
|
939 | }
|
940 |
|
941 | manager.data.email = 'manager2@example.com';
|
942 | done();
|
943 | });
|
944 | });
|
945 |
|
946 | it('Should allow the manager to remove a role, but not add one.', (done) => {
|
947 | manager.roles = [
|
948 | accessHelper.template.roles['access-manager']._id.toString(),
|
949 | accessHelper.template.roles.authenticated._id.toString()
|
950 | ];
|
951 | accessHelper.submission('access-manager', manager, manager).execute((err) => {
|
952 | if (err) {
|
953 | return done(err);
|
954 | }
|
955 |
|
956 | const updated = accessHelper.getLastSubmission();
|
957 | assert.deepEqual(updated.roles, [
|
958 | accessHelper.template.roles['access-manager']._id.toString()
|
959 | ]);
|
960 | _.assign(manager, updated);
|
961 | done();
|
962 | });
|
963 | });
|
964 |
|
965 | it('Should not allow the manager to re-add the roles since they do not have access.', (done) => {
|
966 | manager.roles = [
|
967 | accessHelper.template.roles['access-manager']._id.toString(),
|
968 | accessHelper.template.roles['access-employee']._id.toString()
|
969 | ];
|
970 | accessHelper.submission('access-manager', manager, manager).execute((err) => {
|
971 | if (err) {
|
972 | return done(err);
|
973 | }
|
974 |
|
975 | const updated = accessHelper.getLastSubmission();
|
976 | assert.deepEqual(updated.roles, [
|
977 | accessHelper.template.roles['access-manager']._id.toString()
|
978 | ]);
|
979 | _.assign(manager, updated);
|
980 | done();
|
981 | });
|
982 | });
|
983 |
|
984 | it('Cleanup', (done) => {
|
985 | accessHelper
|
986 | .deleteForm('access-manager')
|
987 | .deleteForm('access-employee')
|
988 | .deleteForm('access-login')
|
989 | .execute((err) => {
|
990 | if (err) {
|
991 | return done(err);
|
992 | }
|
993 |
|
994 | async.series(
|
995 | [
|
996 | (next) => accessHelper.deleteRole('access-manager', next),
|
997 | (next) => accessHelper.deleteRole('access-employee', next)
|
998 | ],
|
999 | (err) => {
|
1000 | if (err) {
|
1001 | return done(err);
|
1002 | }
|
1003 |
|
1004 | done();
|
1005 | }
|
1006 | );
|
1007 | });
|
1008 | });
|
1009 | });
|
1010 | };
|