1 | const assert = require('assert');
|
2 | const Controller = require('../classes/controller');
|
3 | let redis = require("redis");
|
4 | let client = redis.createClient();
|
5 |
|
6 | describe('Controller', function () {
|
7 |
|
8 | function body () {
|
9 | return {
|
10 | foo : true,
|
11 | bar : 1,
|
12 | fox : 'trot',
|
13 | stuff : [1,2,3],
|
14 | user: {
|
15 | name : 'Frank Larry',
|
16 | admin: true,
|
17 | friend : {
|
18 | user : {
|
19 | name : "Steve Jims"
|
20 | }
|
21 | }
|
22 | }
|
23 | }
|
24 | }
|
25 |
|
26 | let res = {
|
27 | status () { return { json () { return 'json' } } },
|
28 | json () { return 'json' },
|
29 | send () { return 'send'}
|
30 | };
|
31 |
|
32 | it("permit only allows subdocuments when the path is explicit", function () {
|
33 | let myController = new Controller({ controller: 'myController', action: 'Get', url: '/widgets', body: body() }, res, client);
|
34 | myController.permit('user.name');
|
35 | assert.deepEqual(myController.body, {user : {name : 'Frank Larry'}});
|
36 | });
|
37 |
|
38 | it("permit only allows whitelisted keys", function () {
|
39 | let myController = new Controller({ controller: 'myController', action: 'Get', url: '/widgets', body: body() }, res, client);
|
40 | myController.permit('user.friend.user.name', 'bar');
|
41 | assert.deepEqual(myController.req.body, {user : {friend : {user : {name : 'Steve Jims'}}}, bar: 1 });
|
42 | });
|
43 |
|
44 | it("permit does not permit a sub document when the path is not explicit", function () {
|
45 | let myController = new Controller({ controller: 'myController', action: 'Get', url: '/widgets', body: body() }, res, client);
|
46 | let aBody = body();
|
47 | delete aBody.user;
|
48 | myController.permit('foo', 'bar', 'fox', 'stuff', 'user');
|
49 | assert.deepEqual(myController.req.body, aBody);
|
50 | });
|
51 |
|
52 | it("deepPermit permits a sub document when the path is not explicit", function () {
|
53 | let myController = new Controller({ controller: 'myController', action: 'Get', url: '/widgets', body: body() }, res, client);
|
54 | myController.deepPermit('foo', 'bar', 'fox', 'stuff', 'user');
|
55 | assert.deepEqual(myController.req.body, body());
|
56 | });
|
57 |
|
58 | });
|