1 | require('./utils/trxify-tests')
|
2 |
|
3 | const ACLs = require('./acls')
|
4 | const BaseUser = require('./models/user')
|
5 | const authorizePlugin = require('../src')
|
6 |
|
7 | describe.each(ACLs)('Delete queries (%s)', (library, acl) => {
|
8 | class User extends authorizePlugin(acl, library)(BaseUser) {}
|
9 |
|
10 | test('restrict access with automatically fetched context', async () => {
|
11 |
|
12 | await expect(
|
13 | User.query()
|
14 | .deleteById(1)
|
15 | .authorize({ id: 2, role: 'user' })
|
16 | .fetchResourceContextFromDB()
|
17 | ).rejects.toThrow()
|
18 |
|
19 |
|
20 | await User.query()
|
21 | .deleteById(2)
|
22 | .authorize({ id: 2, role: 'user' })
|
23 | .fetchResourceContextFromDB()
|
24 | })
|
25 |
|
26 | test('restrict access with manually passed context', async () => {
|
27 |
|
28 | await expect(
|
29 | User.query().deleteById(1).authorize({ id: 2, role: 'user' }, { id: 1 })
|
30 | ).rejects.toThrow()
|
31 |
|
32 |
|
33 | await User.query()
|
34 | .deleteById(2)
|
35 | .authorize({ id: 2, role: 'user' }, { id: 2 })
|
36 | })
|
37 | })
|