1 | require('./utils/trxify-tests')
|
2 |
|
3 | const ACLs = require('./acls')
|
4 | const BaseUser = require('./models/user')
|
5 | const authorizePlugin = require('../src')
|
6 |
|
7 | describe.each(ACLs)('Find queries & serialization (%s)', (library, acl) => {
|
8 | class User extends authorizePlugin(acl, library)(BaseUser) {}
|
9 |
|
10 | let user
|
11 | test('read access w/ anonymous user', async () => {
|
12 | user = await User.query().findById(1).authorize()
|
13 | })
|
14 |
|
15 | test('hidden fields should be filtered out', async () => {
|
16 | const serializedUser = user.authorizeRead()
|
17 |
|
18 | expect(serializedUser).toHaveProperty('id')
|
19 | expect(serializedUser).not.toHaveProperty('metadata.hiddenField')
|
20 | })
|
21 |
|
22 | let user1FromDb, user2FromDb
|
23 | const user1FromJson = { id: 1, role: 'user' }
|
24 | test('read access w/ authenticated user', async () => {
|
25 | user1FromDb = await User.query().findById(1).authorize(user1FromJson)
|
26 | user2FromDb = await User.query().findById(2).authorize(user1FromJson)
|
27 | })
|
28 |
|
29 | test('fields should be filtered out according to ACL during serialization', async () => {
|
30 | const serializedUser1 = user1FromDb.authorizeRead(user1FromJson)
|
31 | const serializedUser2 = user2FromDb.authorizeRead(user1FromJson)
|
32 |
|
33 |
|
34 | expect(serializedUser1).toHaveProperty('id')
|
35 | expect(serializedUser2).toHaveProperty('id')
|
36 |
|
37 |
|
38 | expect(serializedUser1).toHaveProperty('password')
|
39 | expect(serializedUser2).not.toHaveProperty('password')
|
40 | })
|
41 | })
|