UNPKG

objection-authorize/tests/find.test.js

Version:

1.51 kBJavaScriptView Raw

1require('./utils/trxify-tests')
2
3const ACLs = require('./acls')
4const BaseUser = require('./models/user')
5const authorizePlugin = require('../src')
6
7describe.each(ACLs)('Find queries & serialization (%s)', (library, acl) => {
8  class User extends authorizePlugin(acl, library)(BaseUser) {}
9
10  let user
11  test('read access w/ anonymous user', async () => {
12    user = await User.query().findById(1).authorize()
13  })
14
15  test('hidden fields should be filtered out', async () => {
16    const serializedUser = user.authorizeRead()
17
18    expect(serializedUser).toHaveProperty('id')
19    expect(serializedUser).not.toHaveProperty('metadata.hiddenField')
20  })
21
22  let user1FromDb, user2FromDb
23  const user1FromJson = { id: 1, role: 'user' }
24  test('read access w/ authenticated user', async () => {
25    user1FromDb = await User.query().findById(1).authorize(user1FromJson)
26    user2FromDb = await User.query().findById(2).authorize(user1FromJson)
27  })
28
29  test('fields should be filtered out according to ACL during serialization', async () => {
30    const serializedUser1 = user1FromDb.authorizeRead(user1FromJson)
31    const serializedUser2 = user2FromDb.authorizeRead(user1FromJson)
32
33    // User 1 should be able to read both the users...
34    expect(serializedUser1).toHaveProperty('id')
35    expect(serializedUser2).toHaveProperty('id')
36
37    // but the password should only be visible to himself
38    expect(serializedUser1).toHaveProperty('password')
39    expect(serializedUser2).not.toHaveProperty('password')
40  })
41})

1	`require('./utils/trxify-tests')`
2
3	`const ACLs = require('./acls')`
4	`const BaseUser = require('./models/user')`
5	`const authorizePlugin = require('../src')`
6
7	`describe.each(ACLs)('Find queries & serialization (%s)', (library, acl) => {`
8	`class User extends authorizePlugin(acl, library)(BaseUser) {}`
9
10	`let user`
11	`test('read access w/ anonymous user', async () => {`
12	`user = await User.query().findById(1).authorize()`
13	`})`
14
15	`test('hidden fields should be filtered out', async () => {`
16	`const serializedUser = user.authorizeRead()`
17
18	`expect(serializedUser).toHaveProperty('id')`
19	`expect(serializedUser).not.toHaveProperty('metadata.hiddenField')`
20	`})`
21
22	`let user1FromDb, user2FromDb`
23	`const user1FromJson = { id: 1, role: 'user' }`
24	`test('read access w/ authenticated user', async () => {`
25	`user1FromDb = await User.query().findById(1).authorize(user1FromJson)`
26	`user2FromDb = await User.query().findById(2).authorize(user1FromJson)`
27	`})`
28
29	`test('fields should be filtered out according to ACL during serialization', async () => {`
30	`const serializedUser1 = user1FromDb.authorizeRead(user1FromJson)`
31	`const serializedUser2 = user2FromDb.authorizeRead(user1FromJson)`
32
33	`// User 1 should be able to read both the users...`
34	`expect(serializedUser1).toHaveProperty('id')`
35	`expect(serializedUser2).toHaveProperty('id')`
36
37	`// but the password should only be visible to himself`
38	`expect(serializedUser1).toHaveProperty('password')`
39	`expect(serializedUser2).not.toHaveProperty('password')`
40	`})`
41	`})`