2020-04-29 18:44:27 +03:00
|
|
|
const should = require('should');
|
|
|
|
const _ = require('lodash');
|
|
|
|
const common = require('../../../../core/server/lib/common');
|
|
|
|
const applyPublicRules = require('../../../../core/server/services/permissions/public');
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
describe('Permissions', function () {
|
|
|
|
describe('applyPublicRules', function () {
|
|
|
|
it('should return empty object for docName with no rules', function (done) {
|
|
|
|
applyPublicRules('test', 'test', {}).then(function (result) {
|
|
|
|
result.should.eql({});
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should return unchanged object for non-public context', function (done) {
|
2020-03-19 18:23:10 +03:00
|
|
|
const internal = {context: 'internal'};
|
|
|
|
const user = {context: {user: 1}};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(internal)).then(function (result) {
|
|
|
|
result.should.eql(internal);
|
|
|
|
|
|
|
|
return applyPublicRules('posts', 'browse', _.cloneDeep(user));
|
|
|
|
}).then(function (result) {
|
|
|
|
result.should.eql(user);
|
|
|
|
|
|
|
|
done();
|
|
|
|
}).catch(done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should return unchanged object for post with public context', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const publicContext = {context: {}};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(publicContext)).then(function (result) {
|
|
|
|
result.should.not.eql(publicContext);
|
|
|
|
result.should.eql({
|
|
|
|
context: {},
|
|
|
|
status: 'published'
|
|
|
|
});
|
|
|
|
|
|
|
|
return applyPublicRules('posts', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'published'}));
|
|
|
|
}).then(function (result) {
|
|
|
|
result.should.eql({
|
|
|
|
context: {},
|
|
|
|
status: 'published'
|
|
|
|
});
|
|
|
|
|
|
|
|
done();
|
|
|
|
}).catch(done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should throw an error for draft post without uuid (read)', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const draft = {context: {}, data: {status: 'draft'}};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
|
|
|
|
done('Did not throw an error for draft');
|
|
|
|
}).catch(function (err) {
|
2017-12-12 00:47:46 +03:00
|
|
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
2017-09-25 12:17:06 +03:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should throw an error for draft post (browse)', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const draft = {context: {}, status: 'draft'};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
|
|
|
|
done('Did not throw an error for draft');
|
|
|
|
}).catch(function (err) {
|
2017-12-12 00:47:46 +03:00
|
|
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
2017-09-25 12:17:06 +03:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should permit post draft status with uuid (read)', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd'}};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
|
|
|
|
result.should.eql(draft);
|
|
|
|
done();
|
|
|
|
}).catch(done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should permit post all status with uuid (read)', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const draft = {context: {}, data: {status: 'all', uuid: '1234-abcd'}};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
|
|
|
|
result.should.eql(draft);
|
|
|
|
done();
|
|
|
|
}).catch(done);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should NOT permit post draft status with uuid (browse)', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const draft = {context: {}, status: 'draft', uuid: '1234-abcd'};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
|
|
|
|
done('Did not throw an error for draft');
|
|
|
|
}).catch(function (err) {
|
2017-12-12 00:47:46 +03:00
|
|
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
2017-09-25 12:17:06 +03:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should NOT permit post all status with uuid (browse)', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const draft = {context: {}, status: 'all', uuid: '1234-abcd'};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
|
|
|
|
done('Did not throw an error for draft');
|
|
|
|
}).catch(function (err) {
|
2017-12-12 00:47:46 +03:00
|
|
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
2017-09-25 12:17:06 +03:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should throw an error for draft post with uuid and id or slug (read)', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
let draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', id: 1}};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
|
|
|
|
done('Did not throw an error for draft');
|
|
|
|
}).catch(function (err) {
|
2017-12-12 00:47:46 +03:00
|
|
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', slug: 'abcd'}};
|
|
|
|
|
|
|
|
return applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
|
|
|
|
done('Did not throw an error for draft');
|
|
|
|
}).catch(function (err) {
|
2017-12-12 00:47:46 +03:00
|
|
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
2017-09-25 12:17:06 +03:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should return unchanged object for user with public context', function (done) {
|
2020-04-29 18:44:27 +03:00
|
|
|
const publicContext = {context: {}};
|
2017-09-25 12:17:06 +03:00
|
|
|
|
|
|
|
applyPublicRules('users', 'browse', _.cloneDeep(publicContext)).then(function (result) {
|
|
|
|
result.should.not.eql(publicContext);
|
|
|
|
result.should.eql({
|
|
|
|
context: {},
|
|
|
|
status: 'all'
|
|
|
|
});
|
|
|
|
|
|
|
|
return applyPublicRules('users', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'active'}));
|
|
|
|
}).then(function (result) {
|
|
|
|
result.should.eql({
|
|
|
|
context: {},
|
|
|
|
status: 'active'
|
|
|
|
});
|
|
|
|
|
|
|
|
done();
|
|
|
|
}).catch(done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|