2018-02-15 22:15:43 +03:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const should = require('should'),
|
2018-02-07 12:46:22 +03:00
|
|
|
sinon = require('sinon'),
|
|
|
|
|
models = require('../../../server/models'),
|
|
|
|
|
common = require('../../../server/lib/common'),
|
2018-02-15 22:15:43 +03:00
|
|
|
security = require('../../../server/lib/security'),
|
|
|
|
|
testUtils = require('../../utils'),
|
2018-02-07 12:46:22 +03:00
|
|
|
sandbox = sinon.sandbox.create();
|
|
|
|
|
|
|
|
|
|
describe('Models: User', function () {
|
2018-02-15 22:15:43 +03:00
|
|
|
let knexMock;
|
|
|
|
|
|
2018-02-07 12:46:22 +03:00
|
|
|
before(function () {
|
|
|
|
|
models.init();
|
|
|
|
|
});
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
afterEach(function () {
|
|
|
|
|
sandbox.restore();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('validation', function () {
|
|
|
|
|
before(function () {
|
|
|
|
|
knexMock = new testUtils.mocks.knex();
|
|
|
|
|
knexMock.mock();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
beforeEach(function () {
|
|
|
|
|
sandbox.stub(security.password, 'hash').resolves('$2a$10$we16f8rpbrFZ34xWj0/ZC.LTPUux8ler7bcdTs5qIleN6srRHhilG');
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
after(function () {
|
|
|
|
|
knexMock.unmock();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('password', function () {
|
|
|
|
|
it('no password', function () {
|
|
|
|
|
return models.User.add({email: 'test1@ghost.org', name: 'Ghosty'})
|
|
|
|
|
.then(function (user) {
|
|
|
|
|
user.get('name').should.eql('Ghosty');
|
|
|
|
|
should.exist(user.get('password'));
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('only numbers', function () {
|
|
|
|
|
return models.User.add({email: 'test2@ghost.org', name: 'Wursti', password: 109674836589})
|
|
|
|
|
.then(function (user) {
|
|
|
|
|
user.get('name').should.eql('Wursti');
|
|
|
|
|
should.exist(user.get('password'));
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can change password', function () {
|
|
|
|
|
let oldPassword;
|
|
|
|
|
|
|
|
|
|
return models.User.findOne({slug: 'joe-bloggs'})
|
|
|
|
|
.then(function (user) {
|
|
|
|
|
user.get('slug').should.eql('joe-bloggs');
|
|
|
|
|
oldPassword = user.get('password');
|
|
|
|
|
user.set('password', '12734!!332');
|
|
|
|
|
return user.save();
|
|
|
|
|
})
|
|
|
|
|
.then(function (user) {
|
|
|
|
|
user.get('slug').should.eql('joe-bloggs');
|
|
|
|
|
user.get('password').should.not.eql(oldPassword);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2018-02-07 12:46:22 +03:00
|
|
|
describe('Permissible', function () {
|
|
|
|
|
function getUserModel(id, role) {
|
|
|
|
|
var hasRole = sandbox.stub();
|
|
|
|
|
|
|
|
|
|
hasRole.withArgs(role).returns(true);
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
hasRole: hasRole,
|
|
|
|
|
related: sandbox.stub().returns([{name: role}]),
|
|
|
|
|
get: sandbox.stub().returns(id)
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
it('cannot delete owner', function (done) {
|
|
|
|
|
var mockUser = getUserModel(1, 'Owner'),
|
|
|
|
|
context = {user: 1};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.owner, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
done(new Error('Permissible function should have errored'));
|
|
|
|
|
}).catch((error) => {
|
|
|
|
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
|
|
|
|
should(mockUser.hasRole.calledOnce).be.true();
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can always edit self', function () {
|
|
|
|
|
var mockUser = getUserModel(3, 'Contributor'),
|
|
|
|
|
context = {user: 3};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.contributor, false, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('as editor', function () {
|
|
|
|
|
it('can\'t edit another editor', function (done) {
|
|
|
|
|
var mockUser = getUserModel(3, 'Editor'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
done(new Error('Permissible function should have errored'));
|
|
|
|
|
}).catch((error) => {
|
|
|
|
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
|
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can\'t edit an admin', function (done) {
|
|
|
|
|
var mockUser = getUserModel(3, 'Administrator'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
done(new Error('Permissible function should have errored'));
|
|
|
|
|
}).catch((error) => {
|
|
|
|
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
|
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can edit author', function () {
|
|
|
|
|
var mockUser = getUserModel(3, 'Author'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can edit contributor', function () {
|
|
|
|
|
var mockUser = getUserModel(3, 'Contributor'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can destroy self', function () {
|
|
|
|
|
var mockUser = getUserModel(3, 'Editor'),
|
|
|
|
|
context = {user: 3};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can\'t destroy another editor', function (done) {
|
|
|
|
|
var mockUser = getUserModel(3, 'Editor'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
done(new Error('Permissible function should have errored'));
|
|
|
|
|
}).catch((error) => {
|
|
|
|
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
|
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can\'t destroy an admin', function (done) {
|
|
|
|
|
var mockUser = getUserModel(3, 'Administrator'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
done(new Error('Permissible function should have errored'));
|
|
|
|
|
}).catch((error) => {
|
|
|
|
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
|
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
done();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can destroy an author', function () {
|
|
|
|
|
var mockUser = getUserModel(3, 'Author'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('can destroy a contributor', function () {
|
|
|
|
|
var mockUser = getUserModel(3, 'Contributor'),
|
|
|
|
|
context = {user: 2};
|
|
|
|
|
|
2018-02-15 22:15:43 +03:00
|
|
|
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
2018-02-07 12:46:22 +03:00
|
|
|
should(mockUser.hasRole.called).be.true();
|
|
|
|
|
should(mockUser.get.calledOnce).be.true();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
