Ghost/test/unit/server/services/permissions/public.test.js

const should = require('should');
const _ = require('lodash');
const errors = require('@tryghost/errors');
const applyPublicRules = require('../../../../../core/server/services/permissions/public');

describe('Permissions', function () {
    describe('applyPublicRules', function () {
        it('should return empty object for docName with no rules', function (done) {
            applyPublicRules('test', 'test', {}).then(function (result) {
                result.should.eql({});
                done();
            });
        });

        it('should return unchanged object for non-public context', function (done) {
            const internal = {context: 'internal'};
            const user = {context: {user: 1}};

            applyPublicRules('posts', 'browse', _.cloneDeep(internal)).then(function (result) {
                result.should.eql(internal);

                return applyPublicRules('posts', 'browse', _.cloneDeep(user));
            }).then(function (result) {
                result.should.eql(user);

                done();
            }).catch(done);
        });

        it('should return unchanged object for post with public context', function (done) {
            const publicContext = {context: {}};

            applyPublicRules('posts', 'browse', _.cloneDeep(publicContext)).then(function (result) {
                result.should.not.eql(publicContext);
                result.should.eql({
                    context: {},
                    status: 'published'
                });

                return applyPublicRules('posts', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'published'}));
            }).then(function (result) {
                result.should.eql({
                    context: {},
                    status: 'published'
                });

                done();
            }).catch(done);
        });

        it('should throw an error for draft post without uuid (read)', function (done) {
            const draft = {context: {}, data: {status: 'draft'}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should throw an error for draft post (browse)', function (done) {
            const draft = {context: {}, status: 'draft'};

            applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should permit post draft status with uuid (read)', function (done) {
            const draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd'}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
                result.should.eql(draft);
                done();
            }).catch(done);
        });

        it('should permit post all status with uuid (read)', function (done) {
            const draft = {context: {}, data: {status: 'all', uuid: '1234-abcd'}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
                result.should.eql(draft);
                done();
            }).catch(done);
        });

        it('should NOT permit post draft status with uuid (browse)', function (done) {
            const draft = {context: {}, status: 'draft', uuid: '1234-abcd'};

            applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should NOT permit post all status with uuid (browse)', function (done) {
            const draft = {context: {}, status: 'all', uuid: '1234-abcd'};

            applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should throw an error for draft post with uuid and id or slug (read)', function (done) {
            let draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', id: 1}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof errors.NoPermissionError).should.eql(true);

                draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', slug: 'abcd'}};

                return applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
                    done('Did not throw an error for draft');
                }).catch(function (error) {
                    (error instanceof errors.NoPermissionError).should.eql(true);
                    done();
                });
            });
        });

        it('should return unchanged object for user with public context', function (done) {
            const publicContext = {context: {}};

            applyPublicRules('users', 'browse', _.cloneDeep(publicContext)).then(function (result) {
                result.should.not.eql(publicContext);
                result.should.eql({
                    context: {},
                    status: 'all'
                });

                return applyPublicRules('users', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'active'}));
            }).then(function (result) {
                result.should.eql({
                    context: {},
                    status: 'active'
                });

                done();
            }).catch(done);
        });
    });
});
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const should = require('should');`
			`const _ = require('lodash');`
Refactored tests to destructure `common` lib import (#11838) 2020-05-25 11:49:38 +03:00			`const errors = require('@tryghost/errors');`
Moved server unit tests into the server folder - this is a small part of a bit of cleanup of our test files - the goal is to make the existing tests clearer with a view to making it easier to write more tests - this makes the test structure follow the codebase structure more closely - eventually we will colocate the tests as we break the codebase down further 2021-10-06 13:12:21 +03:00			`const applyPublicRules = require('../../../../../core/server/services/permissions/public');`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`describe('Permissions', function () {`
			`describe('applyPublicRules', function () {`
			`it('should return empty object for docName with no rules', function (done) {`
			`applyPublicRules('test', 'test', {}).then(function (result) {`
			`result.should.eql({});`
			`done();`
			`});`
			`});`

			`it('should return unchanged object for non-public context', function (done) {`
Remove External Apps - Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years. - We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work - This cleans up the remainder of the logic - The tables should be cleaned up in a future major 2020-03-19 18:23:10 +03:00			`const internal = {context: 'internal'};`
			`const user = {context: {user: 1}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'browse', _.cloneDeep(internal)).then(function (result) {`
			`result.should.eql(internal);`

			`return applyPublicRules('posts', 'browse', _.cloneDeep(user));`
			`}).then(function (result) {`
			`result.should.eql(user);`

			`done();`
			`}).catch(done);`
			`});`

			`it('should return unchanged object for post with public context', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const publicContext = {context: {}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'browse', _.cloneDeep(publicContext)).then(function (result) {`
			`result.should.not.eql(publicContext);`
			`result.should.eql({`
			`context: {},`
			`status: 'published'`
			`});`

			`return applyPublicRules('posts', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'published'}));`
			`}).then(function (result) {`
			`result.should.eql({`
			`context: {},`
			`status: 'published'`
			`});`

			`done();`
			`}).catch(done);`
			`});`

			`it('should throw an error for draft post without uuid (read)', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const draft = {context: {}, data: {status: 'draft'}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Refactored tests to destructure `common` lib import (#11838) 2020-05-25 11:49:38 +03:00			`(err instanceof errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00			`done();`
			`});`
			`});`

			`it('should throw an error for draft post (browse)', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const draft = {context: {}, status: 'draft'};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Refactored tests to destructure `common` lib import (#11838) 2020-05-25 11:49:38 +03:00			`(err instanceof errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00			`done();`
			`});`
			`});`

			`it('should permit post draft status with uuid (read)', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd'}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {`
			`result.should.eql(draft);`
			`done();`
			`}).catch(done);`
			`});`

			`it('should permit post all status with uuid (read)', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const draft = {context: {}, data: {status: 'all', uuid: '1234-abcd'}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {`
			`result.should.eql(draft);`
			`done();`
			`}).catch(done);`
			`});`

			`it('should NOT permit post draft status with uuid (browse)', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const draft = {context: {}, status: 'draft', uuid: '1234-abcd'};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Refactored tests to destructure `common` lib import (#11838) 2020-05-25 11:49:38 +03:00			`(err instanceof errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00			`done();`
			`});`
			`});`

			`it('should NOT permit post all status with uuid (browse)', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const draft = {context: {}, status: 'all', uuid: '1234-abcd'};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Refactored tests to destructure `common` lib import (#11838) 2020-05-25 11:49:38 +03:00			`(err instanceof errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00			`done();`
			`});`
			`});`

			`it('should throw an error for draft post with uuid and id or slug (read)', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`let draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', id: 1}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Refactored tests to destructure `common` lib import (#11838) 2020-05-25 11:49:38 +03:00			`(err instanceof errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', slug: 'abcd'}};`

			`return applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
Fixed "no-shadow" eslint warning in tests refs https://github.com/TryGhost/eslint-plugin-ghost/commit/b6728ecb0f3385789497943648443cea5e3f8cf9 - The "no-shadow" eslint rune was introduced into ghost's eslint plugin (referenced commmit), which resulted in flood of warning in console output when linting the project codebase. - This cleanup is aiming to make any new linting issues more visible. Follow up commits will contain similar cleanups in other parts of the codebase 2020-10-19 07:45:26 +03:00			`}).catch(function (error) {`
			`(error instanceof errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00			`done();`
			`});`
			`});`
			`});`

			`it('should return unchanged object for user with public context', function (done) {`
Updated var declarations to const/let and no lists - All var declarations are now const or let as per ES6 - All comma-separated lists / chained declarations are now one declaration per line - This is for clarity/readability but also made running the var-to-const/let switch smoother - ESLint rules updated to match How this was done: - npm install -g jscodeshift - git clone https://github.com/cpojer/js-codemod.git - git clone git@github.com:TryGhost/Ghost.git shallow-ghost - cd shallow-ghost - jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2 - jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2 - yarn - yarn test - yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode - grunt test-regression - sorted! 2020-04-29 18:44:27 +03:00			`const publicContext = {context: {}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 12:17:06 +03:00
			`applyPublicRules('users', 'browse', _.cloneDeep(publicContext)).then(function (result) {`
			`result.should.not.eql(publicContext);`
			`result.should.eql({`
			`context: {},`
			`status: 'all'`
			`});`

			`return applyPublicRules('users', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'active'}));`
			`}).then(function (result) {`
			`result.should.eql({`
			`context: {},`
			`status: 'active'`
			`});`

			`done();`
			`}).catch(done);`
			`});`
			`});`
			`});`