mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-11-24 06:35:49 +03:00
Updated permissible methods for hasApiKeyPermissions (#9970)
refs #9865 This updates all current permissible methods to use the new function signature which includes the hasApiKeyPermissions parameter. It also makes sure that the hasApiKeyPermissions argument is taken into account whenever checking before returning a resolved promise. To be continued. This is just a tiny part of the big picture. None of these changes are fully committed to stay as they are.
This commit is contained in:
Fabien O'Carroll
Katharina Irrgang
parent
873d63dc5d
commit
809a167a55
@ -42,11 +42,11 @@ Invite = ghostBookshelf.Model.extend({
|
|||||||
return ghostBookshelf.Model.add.call(this, data, options);
|
return ghostBookshelf.Model.add.call(this, data, options);
|
||||||
},
|
},
|
||||||
|
|
||||||
permissible(inviteModel, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission /*result*/) {
|
permissible(inviteModel, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission, hasApiKeyPermission) {
|
||||||
const isAdd = (action === 'add');
|
const isAdd = (action === 'add');
|
||||||
|
|
||||||
if (!isAdd) {
|
if (!isAdd) {
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasAppPermission && hasApiKeyPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -86,7 +86,7 @@ Invite = ghostBookshelf.Model.extend({
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasAppPermission && hasApiKeyPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -816,7 +816,7 @@ Post = ghostBookshelf.Model.extend({
|
|||||||
},
|
},
|
||||||
|
|
||||||
// NOTE: the `authors` extension is the parent of the post model. It also has a permissible function.
|
// NOTE: the `authors` extension is the parent of the post model. It also has a permissible function.
|
||||||
permissible: function permissible(postModel, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {
|
permissible: function permissible(postModel, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission, hasApiKeyPermission) {
|
||||||
let isContributor, isEdit, isAdd, isDestroy;
|
let isContributor, isEdit, isAdd, isDestroy;
|
||||||
|
|
||||||
function isChanging(attr) {
|
function isChanging(attr) {
|
||||||
@ -857,7 +857,7 @@ Post = ghostBookshelf.Model.extend({
|
|||||||
excludedAttrs.push('tags');
|
excludedAttrs.push('tags');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasApiKeyPermission && hasAppPermission) {
|
||||||
return Promise.resolve({excludedAttrs});
|
return Promise.resolve({excludedAttrs});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -247,7 +247,7 @@ module.exports.extendModel = function extendModel(Post, Posts, ghostBookshelf) {
|
|||||||
return destroyPost();
|
return destroyPost();
|
||||||
},
|
},
|
||||||
|
|
||||||
permissible: function permissible(postModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {
|
permissible: function permissible(postModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission, hasApiKeyPermission) {
|
||||||
var self = this,
|
var self = this,
|
||||||
postModel = postModelOrId,
|
postModel = postModelOrId,
|
||||||
origArgs, isContributor, isAuthor, isEdit, isAdd, isDestroy;
|
origArgs, isContributor, isAuthor, isEdit, isAdd, isDestroy;
|
||||||
@ -336,7 +336,7 @@ module.exports.extendModel = function extendModel(Post, Posts, ghostBookshelf) {
|
|||||||
hasUserPermission = hasUserPermission || isPrimaryAuthor();
|
hasUserPermission = hasUserPermission || isPrimaryAuthor();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasApiKeyPermission && hasAppPermission) {
|
||||||
return Post.permissible.call(
|
return Post.permissible.call(
|
||||||
this,
|
this,
|
||||||
postModelOrId,
|
postModelOrId,
|
||||||
@ -344,7 +344,8 @@ module.exports.extendModel = function extendModel(Post, Posts, ghostBookshelf) {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
loadedPermissions,
|
loadedPermissions,
|
||||||
hasUserPermission,
|
hasUserPermission,
|
||||||
hasAppPermission
|
hasAppPermission,
|
||||||
|
hasApiKeyPermission
|
||||||
).then(({excludedAttrs}) => {
|
).then(({excludedAttrs}) => {
|
||||||
// @TODO: we need a concept for making a diff between incoming authors and existing authors
|
// @TODO: we need a concept for making a diff between incoming authors and existing authors
|
||||||
// @TODO: for now we simply re-use the new concept of `excludedAttrs`
|
// @TODO: for now we simply re-use the new concept of `excludedAttrs`
|
||||||
|
|||||||
@ -50,7 +50,7 @@ Role = ghostBookshelf.Model.extend({
|
|||||||
return options;
|
return options;
|
||||||
},
|
},
|
||||||
|
|
||||||
permissible: function permissible(roleModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {
|
permissible: function permissible(roleModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission, hasApiKeyPermission) {
|
||||||
// If we passed in an id instead of a model, get the model
|
// If we passed in an id instead of a model, get the model
|
||||||
// then check the permissions
|
// then check the permissions
|
||||||
if (_.isNumber(roleModelOrId) || _.isString(roleModelOrId)) {
|
if (_.isNumber(roleModelOrId) || _.isString(roleModelOrId)) {
|
||||||
@ -95,7 +95,7 @@ Role = ghostBookshelf.Model.extend({
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasAppPermission && hasApiKeyPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -53,7 +53,7 @@ Subscriber = ghostBookshelf.Model.extend({
|
|||||||
return options;
|
return options;
|
||||||
},
|
},
|
||||||
|
|
||||||
permissible: function permissible(postModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {
|
permissible: function permissible(postModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission, hasApiKeyPermission) {
|
||||||
// CASE: external is only allowed to add and edit subscribers
|
// CASE: external is only allowed to add and edit subscribers
|
||||||
if (context.external) {
|
if (context.external) {
|
||||||
if (['add', 'edit'].indexOf(action) !== -1) {
|
if (['add', 'edit'].indexOf(action) !== -1) {
|
||||||
@ -61,7 +61,7 @@ Subscriber = ghostBookshelf.Model.extend({
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasAppPermission && hasApiKeyPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -611,7 +611,7 @@ User = ghostBookshelf.Model.extend({
|
|||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
permissible: function permissible(userModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission) {
|
permissible: function permissible(userModelOrId, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasAppPermission, hasApiKeyPermission) {
|
||||||
var self = this,
|
var self = this,
|
||||||
userModel = userModelOrId,
|
userModel = userModelOrId,
|
||||||
origArgs;
|
origArgs;
|
||||||
@ -701,7 +701,7 @@ User = ghostBookshelf.Model.extend({
|
|||||||
.then((owner) => {
|
.then((owner) => {
|
||||||
// CASE: owner can assign role to any user
|
// CASE: owner can assign role to any user
|
||||||
if (context.user === owner.id) {
|
if (context.user === owner.id) {
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasApiKeyPermission && hasAppPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -723,7 +723,7 @@ User = ghostBookshelf.Model.extend({
|
|||||||
// e.g. admin can assign admin role to a user, but not owner
|
// e.g. admin can assign admin role to a user, but not owner
|
||||||
return permissions.canThis(context).assign.role(role)
|
return permissions.canThis(context).assign.role(role)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasApiKeyPermission && hasAppPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -733,7 +733,7 @@ User = ghostBookshelf.Model.extend({
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasApiKeyPermission && hasAppPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -743,7 +743,7 @@ User = ghostBookshelf.Model.extend({
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hasUserPermission && hasAppPermission) {
|
if (hasUserPermission && hasApiKeyPermission && hasAppPermission) {
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -124,28 +124,28 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Administrator');
|
roleModel.get.withArgs('name').returns('Administrator');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('invite editor', function () {
|
it('invite editor', function () {
|
||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Editor');
|
roleModel.get.withArgs('name').returns('Editor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('invite author', function () {
|
it('invite author', function () {
|
||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Author');
|
roleModel.get.withArgs('name').returns('Author');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('invite contributor', function () {
|
it('invite contributor', function () {
|
||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Contributor');
|
roleModel.get.withArgs('name').returns('Contributor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -158,28 +158,28 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Administrator');
|
roleModel.get.withArgs('name').returns('Administrator');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('invite editor', function () {
|
it('invite editor', function () {
|
||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Editor');
|
roleModel.get.withArgs('name').returns('Editor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('invite author', function () {
|
it('invite author', function () {
|
||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Author');
|
roleModel.get.withArgs('name').returns('Author');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('invite contributor', function () {
|
it('invite contributor', function () {
|
||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Contributor');
|
roleModel.get.withArgs('name').returns('Contributor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -192,7 +192,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Administrator');
|
roleModel.get.withArgs('name').returns('Administrator');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -203,7 +203,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Editor');
|
roleModel.get.withArgs('name').returns('Editor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -214,14 +214,14 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Author');
|
roleModel.get.withArgs('name').returns('Author');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('invite contributor', function () {
|
it('invite contributor', function () {
|
||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Contributor');
|
roleModel.get.withArgs('name').returns('Contributor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true);
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, true, true, true);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -234,7 +234,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Administrator');
|
roleModel.get.withArgs('name').returns('Administrator');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -245,7 +245,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Editor');
|
roleModel.get.withArgs('name').returns('Editor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -256,7 +256,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Author');
|
roleModel.get.withArgs('name').returns('Author');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -267,7 +267,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Contributor');
|
roleModel.get.withArgs('name').returns('Contributor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -284,7 +284,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Administrator');
|
roleModel.get.withArgs('name').returns('Administrator');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -295,7 +295,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Editor');
|
roleModel.get.withArgs('name').returns('Editor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -306,7 +306,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Author');
|
roleModel.get.withArgs('name').returns('Author');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
@ -317,7 +317,7 @@ describe('Unit: models/invite', function () {
|
|||||||
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
sandbox.stub(models.Role, 'findOne').withArgs({id: 'role_id'}).resolves(roleModel);
|
||||||
roleModel.get.withArgs('name').returns('Contributor');
|
roleModel.get.withArgs('name').returns('Contributor');
|
||||||
|
|
||||||
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false)
|
return models.Invite.permissible(inviteModel, 'add', context, unsafeAttrs, loadedPermissions, false, false, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
(err instanceof common.errors.NoPermissionError).should.eql(true);
|
||||||
|
|||||||
@ -1533,7 +1533,8 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
false
|
false,
|
||||||
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
}).catch((error) => {
|
}).catch((error) => {
|
||||||
@ -1561,6 +1562,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1589,6 +1591,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1618,6 +1621,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then((result) => {
|
).then((result) => {
|
||||||
should.exist(result);
|
should.exist(result);
|
||||||
@ -1647,6 +1651,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1677,6 +1682,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1707,6 +1713,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then((result) => {
|
).then((result) => {
|
||||||
should.exist(result);
|
should.exist(result);
|
||||||
@ -1732,6 +1739,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1756,6 +1764,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1780,6 +1789,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1804,6 +1814,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1828,6 +1839,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1852,6 +1864,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then((result) => {
|
).then((result) => {
|
||||||
should.exist(result);
|
should.exist(result);
|
||||||
@ -1875,6 +1888,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then((result) => {
|
).then((result) => {
|
||||||
should.exist(result);
|
should.exist(result);
|
||||||
@ -1901,6 +1915,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
{},
|
{},
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1929,6 +1944,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
{},
|
{},
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -1957,6 +1973,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
{},
|
{},
|
||||||
testUtils.permissions.contributor,
|
testUtils.permissions.contributor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then((result) => {
|
).then((result) => {
|
||||||
should.exist(result);
|
should.exist(result);
|
||||||
@ -1988,6 +2005,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2016,6 +2034,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2045,6 +2064,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2073,6 +2093,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2102,6 +2123,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2131,6 +2153,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2160,6 +2183,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
should(mockPostObj.get.calledOnce).be.true();
|
should(mockPostObj.get.calledOnce).be.true();
|
||||||
@ -2183,6 +2207,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2210,6 +2235,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2234,6 +2260,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.author,
|
testUtils.permissions.author,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
should(mockPostObj.get.called).be.false();
|
should(mockPostObj.get.called).be.false();
|
||||||
@ -2261,6 +2288,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.editor,
|
testUtils.permissions.editor,
|
||||||
false,
|
false,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
done(new Error('Permissible function should have rejected.'));
|
done(new Error('Permissible function should have rejected.'));
|
||||||
@ -2288,6 +2316,7 @@ describe('Unit: models/post: uses database (@TODO: fix me)', function () {
|
|||||||
unsafeAttrs,
|
unsafeAttrs,
|
||||||
testUtils.permissions.editor,
|
testUtils.permissions.editor,
|
||||||
true,
|
true,
|
||||||
|
true,
|
||||||
true
|
true
|
||||||
).then(() => {
|
).then(() => {
|
||||||
should(mockPostObj.get.called).be.false();
|
should(mockPostObj.get.called).be.false();
|
||||||
|
|||||||
@ -195,7 +195,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(1, 'Owner'),
|
var mockUser = getUserModel(1, 'Owner'),
|
||||||
context = {user: 1};
|
context = {user: 1};
|
||||||
|
|
||||||
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.owner, true, true).then(() => {
|
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.owner, true, true, true).then(() => {
|
||||||
done(new Error('Permissible function should have errored'));
|
done(new Error('Permissible function should have errored'));
|
||||||
}).catch((error) => {
|
}).catch((error) => {
|
||||||
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -208,7 +208,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Contributor'),
|
var mockUser = getUserModel(3, 'Contributor'),
|
||||||
context = {user: 3};
|
context = {user: 3};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.contributor, false, true).then(() => {
|
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.contributor, false, true, true).then(() => {
|
||||||
should(mockUser.get.calledOnce).be.true();
|
should(mockUser.get.calledOnce).be.true();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
@ -217,7 +217,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Editor'),
|
var mockUser = getUserModel(3, 'Editor'),
|
||||||
context = {user: 3};
|
context = {user: 3};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, {status: 'inactive'}, testUtils.permissions.editor, false, true)
|
return models.User.permissible(mockUser, 'edit', context, {status: 'inactive'}, testUtils.permissions.editor, false, true, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -233,7 +233,7 @@ describe('Unit: models/user', function () {
|
|||||||
const mockUser = {id: 3, related: sandbox.stub().returns()};
|
const mockUser = {id: 3, related: sandbox.stub().returns()};
|
||||||
const context = {user: 3};
|
const context = {user: 3};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.contributor, false, true)
|
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.contributor, false, true, true)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
models.User.findOne.calledOnce.should.be.true();
|
models.User.findOne.calledOnce.should.be.true();
|
||||||
});
|
});
|
||||||
@ -274,7 +274,7 @@ describe('Unit: models/user', function () {
|
|||||||
const context = testUtils.context.admin.context;
|
const context = testUtils.context.admin.context;
|
||||||
const unsafeAttrs = testUtils.permissions.editor.user;
|
const unsafeAttrs = testUtils.permissions.editor.user;
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.admin, false, true)
|
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.admin, false, true, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -286,7 +286,7 @@ describe('Unit: models/user', function () {
|
|||||||
const context = testUtils.context.owner.context;
|
const context = testUtils.context.owner.context;
|
||||||
const unsafeAttrs = testUtils.permissions.owner.user;
|
const unsafeAttrs = testUtils.permissions.owner.user;
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.owner, false, true)
|
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.owner, false, true, true)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
models.User.getOwnerUser.calledOnce.should.be.true();
|
models.User.getOwnerUser.calledOnce.should.be.true();
|
||||||
});
|
});
|
||||||
@ -297,7 +297,7 @@ describe('Unit: models/user', function () {
|
|||||||
const context = testUtils.context.admin.context;
|
const context = testUtils.context.admin.context;
|
||||||
const unsafeAttrs = testUtils.permissions.editor.user;
|
const unsafeAttrs = testUtils.permissions.editor.user;
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.admin, false, true)
|
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.admin, false, true, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -315,7 +315,7 @@ describe('Unit: models/user', function () {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.admin, true, true)
|
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.admin, true, true, true)
|
||||||
.then(() => {
|
.then(() => {
|
||||||
models.User.getOwnerUser.calledOnce.should.be.true();
|
models.User.getOwnerUser.calledOnce.should.be.true();
|
||||||
permissions.canThis.calledOnce.should.be.true();
|
permissions.canThis.calledOnce.should.be.true();
|
||||||
@ -333,7 +333,7 @@ describe('Unit: models/user', function () {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.author, false, true)
|
return models.User.permissible(mockUser, 'edit', context, unsafeAttrs, testUtils.permissions.author, false, true, true)
|
||||||
.then(Promise.reject)
|
.then(Promise.reject)
|
||||||
.catch((err) => {
|
.catch((err) => {
|
||||||
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
err.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -346,7 +346,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Editor'),
|
var mockUser = getUserModel(3, 'Editor'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
done(new Error('Permissible function should have errored'));
|
done(new Error('Permissible function should have errored'));
|
||||||
}).catch((error) => {
|
}).catch((error) => {
|
||||||
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -360,7 +360,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Owner'),
|
var mockUser = getUserModel(3, 'Owner'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
done(new Error('Permissible function should have errored'));
|
done(new Error('Permissible function should have errored'));
|
||||||
}).catch((error) => {
|
}).catch((error) => {
|
||||||
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -374,7 +374,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Administrator'),
|
var mockUser = getUserModel(3, 'Administrator'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
done(new Error('Permissible function should have errored'));
|
done(new Error('Permissible function should have errored'));
|
||||||
}).catch((error) => {
|
}).catch((error) => {
|
||||||
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -388,7 +388,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Author'),
|
var mockUser = getUserModel(3, 'Author'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
should(mockUser.hasRole.called).be.true();
|
should(mockUser.hasRole.called).be.true();
|
||||||
should(mockUser.get.calledOnce).be.true();
|
should(mockUser.get.calledOnce).be.true();
|
||||||
});
|
});
|
||||||
@ -398,7 +398,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Contributor'),
|
var mockUser = getUserModel(3, 'Contributor'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
return models.User.permissible(mockUser, 'edit', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
should(mockUser.hasRole.called).be.true();
|
should(mockUser.hasRole.called).be.true();
|
||||||
should(mockUser.get.calledOnce).be.true();
|
should(mockUser.get.calledOnce).be.true();
|
||||||
});
|
});
|
||||||
@ -408,7 +408,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Editor'),
|
var mockUser = getUserModel(3, 'Editor'),
|
||||||
context = {user: 3};
|
context = {user: 3};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
should(mockUser.hasRole.called).be.true();
|
should(mockUser.hasRole.called).be.true();
|
||||||
should(mockUser.get.calledOnce).be.true();
|
should(mockUser.get.calledOnce).be.true();
|
||||||
});
|
});
|
||||||
@ -418,7 +418,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Editor'),
|
var mockUser = getUserModel(3, 'Editor'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
done(new Error('Permissible function should have errored'));
|
done(new Error('Permissible function should have errored'));
|
||||||
}).catch((error) => {
|
}).catch((error) => {
|
||||||
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -432,7 +432,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Administrator'),
|
var mockUser = getUserModel(3, 'Administrator'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
done(new Error('Permissible function should have errored'));
|
done(new Error('Permissible function should have errored'));
|
||||||
}).catch((error) => {
|
}).catch((error) => {
|
||||||
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
error.should.be.an.instanceof(common.errors.NoPermissionError);
|
||||||
@ -446,7 +446,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Author'),
|
var mockUser = getUserModel(3, 'Author'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
should(mockUser.hasRole.called).be.true();
|
should(mockUser.hasRole.called).be.true();
|
||||||
should(mockUser.get.calledOnce).be.true();
|
should(mockUser.get.calledOnce).be.true();
|
||||||
});
|
});
|
||||||
@ -456,7 +456,7 @@ describe('Unit: models/user', function () {
|
|||||||
var mockUser = getUserModel(3, 'Contributor'),
|
var mockUser = getUserModel(3, 'Contributor'),
|
||||||
context = {user: 2};
|
context = {user: 2};
|
||||||
|
|
||||||
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true).then(() => {
|
return models.User.permissible(mockUser, 'destroy', context, {}, testUtils.permissions.editor, true, true, true).then(() => {
|
||||||
should(mockUser.hasRole.called).be.true();
|
should(mockUser.hasRole.called).be.true();
|
||||||
should(mockUser.get.calledOnce).be.true();
|
should(mockUser.get.calledOnce).be.true();
|
||||||
});
|
});
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user