mirror of
https://github.com/TryGhost/Ghost.git
synced 2024-12-22 10:21:36 +03:00
143921948d
refs b6728ecb0f
- The "no-shadow" eslint rune was introduced into ghost's eslint plugin (referenced commmit), which resulted in flood of warning in console output when linting the project codebase.
- This cleanup is aiming to make any new linting issues more visible. Follow up commits will contain similar cleanups in other parts of the codebase
154 lines
6.0 KiB
JavaScript
154 lines
6.0 KiB
JavaScript
const should = require('should');
|
|
const _ = require('lodash');
|
|
const errors = require('@tryghost/errors');
|
|
const applyPublicRules = require('../../../../core/server/services/permissions/public');
|
|
|
|
describe('Permissions', function () {
|
|
describe('applyPublicRules', function () {
|
|
it('should return empty object for docName with no rules', function (done) {
|
|
applyPublicRules('test', 'test', {}).then(function (result) {
|
|
result.should.eql({});
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('should return unchanged object for non-public context', function (done) {
|
|
const internal = {context: 'internal'};
|
|
const user = {context: {user: 1}};
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(internal)).then(function (result) {
|
|
result.should.eql(internal);
|
|
|
|
return applyPublicRules('posts', 'browse', _.cloneDeep(user));
|
|
}).then(function (result) {
|
|
result.should.eql(user);
|
|
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('should return unchanged object for post with public context', function (done) {
|
|
const publicContext = {context: {}};
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(publicContext)).then(function (result) {
|
|
result.should.not.eql(publicContext);
|
|
result.should.eql({
|
|
context: {},
|
|
status: 'published'
|
|
});
|
|
|
|
return applyPublicRules('posts', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'published'}));
|
|
}).then(function (result) {
|
|
result.should.eql({
|
|
context: {},
|
|
status: 'published'
|
|
});
|
|
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('should throw an error for draft post without uuid (read)', function (done) {
|
|
const draft = {context: {}, data: {status: 'draft'}};
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
|
|
done('Did not throw an error for draft');
|
|
}).catch(function (err) {
|
|
(err instanceof errors.NoPermissionError).should.eql(true);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('should throw an error for draft post (browse)', function (done) {
|
|
const draft = {context: {}, status: 'draft'};
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
|
|
done('Did not throw an error for draft');
|
|
}).catch(function (err) {
|
|
(err instanceof errors.NoPermissionError).should.eql(true);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('should permit post draft status with uuid (read)', function (done) {
|
|
const draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd'}};
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
|
|
result.should.eql(draft);
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('should permit post all status with uuid (read)', function (done) {
|
|
const draft = {context: {}, data: {status: 'all', uuid: '1234-abcd'}};
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
|
|
result.should.eql(draft);
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
|
|
it('should NOT permit post draft status with uuid (browse)', function (done) {
|
|
const draft = {context: {}, status: 'draft', uuid: '1234-abcd'};
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
|
|
done('Did not throw an error for draft');
|
|
}).catch(function (err) {
|
|
(err instanceof errors.NoPermissionError).should.eql(true);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('should NOT permit post all status with uuid (browse)', function (done) {
|
|
const draft = {context: {}, status: 'all', uuid: '1234-abcd'};
|
|
|
|
applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
|
|
done('Did not throw an error for draft');
|
|
}).catch(function (err) {
|
|
(err instanceof errors.NoPermissionError).should.eql(true);
|
|
done();
|
|
});
|
|
});
|
|
|
|
it('should throw an error for draft post with uuid and id or slug (read)', function (done) {
|
|
let draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', id: 1}};
|
|
|
|
applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
|
|
done('Did not throw an error for draft');
|
|
}).catch(function (err) {
|
|
(err instanceof errors.NoPermissionError).should.eql(true);
|
|
|
|
draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', slug: 'abcd'}};
|
|
|
|
return applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
|
|
done('Did not throw an error for draft');
|
|
}).catch(function (error) {
|
|
(error instanceof errors.NoPermissionError).should.eql(true);
|
|
done();
|
|
});
|
|
});
|
|
});
|
|
|
|
it('should return unchanged object for user with public context', function (done) {
|
|
const publicContext = {context: {}};
|
|
|
|
applyPublicRules('users', 'browse', _.cloneDeep(publicContext)).then(function (result) {
|
|
result.should.not.eql(publicContext);
|
|
result.should.eql({
|
|
context: {},
|
|
status: 'all'
|
|
});
|
|
|
|
return applyPublicRules('users', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'active'}));
|
|
}).then(function (result) {
|
|
result.should.eql({
|
|
context: {},
|
|
status: 'active'
|
|
});
|
|
|
|
done();
|
|
}).catch(done);
|
|
});
|
|
});
|
|
});
|