Changeset View
Changeset View
Standalone View
Standalone View
lib/app/base-chips/field-types/control-access.subtest.js
const assert = require("assert"); | const assert = require("assert"); | ||||
const locreq = require("locreq")(__dirname); | const locreq = require("locreq")(__dirname); | ||||
const { with_running_app } = locreq("test_utils/with-test-app.js"); | const { with_running_app } = locreq("test_utils/with-test-app.js"); | ||||
const assert_throws_async = locreq("test_utils/assert_throws_async.js"); | const assert_throws_async = locreq("test_utils/assert_throws_async.js"); | ||||
const SSH_KEYS_URL = "/api/v1/collections/ssh-keys"; | const SSH_KEYS_URL = "/api/v1/collections/ssh-keys"; | ||||
describe("control-access", () => { | describe("control-access", () => { | ||||
let sessions = {}; | let sessions = {}; | ||||
async function create_ssh_keys_collections(App) { | async function create_ssh_keys_collections(App) { | ||||
App.createChip(App.Sealious.Collection, { | App.createChip(App.Sealious.Collection, { | ||||
name: "ssh-keys", | name: "ssh-keys", | ||||
fields: [ | fields: [ | ||||
{ | { | ||||
name: "public", | name: "visible", | ||||
type: "text", | type: "text", | ||||
required: true, | required: true, | ||||
}, | }, | ||||
{ | { | ||||
name: "private", | name: "hidden", | ||||
type: "control-access", | type: "control-access", | ||||
params: { | params: { | ||||
target_access_strategies: { | target_access_strategies: { | ||||
show: ["roles", ["admin"]], | show: ["roles", ["admin"]], | ||||
edit: ["roles", ["admin"]], | edit: ["roles", ["admin"]], | ||||
}, | }, | ||||
target_field_type_name: "text", | target_field_type_name: "text", | ||||
target_params: { | target_params: { | ||||
Show All 39 Lines | await rest_api.post( | ||||
}, | }, | ||||
sessions.admin | sessions.admin | ||||
); | ); | ||||
} | } | ||||
async function fill_keys_collections(App) { | async function fill_keys_collections(App) { | ||||
const keys = [ | const keys = [ | ||||
{ | { | ||||
public: "a-public-key", | visible: "a-visible-key", | ||||
private: "seeeeecret", | hidden: "seeeeecret", | ||||
}, | }, | ||||
{ | { | ||||
public: "go-get-it", | visible: "go-get-it", | ||||
private: "you-cannot-see", | hidden: "you-cannot-see", | ||||
}, | }, | ||||
]; | ]; | ||||
for (let { public, private } of keys) { | for (let { visible, hidden } of keys) { | ||||
let key = await App.run_action( | await App.run_action( | ||||
new App.Sealious.SuperContext(), | new App.Sealious.SuperContext(), | ||||
["collections", "ssh-keys"], | ["collections", "ssh-keys"], | ||||
"create", | "create", | ||||
{ | { | ||||
public, | visible, | ||||
private, | hidden, | ||||
} | } | ||||
); | ); | ||||
} | } | ||||
} | } | ||||
async function setup(app, rest_api, base_url) { | async function setup(app, rest_api, base_url) { | ||||
await create_ssh_keys_collections(app); | await create_ssh_keys_collections(app); | ||||
await fill_keys_collections(app); | await fill_keys_collections(app); | ||||
await setup_users(app, rest_api, base_url); | await setup_users(app, rest_api, base_url); | ||||
} | } | ||||
it("Hides a protected value from regular-user", async () => | it("Hides a protected value from regular-user", async () => | ||||
with_running_app(async ({ app, rest_api, base_url }) => { | with_running_app(async ({ app, rest_api, base_url }) => { | ||||
await setup(app, rest_api, base_url); | await setup(app, rest_api, base_url); | ||||
const { items: ssh_keys } = await rest_api.get( | const { items: ssh_keys } = await rest_api.get( | ||||
SSH_KEYS_URL, | SSH_KEYS_URL, | ||||
sessions["regular-user"] | sessions["regular-user"] | ||||
); | ); | ||||
ssh_keys.forEach(key => { | ssh_keys.forEach(key => { | ||||
assert.deepEqual(key.private, ""); | assert.deepEqual(key.hidden, ""); | ||||
}); | }); | ||||
})); | })); | ||||
it("Uncovers a protected value for admin", async () => | it("Uncovers a protected value for admin", async () => | ||||
with_running_app(async ({ app, rest_api, base_url }) => { | with_running_app(async ({ app, rest_api, base_url }) => { | ||||
await setup(app, rest_api, base_url); | await setup(app, rest_api, base_url); | ||||
const { items: ssh_keys } = await rest_api.get( | const { items: ssh_keys } = await rest_api.get( | ||||
SSH_KEYS_URL, | SSH_KEYS_URL, | ||||
sessions.admin | sessions.admin | ||||
); | ); | ||||
ssh_keys.forEach(key => { | ssh_keys.forEach(key => { | ||||
assert(key.private.length >= 3); | assert(key.hidden.length >= 3); | ||||
}); | }); | ||||
})); | })); | ||||
it("Respects given field type constraints", async () => | it("Respects given field type constraints", async () => | ||||
with_running_app(async ({ app, rest_api, base_url }) => { | with_running_app(async ({ app, rest_api, base_url }) => { | ||||
await setup(app, rest_api, base_url); | await setup(app, rest_api, base_url); | ||||
await assert_throws_async( | await assert_throws_async( | ||||
() => | () => | ||||
rest_api.post( | rest_api.post( | ||||
SSH_KEYS_URL, | SSH_KEYS_URL, | ||||
{ | { | ||||
public: "XDDDDDDDDDDDD", | visible: "XDDDDDDDDDDDD", | ||||
private: "XD", | hidden: "XD", | ||||
}, | }, | ||||
sessions.admin | sessions.admin | ||||
), | ), | ||||
e => | e => | ||||
assert.equal( | assert.equal( | ||||
e.response.data.data.private.message, | e.response.data.data.hidden.message, | ||||
"Text 'XD' is too short, minimum length is 3 chars." | "Text 'XD' is too short, minimum length is 3 chars." | ||||
) | ) | ||||
); | ); | ||||
})); | })); | ||||
it("Allows admin to update a protected field", async () => | it("Allows admin to update a protected field", async () => | ||||
with_running_app(async ({ app, rest_api, base_url }) => { | with_running_app(async ({ app, rest_api, base_url }) => { | ||||
await setup(app, rest_api, base_url); | await setup(app, rest_api, base_url); | ||||
const key = await rest_api.post( | const key = await rest_api.post( | ||||
SSH_KEYS_URL, | SSH_KEYS_URL, | ||||
{ | { | ||||
public: "123123", | visible: "123123", | ||||
private: "321321", | hidden: "321321", | ||||
}, | }, | ||||
sessions.admin | sessions.admin | ||||
); | ); | ||||
const updated_key = await rest_api.patch( | const updated_key = await rest_api.patch( | ||||
`${SSH_KEYS_URL}/${key.id}`, | `${SSH_KEYS_URL}/${key.id}`, | ||||
{ | { | ||||
private: "654321", | hidden: "654321", | ||||
}, | }, | ||||
sessions.admin | sessions.admin | ||||
); | ); | ||||
assert.deepEqual(updated_key.private, "654321"); | assert.deepEqual(updated_key.hidden, "654321"); | ||||
})); | })); | ||||
it("Doesn't allow regular-user to update a protected field", async () => | it("Doesn't allow regular-user to update a protected field", async () => | ||||
with_running_app(async ({ app, rest_api, base_url }) => { | with_running_app(async ({ app, rest_api, base_url }) => { | ||||
await setup(app, rest_api, base_url); | await setup(app, rest_api, base_url); | ||||
const key = await rest_api.post( | const key = await rest_api.post( | ||||
SSH_KEYS_URL, | SSH_KEYS_URL, | ||||
{ | { | ||||
public: "123123", | visible: "123123", | ||||
private: "321321", | hidden: "321321", | ||||
}, | }, | ||||
sessions.admin | sessions.admin | ||||
); | ); | ||||
await assert_throws_async( | await assert_throws_async( | ||||
() => | () => | ||||
rest_api.patch( | rest_api.patch( | ||||
`${SSH_KEYS_URL}/${key.id}`, | `${SSH_KEYS_URL}/${key.id}`, | ||||
{ private: "331c6883dd6010864b7ead130be77cd5" }, | { hidden: "331c6883dd6010864b7ead130be77cd5" }, | ||||
sessions["regular-user"] | sessions["regular-user"] | ||||
), | ), | ||||
e => | e => | ||||
assert.deepEqual( | assert.deepEqual( | ||||
e.response.data.data.private.message, | e.response.data.data.hidden.message, | ||||
"You are not allowed to update this field." | "You are not allowed to update this field." | ||||
) | ) | ||||
); | ); | ||||
})); | })); | ||||
}); | }); |