Page Menu
Home
Sealhub
Search
Configure Global Search
Log In
Files
F996175
same-as-for-resource-in-field.subtest.ts
No One
Temporary
Actions
Download File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Referenced Files
None
Subscribers
None
same-as-for-resource-in-field.subtest.ts
View Options
import
assert
from
"assert"
;
import
{
withRunningApp
,
MockRestApi
}
from
"../../../test_utils/with-test-app"
;
import
{
assertThrowsAsync
}
from
"../../../test_utils/assert-throws-async"
;
import
{
App
,
Collection
,
ActionName
}
from
"../../../main"
;
import
{
AccessStrategyDefinition
}
from
"../../../chip-types/access-strategy"
;
import
Matches
from
"../special_filters/matches"
;
describe
(
"SameAsForResourceInField"
,
()
=>
{
const
sessions
:
{
[
username
:
string
]
:
any
}
=
{};
const
numbers
:
number
[]
=
[];
async
function
setup
(
app
:
App
,
rest_api
:
MockRestApi
,
access_strategy
:
{
[
action_name
in
ActionName
]
?:
AccessStrategyDefinition
;
}
)
{
Collection
.
fromDefinition
(
app
,
{
name
:
"numbers"
,
fields
:
[
{
name
:
"number"
,
type
:
"int"
,
},
],
named_filters
:
{
greater_than_1
:
new
Matches
(
app
,
{
number
:
{
">"
:
1
},
}),
},
access_strategy
,
});
Collection
.
fromDefinition
(
app
,
{
name
:
"number-notes"
,
fields
:
[
{
name
:
"note"
,
type
:
"text"
,
},
{
name
:
"number"
,
type
:
"single_reference"
,
params
:
{
collection
:
"numbers"
},
},
],
access_strategy
:
{
create
:
[
"same-as-for-resource-in-field"
,
{
action_name
:
"create"
,
field
:
"number"
,
collection
:
"number-notes"
,
},
],
show
:
[
"same-as-for-resource-in-field"
,
{
action_name
:
"show"
,
field
:
"number"
,
collection
:
"number-notes"
,
},
],
},
});
const
password
=
"password"
;
for
(
let
username
of
[
"alice"
,
"bob"
])
{
await
app
.
runAction
(
new
app
.
Sealious
.
SuperContext
(),
[
"collections"
,
"users"
],
"create"
,
{
username
,
password
,
email
:
`
${
username
}
@example.com`
,
}
);
sessions
[
username
]
=
await
rest_api
.
login
({
username
,
password
,
});
}
for
(
let
n
of
[
0
,
1
,
2
])
{
numbers
.
push
(
(
await
rest_api
.
post
(
"/api/v1/collections/numbers"
,
{
number
:
n
,
},
sessions
.
alice
)
).
id
);
}
}
async
function
post_number_notes
(
rest_api
:
MockRestApi
,
user
:
string
)
{
const
notes
=
[];
for
(
let
number
of
numbers
)
{
notes
.
push
(
await
rest_api
.
post
(
"/api/v1/collections/number-notes"
,
{
note
:
"Lorem ipsum "
+
(
notes
.
length
+
1
),
number
:
number
,
},
sessions
[
user
]
)
);
}
return
notes
;
}
it
(
"returns everything for number-notes referring to own numbers"
,
()
=>
withRunningApp
(
async
({
app
,
rest_api
})
=>
{
await
setup
(
app
,
rest_api
,
{
create
:
"public"
,
show
:
"owner"
,
});
const
posted_notes
=
await
post_number_notes
(
rest_api
,
"alice"
);
const
{
items
:
got_notes
}
=
await
rest_api
.
get
(
"/api/v1/collections/number-notes"
,
sessions
.
alice
);
assert
.
equal
(
got_notes
.
length
,
posted_notes
.
length
);
}));
it
(
"returns nothing for number-notes referring to other user's numbers"
,
()
=>
withRunningApp
(
async
({
app
,
rest_api
})
=>
{
await
setup
(
app
,
rest_api
,
{
create
:
"public"
,
show
:
"owner"
});
await
post_number_notes
(
rest_api
,
"alice"
);
const
{
items
:
got_notes
}
=
await
rest_api
.
get
(
"/api/v1/collections/number-notes"
,
sessions
.
bob
);
assert
.
equal
(
got_notes
.
length
,
0
);
}));
it
(
"returns item for number-notes referring to numbers with complex access strategy"
,
()
=>
withRunningApp
(
async
({
app
,
rest_api
})
=>
{
await
setup
(
app
,
rest_api
,
{
create
:
"logged-in"
,
show
:
[
"or"
,
[
"owner"
,
[
"when"
,
[
"numbers"
,
"greater_than_1"
,
"public"
]],
],
],
});
await
post_number_notes
(
rest_api
,
"alice"
);
const
{
items
:
got_notes
}
=
await
rest_api
.
get
(
"/api/v1/collections/number-notes"
,
sessions
.
bob
);
assert
.
equal
(
got_notes
.
length
,
1
);
}));
it
(
"doesn't allow to edit number-notes referring to other user's numbers"
,
()
=>
withRunningApp
(
async
({
app
,
rest_api
})
=>
{
await
setup
(
app
,
rest_api
,
{
create
:
"logged-in"
,
edit
:
"owner"
,
show
:
"owner"
,
});
const
posted_notes
=
await
post_number_notes
(
rest_api
,
"alice"
);
await
assertThrowsAsync
(
()
=>
rest_api
.
patch
(
`/api/v1/collections/number-notes/
${
posted_notes
[
0
].
id
}
`
,
{
note
:
"Lorem ipsumm"
},
sessions
.
bob
),
(
error
)
=>
{
assert
.
equal
(
(
error
as
any
).
response
.
data
.
message
,
"Only the owner of this resource can perform this operation on this item."
);
}
);
}));
});
File Metadata
Details
Attached
Mime Type
text/x-java
Expires
Tue, Dec 24, 12:51 (23 h, 41 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
557096
Default Alt Text
same-as-for-resource-in-field.subtest.ts (4 KB)
Attached To
Mode
rS Sealious
Attached
Detach File
Event Timeline
Log In to Comment