2022-08-19 10:28:53 +02:00
|
|
|
import NameExistsError from '../error/name-exists-error';
|
|
|
|
import getLogger from '../../test/fixtures/no-logger';
|
2023-06-22 16:42:01 +02:00
|
|
|
import { createFakeAccessService } from '../features/access/createAccessService';
|
|
|
|
import { IRoleValidation } from './access-service';
|
2023-06-14 15:40:40 +02:00
|
|
|
import { createTestConfig } from '../../test/config/test-config';
|
2023-06-22 16:42:01 +02:00
|
|
|
import { CUSTOM_ROOT_ROLE_TYPE } from '../util/constants';
|
2022-08-19 10:28:53 +02:00
|
|
|
|
2023-06-22 16:42:01 +02:00
|
|
|
function getSetup(customRootRoles: boolean = false) {
|
2023-06-14 15:40:40 +02:00
|
|
|
const config = createTestConfig({
|
|
|
|
getLogger,
|
2023-06-22 16:42:01 +02:00
|
|
|
experimental: {
|
|
|
|
flags: {
|
|
|
|
customRootRoles: customRootRoles,
|
|
|
|
},
|
|
|
|
},
|
2023-06-14 15:40:40 +02:00
|
|
|
});
|
|
|
|
|
2022-08-19 10:28:53 +02:00
|
|
|
return {
|
2023-06-22 16:42:01 +02:00
|
|
|
accessService: createFakeAccessService(config),
|
2022-08-19 10:28:53 +02:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2023-06-22 16:42:01 +02:00
|
|
|
test('should fail when name exists', async () => {
|
|
|
|
const { accessService } = getSetup();
|
|
|
|
const existingRole = await accessService.createRole({
|
2022-08-19 10:28:53 +02:00
|
|
|
name: 'existing role',
|
|
|
|
description: 'description',
|
2023-06-22 16:42:01 +02:00
|
|
|
permissions: [],
|
|
|
|
});
|
|
|
|
|
2022-08-19 10:28:53 +02:00
|
|
|
expect(accessService.validateRole(existingRole)).rejects.toThrow(
|
|
|
|
new NameExistsError(
|
|
|
|
`There already exists a role with the name ${existingRole.name}`,
|
|
|
|
),
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should validate a role without permissions', async () => {
|
2023-06-22 16:42:01 +02:00
|
|
|
const { accessService } = getSetup();
|
2022-08-19 10:28:53 +02:00
|
|
|
|
|
|
|
const withoutPermissions: IRoleValidation = {
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
};
|
|
|
|
expect(await accessService.validateRole(withoutPermissions)).toEqual(
|
|
|
|
withoutPermissions,
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should complete description field when not present', async () => {
|
2023-06-22 16:42:01 +02:00
|
|
|
const { accessService } = getSetup();
|
2022-08-19 10:28:53 +02:00
|
|
|
const withoutDescription: IRoleValidation = {
|
|
|
|
name: 'name of the role',
|
|
|
|
};
|
|
|
|
expect(await accessService.validateRole(withoutDescription)).toEqual({
|
|
|
|
name: 'name of the role',
|
|
|
|
description: '',
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should accept empty permissions', async () => {
|
2023-06-22 16:42:01 +02:00
|
|
|
const { accessService } = getSetup();
|
2022-08-19 10:28:53 +02:00
|
|
|
const withEmptyPermissions: IRoleValidation = {
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
permissions: [],
|
|
|
|
};
|
|
|
|
expect(await accessService.validateRole(withEmptyPermissions)).toEqual({
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
permissions: [],
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should complete environment field of permissions when not present', async () => {
|
2023-06-22 16:42:01 +02:00
|
|
|
const { accessService } = getSetup();
|
2022-08-19 10:28:53 +02:00
|
|
|
const withoutEnvironmentInPermissions: IRoleValidation = {
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
permissions: [
|
|
|
|
{
|
|
|
|
id: 1,
|
|
|
|
},
|
|
|
|
],
|
|
|
|
};
|
|
|
|
expect(
|
|
|
|
await accessService.validateRole(withoutEnvironmentInPermissions),
|
|
|
|
).toEqual({
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
permissions: [
|
|
|
|
{
|
|
|
|
id: 1,
|
|
|
|
environment: '',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should return the same object when all fields are valid and present', async () => {
|
2023-06-22 16:42:01 +02:00
|
|
|
const { accessService } = getSetup();
|
2022-08-19 10:28:53 +02:00
|
|
|
|
|
|
|
const roleWithAllFields: IRoleValidation = {
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
permissions: [
|
|
|
|
{
|
|
|
|
id: 1,
|
|
|
|
environment: 'development',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
};
|
|
|
|
expect(await accessService.validateRole(roleWithAllFields)).toEqual({
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
permissions: [
|
|
|
|
{
|
|
|
|
id: 1,
|
|
|
|
environment: 'development',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should be able to validate and cleanup with additional properties', async () => {
|
2023-06-22 16:42:01 +02:00
|
|
|
const { accessService } = getSetup();
|
2022-08-19 10:28:53 +02:00
|
|
|
const base = {
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
additional: 'property',
|
|
|
|
permissions: [
|
|
|
|
{
|
|
|
|
id: 1,
|
|
|
|
environment: 'development',
|
|
|
|
name: 'name',
|
|
|
|
displayName: 'displayName',
|
|
|
|
type: 'type',
|
|
|
|
additional: 'property',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
};
|
|
|
|
expect(await accessService.validateRole(base)).toEqual({
|
|
|
|
name: 'name of the role',
|
|
|
|
description: 'description',
|
|
|
|
permissions: [
|
|
|
|
{
|
|
|
|
id: 1,
|
|
|
|
environment: 'development',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
});
|
|
|
|
});
|
2023-06-22 16:42:01 +02:00
|
|
|
|
|
|
|
test('user with custom root role should get a user root role', async () => {
|
|
|
|
const { accessService } = getSetup(true);
|
|
|
|
const customRootRole = await accessService.createRole({
|
|
|
|
name: 'custom-root-role',
|
|
|
|
description: 'test custom root role',
|
|
|
|
type: CUSTOM_ROOT_ROLE_TYPE,
|
|
|
|
permissions: [],
|
|
|
|
});
|
|
|
|
const user = {
|
|
|
|
id: 1,
|
|
|
|
rootRole: customRootRole.id,
|
|
|
|
};
|
|
|
|
await accessService.setUserRootRole(user.id, customRootRole.id);
|
|
|
|
|
|
|
|
const roles = await accessService.getUserRootRoles(user.id);
|
|
|
|
expect(roles).toHaveLength(1);
|
|
|
|
expect(roles[0].name).toBe('custom-root-role');
|
|
|
|
});
|