unleash.unleash/lib/middleware/permission-checker.test.js

'use strict';

const test = require('ava');
const supertest = require('supertest');
const { EventEmitter } = require('events');
const store = require('../../test/fixtures/store');
const checkPermission = require('./permission-checker');
const getApp = require('../app');
const getLogger = require('../../test/fixtures/no-logger');

const eventBus = new EventEmitter();

function getSetup(preRouterHook) {
    const base = `/random${Math.round(Math.random() * 1000)}`;
    const stores = store.createStores();
    const app = getApp({
        baseUriPath: base,
        stores,
        eventBus,
        getLogger,
        preRouterHook(_app) {
            preRouterHook(_app);

            _app.get(
                `${base}/protectedResource`,
                checkPermission({ extendedPermissions: true }, 'READ'),
                (req, res) => {
                    res.status(200)
                        .json({ message: 'OK' })
                        .end();
                },
            );
        },
    });

    return {
        base,
        request: supertest(app),
    };
}

test('should return 403 when missing permission', t => {
    t.plan(0);
    const { base, request } = getSetup(() => {});

    return request.get(`${base}/protectedResource`).expect(403);
});

test('should allow access with correct permissions', t => {
    const { base, request } = getSetup(app => {
        app.use((req, res, next) => {
            req.user = { email: 'some@email.com', permissions: ['READ'] };
            next();
        });
    });

    return request
        .get(`${base}/protectedResource`)
        .expect(200)
        .expect(res => {
            t.is(res.body.message, 'OK');
        });
});

test('should allow access with admin permissions', t => {
    const { base, request } = getSetup(app => {
        app.use((req, res, next) => {
            req.user = { email: 'some@email.com', permissions: ['ADMIN'] };
            next();
        });
    });

    return request
        .get(`${base}/protectedResource`)
        .expect(200)
        .expect(res => {
            t.is(res.body.message, 'OK');
        });
});
feature: Add action specific user permissions 2018-12-19 10:36:56 +01:00			`'use strict';`

			`const test = require('ava');`
fix: use airbnb lint rules directly (#583) This drops usage of finn-eslint rules as they are no longer maintained. 2020-04-14 22:29:11 +02:00			`const supertest = require('supertest');`
			`const { EventEmitter } = require('events');`
Refactored controllers, moved checkPermission to permission-checker.js middleware 2018-12-19 14:50:01 +01:00			`const store = require('../../test/fixtures/store');`
			`const checkPermission = require('./permission-checker');`
			`const getApp = require('../app');`
fix: LogProvider as option injected to unleash. Instead of instructing users to do static calls in to Unleash, she should instead be allwed to specify the log provider as an option to Unleash. This commit introduces the "getLogger" option, a function responsible for creating a logger. 2019-04-30 21:14:23 +02:00			`const getLogger = require('../../test/fixtures/no-logger');`
feature: Add action specific user permissions 2018-12-19 10:36:56 +01:00
			`const eventBus = new EventEmitter();`

			`function getSetup(preRouterHook) {`
			const base = `/random${Math.round(Math.random() * 1000)}`;
			`const stores = store.createStores();`
			`const app = getApp({`
			`baseUriPath: base,`
			`stores,`
			`eventBus,`
fix: LogProvider as option injected to unleash. Instead of instructing users to do static calls in to Unleash, she should instead be allwed to specify the log provider as an option to Unleash. This commit introduces the "getLogger" option, a function responsible for creating a logger. 2019-04-30 21:14:23 +02:00			`getLogger,`
feature: Add action specific user permissions 2018-12-19 10:36:56 +01:00			`preRouterHook(_app) {`
			`preRouterHook(_app);`

			`_app.get(`
			`${base}/protectedResource`,
Refactored controllers, moved checkPermission to permission-checker.js middleware 2018-12-19 14:50:01 +01:00			`checkPermission({ extendedPermissions: true }, 'READ'),`
feature: Add action specific user permissions 2018-12-19 10:36:56 +01:00			`(req, res) => {`
			`res.status(200)`
			`.json({ message: 'OK' })`
			`.end();`
fix: use airbnb lint rules directly (#583) This drops usage of finn-eslint rules as they are no longer maintained. 2020-04-14 22:29:11 +02:00			`},`
feature: Add action specific user permissions 2018-12-19 10:36:56 +01:00			`);`
			`},`
			`});`

			`return {`
			`base,`
			`request: supertest(app),`
			`};`
			`}`

			`test('should return 403 when missing permission', t => {`
			`t.plan(0);`
			`const { base, request } = getSetup(() => {});`

			return request.get(`${base}/protectedResource`).expect(403);
			`});`

			`test('should allow access with correct permissions', t => {`
			`const { base, request } = getSetup(app => {`
			`app.use((req, res, next) => {`
			`req.user = { email: 'some@email.com', permissions: ['READ'] };`
			`next();`
			`});`
			`});`

			`return request`
			.get(`${base}/protectedResource`)
			`.expect(200)`
			`.expect(res => {`
			`t.is(res.body.message, 'OK');`
			`});`
			`});`

			`test('should allow access with admin permissions', t => {`
			`const { base, request } = getSetup(app => {`
			`app.use((req, res, next) => {`
			`req.user = { email: 'some@email.com', permissions: ['ADMIN'] };`
			`next();`
			`});`
			`});`

			`return request`
			.get(`${base}/protectedResource`)
			`.expect(200)`
			`.expect(res => {`
			`t.is(res.body.message, 'OK');`
			`});`
			`});`