mirror of
https://github.com/Unleash/unleash.git
synced 2025-07-26 13:48:33 +02:00
fix: add permissions to editor
This commit is contained in:
Fredrik Oseberg
Ivar Conradi Østhus
parent
5ca23b80e7
commit
19f78314d1
@ -0,0 +1,27 @@
|
||||
exports.up = function (db, cb) {
|
||||
db.runSql(
|
||||
`
|
||||
INSERT INTO role_permission (role_id, permission_id, environment)
|
||||
SELECT
|
||||
(SELECT id as role_id from roles WHERE name = 'Editor' LIMIT 1),
|
||||
p.id as permission_id,
|
||||
e.name as environment
|
||||
FROM permissions p
|
||||
CROSS JOIN environments e
|
||||
WHERE p.permission IN
|
||||
('CREATE_FEATURE_STRATEGY',
|
||||
'UPDATE_FEATURE_STRATEGY',
|
||||
'DELETE_FEATURE_STRATEGY',
|
||||
'UPDATE_FEATURE_ENVIRONMENT');
|
||||
`,
|
||||
cb,
|
||||
);
|
||||
};
|
||||
|
||||
exports.down = function (db, cb) {
|
||||
db.runSql(
|
||||
`
|
||||
`,
|
||||
cb,
|
||||
);
|
||||
};
|
||||
@ -114,30 +114,264 @@ test('should not have admin permission', async () => {
|
||||
expect(await accessService.hasPermission(user, ADMIN)).toBe(false);
|
||||
});
|
||||
|
||||
test('should have project admin to default project', async () => {
|
||||
test('should have project admin to default project as editor', async () => {
|
||||
const projectName = 'default';
|
||||
const defaultEnv = 'default';
|
||||
const developmentEnv = 'development';
|
||||
const productionEnv = 'production';
|
||||
const {
|
||||
DELETE_PROJECT,
|
||||
UPDATE_PROJECT,
|
||||
CREATE_FEATURE,
|
||||
UPDATE_FEATURE,
|
||||
DELETE_FEATURE,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
} = permissions;
|
||||
const user = editorUser;
|
||||
expect(
|
||||
await accessService.hasPermission(user, DELETE_PROJECT, 'default'),
|
||||
await accessService.hasPermission(user, DELETE_PROJECT, projectName),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(user, UPDATE_PROJECT, 'default'),
|
||||
await accessService.hasPermission(user, UPDATE_PROJECT, projectName),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(user, CREATE_FEATURE, 'default'),
|
||||
await accessService.hasPermission(user, CREATE_FEATURE, projectName),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(user, UPDATE_FEATURE, 'default'),
|
||||
await accessService.hasPermission(user, UPDATE_FEATURE, projectName),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(user, DELETE_FEATURE, 'default'),
|
||||
await accessService.hasPermission(user, DELETE_FEATURE, projectName),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(true);
|
||||
});
|
||||
|
||||
test('Editor should not have project admin to other projects', async () => {
|
||||
const projectName = 'unusedprojectname';
|
||||
const defaultEnv = 'default';
|
||||
const developmentEnv = 'development';
|
||||
const productionEnv = 'production';
|
||||
const {
|
||||
DELETE_PROJECT,
|
||||
UPDATE_PROJECT,
|
||||
CREATE_FEATURE,
|
||||
UPDATE_FEATURE,
|
||||
DELETE_FEATURE,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
} = permissions;
|
||||
const user = editorUser;
|
||||
expect(
|
||||
await accessService.hasPermission(user, DELETE_PROJECT, projectName),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(user, UPDATE_PROJECT, projectName),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(user, CREATE_FEATURE, projectName),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(user, UPDATE_FEATURE, projectName),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(user, DELETE_FEATURE, projectName),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
projectName,
|
||||
defaultEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
projectName,
|
||||
developmentEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
CREATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
DELETE_FEATURE_STRATEGY,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
expect(
|
||||
await accessService.hasPermission(
|
||||
user,
|
||||
UPDATE_FEATURE_ENVIRONMENT,
|
||||
projectName,
|
||||
productionEnv,
|
||||
),
|
||||
).toBe(false);
|
||||
});
|
||||
|
||||
test('cannot add CREATE_FEATURE without defining project', async () => {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user