fix: hasPermission should not throw

2025-02-09 00:18:00 +01:00 · 2021-04-23 12:52:29 +02:00 · 2021-04-23 12:52:29 +02:00 · 709d12a1dc
commit 709d12a1dc
parent 8845c90f57
3 changed files with 61 additions and 9 deletions
--- a/src/lib/services/access-service.ts
+++ b/src/lib/services/access-service.ts
@ -1,3 +1,4 @@
+import { catch } from 'fetch-mock';
 import {
    AccessStore,
    IRole,
@ -125,16 +126,22 @@ export class AccessService {
            `Checking permission=${permission}, userId=${user.id} projectId=${projectId}`,
        );

-        const userP = await this.store.getPermissionsForUser(user.id);
+        try {
+            const userP = await this.store.getPermissionsForUser(user.id);

-        return userP
-            .filter(
-                p =>
-                    !p.project ||
-                    p.project === projectId ||
-                    p.project === ALL_PROJECTS,
-            )
-            .some(p => p.permission === permission || p.permission === ADMIN);
+            return userP
+                .filter(
+                    p =>
+                        !p.project ||
+                        p.project === projectId ||
+                        p.project === ALL_PROJECTS,
+                )
+                .some(p => p.permission === permission || p.permission === ADMIN);
+        } catch(e) {
+            this.logger.error(`Error checking permission=${permission}, userId=${user.id} projectId=${projectId}`, e);
+            return Promise.resolve(false);
+        }
+        
    }

    async getPermissionsForUser(user: User): Promise<IUserPermission[]> {
--- a/src/test/e2e/services/access-service.e2e.test.js
+++ b/src/test/e2e/services/access-service.e2e.test.js
@ -399,3 +399,22 @@ test.serial('should switch root role for user', async t => {
    t.is(roles.length, 1);
    t.is(roles[0].name, RoleName.VIEWER);
 });
+
+test.serial('should not crash if user does not have permission', async t => {
+    const { userStore } = stores;
+
+    const user = await userStore.insert({
+        name: 'Some User',
+        email: 'random55Read@getunleash.io',
+    });
+
+    await accessService.setUserRootRole(user.id, readRole.id);
+
+    const { UPDATE_CONTEXT_FIELD } = permissions;
+    const hasAccess = await accessService.hasPermission(
+        user,
+        UPDATE_CONTEXT_FIELD,
+    );
+
+    t.false(hasAccess);
+});
--- a/src/test/e2e/stores/feature-toggle-store.e2e.test.js
+++ b/src/test/e2e/stores/feature-toggle-store.e2e.test.js
@ -0,0 +1,26 @@
+'use strict';
+
+const test = require('ava');
+const dbInit = require('../helpers/database-init');
+const getLogger = require('../../fixtures/no-logger');
+
+let stores;
+let db;
+let featureToggleStore;
+
+test.before(async () => {
+    db = await dbInit('feature_toggle_store_serial', getLogger);
+    stores = db.stores;
+    featureToggleStore = stores.featureToggleStore;
+});
+
+test.after(async () => {
+    await db.destroy();
+});
+
+test.serial('should not crash for unknown toggle', async t => {
+    const project = await featureToggleStore.getProjectId(
+        'missing-toggle-name',
+    );
+    t.is(project, undefined);
+});