github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-24 18:56:32 -05:00
Code Issues Projects Releases Packages Wiki Activity

test: add private api tests for checkPermissionOnNote and checkMediaDeletePermission

Browse source 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Yannick Bungers 2023-03-26 18:04:19 +02:00 committed by Yannick Bungers
parent 001a49329c
commit fad5e1e22e
1 changed files with 92 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
backend/src/permissions/permissions.service.spec.ts
View file

@ -28,6 +28,7 @@ import { GroupsModule } from '../groups/groups.module';
import { SpecialGroup } from '../groups/groups.special';
import { Identity } from '../identity/identity.entity';
import { LoggerModule } from '../logger/logger.module';
import { MediaUpload } from '../media/media-upload.entity';
import { Alias } from '../notes/alias.entity';
import {
NoteGroupPermissionUpdateDto,
@ -43,6 +44,7 @@ import { User } from '../users/user.entity';
import { UsersModule } from '../users/users.module';
import { NoteGroupPermission } from './note-group-permission.entity';
import { NoteUserPermission } from './note-user-permission.entity';
import { Permission } from './permissions.enum';
import { PermissionsModule } from './permissions.module';
import { PermissionsService } from './permissions.service';
@ -736,6 +738,96 @@ describe('PermissionsService', () => {
});
});
describe('checkMediaDeletePermission', () => {
describe('accepts', () => {
it('for media owner', async () => {
const mediaUpload = {} as MediaUpload;
mediaUpload.note = Promise.resolve(notes[1]);
mediaUpload.user = Promise.resolve(user1);
expect(
service.checkMediaDeletePermission(user1, mediaUpload),
).toBeTruthy();
});
it('for note owner', async () => {
const mediaUpload = {} as MediaUpload;
mediaUpload.note = Promise.resolve(notes[1]);
mediaUpload.user = Promise.resolve(user1);
expect(
service.checkMediaDeletePermission(user2, mediaUpload),
).toBeTruthy();
});
});
describe('denies', () => {
it('for not owner', async () => {
const user3 = {} as User;
user3.id = 3;
const mediaUpload = {} as MediaUpload;
mediaUpload.note = Promise.resolve(notes[1]);
mediaUpload.user = Promise.resolve(user1);
expect(
await service.checkMediaDeletePermission(user3, mediaUpload),
).toBeFalsy();
});
});
});
describe('checkPermissionOnNote', () => {
describe('accepts', () => {
it('with mayRead', async () => {
jest.spyOn(service, 'mayRead').mockImplementationOnce(async () => {
return true;
});
expect(
await service.checkPermissionOnNote(Permission.READ, user1, notes[0]),
).toBeTruthy();
});
it('with mayWrite', async () => {
jest.spyOn(service, 'mayWrite').mockImplementationOnce(async () => {
return true;
});
expect(
await service.checkPermissionOnNote(
Permission.WRITE,
user1,
notes[0],
),
).toBeTruthy();
});
it('with isOwner', async () => {
jest.spyOn(service, 'isOwner').mockImplementationOnce(async () => {
return true;
});
expect(
await service.checkPermissionOnNote(
Permission.OWNER,
user1,
notes[0],
),
).toBeTruthy();
});
});
describe('denies', () => {
it('with no permission', async () => {
jest.spyOn(service, 'mayRead').mockImplementationOnce(async () => {
return false;
});
jest.spyOn(service, 'mayWrite').mockImplementationOnce(async () => {
return false;
});
jest.spyOn(service, 'isOwner').mockImplementationOnce(async () => {
return false;
});
expect(
await service.checkPermissionOnNote(
Permission.OWNER,
user1,
notes[0],
),
).toBeFalsy();
});
});
});
describe('updateNotePermissions', () => {
const userPermissionUpdate = new NoteUserPermissionUpdateDto();
userPermissionUpdate.username = 'hardcoded';