2020-04-01 11:08:14 -04:00
|
|
|
const SandboxedModule = require('sandboxed-module')
|
2021-03-31 08:20:55 -04:00
|
|
|
const { expect } = require('chai')
|
2020-04-01 11:08:14 -04:00
|
|
|
const modulePath = '../../../../app/src/Features/Helpers/AuthorizationHelper'
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
describe('AuthorizationHelper', function () {
|
|
|
|
beforeEach(function () {
|
2020-04-01 11:08:14 -04:00
|
|
|
this.AuthorizationHelper = SandboxedModule.require(modulePath, {
|
|
|
|
requires: {
|
|
|
|
'../../models/User': {
|
|
|
|
UserSchema: {
|
|
|
|
obj: {
|
|
|
|
staffAccess: {
|
|
|
|
publisherMetrics: {},
|
|
|
|
publisherManagement: {},
|
|
|
|
institutionMetrics: {},
|
|
|
|
institutionManagement: {},
|
|
|
|
groupMetrics: {},
|
|
|
|
groupManagement: {},
|
2021-04-27 03:52:58 -04:00
|
|
|
adminMetrics: {},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
2020-04-01 11:08:14 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
describe('hasAnyStaffAccess', function () {
|
|
|
|
it('with empty user', function () {
|
2020-04-01 11:08:14 -04:00
|
|
|
const user = {}
|
|
|
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
|
|
|
|
})
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('with no access user', function () {
|
2020-04-01 11:08:14 -04:00
|
|
|
const user = { isAdmin: false, staffAccess: { adminMetrics: false } }
|
|
|
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
|
|
|
|
})
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('with admin user', function () {
|
2020-04-01 11:08:14 -04:00
|
|
|
const user = { isAdmin: true }
|
|
|
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
|
|
|
|
})
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('with staff user', function () {
|
2020-04-01 11:08:14 -04:00
|
|
|
const user = { staffAccess: { adminMetrics: true, somethingElse: false } }
|
|
|
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
|
|
|
|
})
|
|
|
|
|
2021-04-14 09:17:21 -04:00
|
|
|
it('with non-staff user with extra attributes', function () {
|
2020-04-01 11:08:14 -04:00
|
|
|
// make sure that staffAccess attributes not declared on the model don't
|
|
|
|
// give user access
|
|
|
|
const user = { staffAccess: { adminMetrics: false, somethingElse: true } }
|
|
|
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|