overleaf/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js

const SandboxedModule = require('sandboxed-module')
const { expect } = require('chai')
const modulePath = '../../../../app/src/Features/Helpers/AuthorizationHelper'

describe('AuthorizationHelper', function () {
  beforeEach(function () {
    this.AuthorizationHelper = SandboxedModule.require(modulePath, {
      requires: {
        '../../models/User': {
          UserSchema: {
            obj: {
              staffAccess: {
                publisherMetrics: {},
                publisherManagement: {},
                institutionMetrics: {},
                institutionManagement: {},
                groupMetrics: {},
                groupManagement: {},
                adminMetrics: {}
              }
            }
          }
        }
      }
    })
  })

  describe('hasAnyStaffAccess', function () {
    it('with empty user', function () {
      const user = {}
      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
    })

    it('with no access user', function () {
      const user = { isAdmin: false, staffAccess: { adminMetrics: false } }
      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
    })

    it('with admin user', function () {
      const user = { isAdmin: true }
      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
    })

    it('with staff user', function () {
      const user = { staffAccess: { adminMetrics: true, somethingElse: false } }
      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
    })

    it('with non-staff user with extra attributes', function () {
      // make sure that staffAccess attributes not declared on the model don't
      // give user access
      const user = { staffAccess: { adminMetrics: false, somethingElse: true } }
      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
    })
  })
})
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`const SandboxedModule = require('sandboxed-module')`
Merge pull request #3830 from overleaf/em-upgrade-node-12 Upgrade to Node 12 GitOrigin-RevId: 19870922884b7c98e7e5f2c94df21829672d2db5 2021-03-31 08:20:55 -04:00			`const { expect } = require('chai')`
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`const modulePath = '../../../../app/src/Features/Helpers/AuthorizationHelper'`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`describe('AuthorizationHelper', function () {`
			`beforeEach(function () {`
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`this.AuthorizationHelper = SandboxedModule.require(modulePath, {`
			`requires: {`
			`'../../models/User': {`
			`UserSchema: {`
			`obj: {`
			`staffAccess: {`
			`publisherMetrics: {},`
			`publisherManagement: {},`
			`institutionMetrics: {},`
			`institutionManagement: {},`
			`groupMetrics: {},`
			`groupManagement: {},`
			`adminMetrics: {}`
			`}`
			`}`
			`}`
			`}`
			`}`
			`})`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`describe('hasAnyStaffAccess', function () {`
			`it('with empty user', function () {`
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`const user = {}`
			`expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('with no access user', function () {`
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`const user = { isAdmin: false, staffAccess: { adminMetrics: false } }`
			`expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('with admin user', function () {`
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`const user = { isAdmin: true }`
			`expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('with staff user', function () {`
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`const user = { staffAccess: { adminMetrics: true, somethingElse: false } }`
			`expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true`
			`})`

Merge pull request #3495 from overleaf/ae-prettier-2 Upgrade Prettier to v2 GitOrigin-RevId: 85aa3fa1acb6332c4f58c46165a43d1a51471f33 2021-04-14 09:17:21 -04:00			`it('with non-staff user with extra attributes', function () {`
Merge pull request #2692 from overleaf/ta-authorization-helper Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6 2020-04-01 11:08:14 -04:00			`// make sure that staffAccess attributes not declared on the model don't`
			`// give user access`
			`const user = { staffAccess: { adminMetrics: false, somethingElse: true } }`
			`expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false`
			`})`
			`})`
			`})`