2020-06-23 13:29:59 -04:00
|
|
|
/*
|
|
|
|
* decaffeinate suggestions:
|
|
|
|
* DS102: Remove unnecessary code created because of implicit returns
|
|
|
|
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
|
|
|
|
*/
|
|
|
|
const chai = require("chai");
|
|
|
|
chai.should();
|
|
|
|
const {
|
|
|
|
expect
|
|
|
|
} = chai;
|
|
|
|
const sinon = require("sinon");
|
|
|
|
const SandboxedModule = require('sandboxed-module');
|
|
|
|
const path = require("path");
|
|
|
|
const modulePath = '../../../app/js/AuthorizationManager';
|
|
|
|
|
|
|
|
describe('AuthorizationManager', function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
this.client =
|
|
|
|
{ol_context: {}};
|
|
|
|
|
|
|
|
return this.AuthorizationManager = SandboxedModule.require(modulePath, {requires: {}});});
|
|
|
|
|
|
|
|
describe("assertClientCanViewProject", function() {
|
|
|
|
it("should allow the readOnly privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "readOnly";
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProject(this.client, function(error) {
|
|
|
|
expect(error).to.be.null;
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should allow the readAndWrite privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "readAndWrite";
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProject(this.client, function(error) {
|
|
|
|
expect(error).to.be.null;
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should allow the owner privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "owner";
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProject(this.client, function(error) {
|
|
|
|
expect(error).to.be.null;
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should return an error with any other privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "unknown";
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProject(this.client, function(error) {
|
|
|
|
error.message.should.equal("not authorized");
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
describe("assertClientCanEditProject", function() {
|
|
|
|
it("should not allow the readOnly privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "readOnly";
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProject(this.client, function(error) {
|
|
|
|
error.message.should.equal("not authorized");
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should allow the readAndWrite privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "readAndWrite";
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProject(this.client, function(error) {
|
|
|
|
expect(error).to.be.null;
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should allow the owner privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "owner";
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProject(this.client, function(error) {
|
|
|
|
expect(error).to.be.null;
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should return an error with any other privilegeLevel", function(done) {
|
|
|
|
this.client.ol_context.privilege_level = "unknown";
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProject(this.client, function(error) {
|
|
|
|
error.message.should.equal("not authorized");
|
|
|
|
return done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
// check doc access for project
|
|
|
|
|
|
|
|
describe("assertClientCanViewProjectAndDoc", function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
this.doc_id = "12345";
|
|
|
|
this.callback = sinon.stub();
|
|
|
|
return this.client.ol_context = {};});
|
|
|
|
|
|
|
|
describe("when not authorised at the project level", function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
return this.client.ol_context.privilege_level = "unknown";
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should not allow access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
});
|
|
|
|
|
|
|
|
return describe("even when authorised at the doc level", function() {
|
|
|
|
beforeEach(function(done) {
|
|
|
|
return this.AuthorizationManager.addAccessToDoc(this.client, this.doc_id, done);
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should not allow access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return describe("when authorised at the project level", function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
return this.client.ol_context.privilege_level = "readOnly";
|
|
|
|
});
|
|
|
|
|
|
|
|
describe("and not authorised at the document level", () => it("should not allow access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
}));
|
|
|
|
|
|
|
|
describe("and authorised at the document level", function() {
|
|
|
|
beforeEach(function(done) {
|
|
|
|
return this.AuthorizationManager.addAccessToDoc(this.client, this.doc_id, done);
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should allow access", function() {
|
|
|
|
this.AuthorizationManager.assertClientCanViewProjectAndDoc(this.client, this.doc_id, this.callback);
|
|
|
|
return this.callback
|
2016-09-02 11:35:00 -04:00
|
|
|
.calledWith(null)
|
2020-06-23 13:29:59 -04:00
|
|
|
.should.equal(true);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return describe("when document authorisation is added and then removed", function() {
|
|
|
|
beforeEach(function(done) {
|
|
|
|
return this.AuthorizationManager.addAccessToDoc(this.client, this.doc_id, () => {
|
|
|
|
return this.AuthorizationManager.removeAccessToDoc(this.client, this.doc_id, done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should deny access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return describe("assertClientCanEditProjectAndDoc", function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
this.doc_id = "12345";
|
|
|
|
this.callback = sinon.stub();
|
|
|
|
return this.client.ol_context = {};});
|
|
|
|
|
|
|
|
describe("when not authorised at the project level", function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
return this.client.ol_context.privilege_level = "readOnly";
|
|
|
|
});
|
|
|
|
|
|
|
|
it("should not allow access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
});
|
|
|
|
|
|
|
|
return describe("even when authorised at the doc level", function() {
|
|
|
|
beforeEach(function(done) {
|
|
|
|
return this.AuthorizationManager.addAccessToDoc(this.client, this.doc_id, done);
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should not allow access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return describe("when authorised at the project level", function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
return this.client.ol_context.privilege_level = "readAndWrite";
|
|
|
|
});
|
|
|
|
|
|
|
|
describe("and not authorised at the document level", () => it("should not allow access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
}));
|
|
|
|
|
|
|
|
describe("and authorised at the document level", function() {
|
|
|
|
beforeEach(function(done) {
|
|
|
|
return this.AuthorizationManager.addAccessToDoc(this.client, this.doc_id, done);
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should allow access", function() {
|
|
|
|
this.AuthorizationManager.assertClientCanEditProjectAndDoc(this.client, this.doc_id, this.callback);
|
|
|
|
return this.callback
|
2016-09-02 11:35:00 -04:00
|
|
|
.calledWith(null)
|
2020-06-23 13:29:59 -04:00
|
|
|
.should.equal(true);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return describe("when document authorisation is added and then removed", function() {
|
|
|
|
beforeEach(function(done) {
|
|
|
|
return this.AuthorizationManager.addAccessToDoc(this.client, this.doc_id, () => {
|
|
|
|
return this.AuthorizationManager.removeAccessToDoc(this.client, this.doc_id, done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
return it("should deny access", function() {
|
|
|
|
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(this.client, this.doc_id, err => err.message.should.equal("not authorized"));
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|