overleaf/services/real-time/test/unit/coffee/AuthorizationManagerTests.coffee

chai = require "chai"
chai.should()
expect = chai.expect
sinon = require("sinon")
SandboxedModule = require('sandboxed-module')
path = require "path"
modulePath = '../../../app/js/AuthorizationManager'

describe 'AuthorizationManager', ->
	beforeEach ->
		@client =
			params: {}
			get: (param, cb) -> cb null, @params[param]
		@AuthorizationManager = SandboxedModule.require modulePath, requires: {}

	describe "assertClientCanViewProject", ->
		it "should allow the readOnly privilegeLevel", (done) ->
			@client.params.privilege_level = "readOnly"
			@AuthorizationManager.assertClientCanViewProject @client, (error) ->
				expect(error).to.be.null
				done()
	
		it "should allow the readAndWrite privilegeLevel", (done) ->
			@client.params.privilege_level = "readAndWrite"
			@AuthorizationManager.assertClientCanViewProject @client, (error) ->
				expect(error).to.be.null
				done()
				
		it "should allow the owner privilegeLevel", (done) ->
			@client.params.privilege_level = "owner"
			@AuthorizationManager.assertClientCanViewProject @client, (error) ->
				expect(error).to.be.null
				done()
				
		it "should return an error with any other privilegeLevel", (done) ->
			@client.params.privilege_level = "unknown"
			@AuthorizationManager.assertClientCanViewProject @client, (error) ->
				error.message.should.equal "not authorized"
				done()

	describe "assertClientCanEditProject", ->
		it "should not allow the readOnly privilegeLevel", (done) ->
			@client.params.privilege_level = "readOnly"
			@AuthorizationManager.assertClientCanEditProject @client, (error) ->
				error.message.should.equal "not authorized"
				done()
	
		it "should allow the readAndWrite privilegeLevel", (done) ->
			@client.params.privilege_level = "readAndWrite"
			@AuthorizationManager.assertClientCanEditProject @client, (error) ->
				expect(error).to.be.null
				done()
				
		it "should allow the owner privilegeLevel", (done) ->
			@client.params.privilege_level = "owner"
			@AuthorizationManager.assertClientCanEditProject @client, (error) ->
				expect(error).to.be.null
				done()
				
		it "should return an error with any other privilegeLevel", (done) ->
			@client.params.privilege_level = "unknown"
			@AuthorizationManager.assertClientCanEditProject @client, (error) ->
				error.message.should.equal "not authorized"
				done()
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`chai = require "chai"`
			`chai.should()`
			`expect = chai.expect`
			`sinon = require("sinon")`
			`SandboxedModule = require('sandboxed-module')`
			`path = require "path"`
			`modulePath = '../../../app/js/AuthorizationManager'`

			`describe 'AuthorizationManager', ->`
			`beforeEach ->`
			`@client =`
			`params: {}`
			`get: (param, cb) -> cb null, @params[param]`
			`@AuthorizationManager = SandboxedModule.require modulePath, requires: {}`

			`describe "assertClientCanViewProject", ->`
			`it "should allow the readOnly privilegeLevel", (done) ->`
			`@client.params.privilege_level = "readOnly"`
			`@AuthorizationManager.assertClientCanViewProject @client, (error) ->`
			`expect(error).to.be.null`
			`done()`

			`it "should allow the readAndWrite privilegeLevel", (done) ->`
			`@client.params.privilege_level = "readAndWrite"`
			`@AuthorizationManager.assertClientCanViewProject @client, (error) ->`
			`expect(error).to.be.null`
			`done()`

			`it "should allow the owner privilegeLevel", (done) ->`
			`@client.params.privilege_level = "owner"`
			`@AuthorizationManager.assertClientCanViewProject @client, (error) ->`
			`expect(error).to.be.null`
			`done()`

			`it "should return an error with any other privilegeLevel", (done) ->`
			`@client.params.privilege_level = "unknown"`
			`@AuthorizationManager.assertClientCanViewProject @client, (error) ->`
Add appltOtUpdate end point (sans acceptance tests for now) 2014-11-13 12:07:05 -05:00			`error.message.should.equal "not authorized"`
			`done()`

			`describe "assertClientCanEditProject", ->`
			`it "should not allow the readOnly privilegeLevel", (done) ->`
			`@client.params.privilege_level = "readOnly"`
			`@AuthorizationManager.assertClientCanEditProject @client, (error) ->`
			`error.message.should.equal "not authorized"`
			`done()`

			`it "should allow the readAndWrite privilegeLevel", (done) ->`
			`@client.params.privilege_level = "readAndWrite"`
			`@AuthorizationManager.assertClientCanEditProject @client, (error) ->`
			`expect(error).to.be.null`
			`done()`

			`it "should allow the owner privilegeLevel", (done) ->`
			`@client.params.privilege_level = "owner"`
			`@AuthorizationManager.assertClientCanEditProject @client, (error) ->`
			`expect(error).to.be.null`
			`done()`

			`it "should return an error with any other privilegeLevel", (done) ->`
			`@client.params.privilege_level = "unknown"`
			`@AuthorizationManager.assertClientCanEditProject @client, (error) ->`
Create joinDoc socket.io end point 2014-11-12 10:54:55 -05:00			`error.message.should.equal "not authorized"`
			`done()`