mirror of
https://github.com/overleaf/overleaf.git
synced 2024-09-23 02:55:13 -04:00
61 lines
1.9 KiB
JavaScript
61 lines
1.9 KiB
JavaScript
|
const chai = require('chai')
|
||
|
const SandboxedModule = require('sandboxed-module')
|
||
|
const { expect } = chai
|
||
|
const modulePath = '../../../../app/src/Features/Helpers/AuthorizationHelper'
|
||
|
|
||
|
describe('AuthorizationHelper', function() {
|
||
|
beforeEach(function() {
|
||
|
this.AuthorizationHelper = SandboxedModule.require(modulePath, {
|
||
|
globals: {
|
||
|
console: console
|
||
|
},
|
||
|
requires: {
|
||
|
'../../models/User': {
|
||
|
UserSchema: {
|
||
|
obj: {
|
||
|
staffAccess: {
|
||
|
publisherMetrics: {},
|
||
|
publisherManagement: {},
|
||
|
institutionMetrics: {},
|
||
|
institutionManagement: {},
|
||
|
groupMetrics: {},
|
||
|
groupManagement: {},
|
||
|
adminMetrics: {}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
})
|
||
|
|
||
|
describe('hasAnyStaffAccess', function() {
|
||
|
it('with empty user', function() {
|
||
|
const user = {}
|
||
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
|
||
|
})
|
||
|
|
||
|
it('with no access user', function() {
|
||
|
const user = { isAdmin: false, staffAccess: { adminMetrics: false } }
|
||
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
|
||
|
})
|
||
|
|
||
|
it('with admin user', function() {
|
||
|
const user = { isAdmin: true }
|
||
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
|
||
|
})
|
||
|
|
||
|
it('with staff user', function() {
|
||
|
const user = { staffAccess: { adminMetrics: true, somethingElse: false } }
|
||
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
|
||
|
})
|
||
|
|
||
|
it('with non-staff user with extra attributes', function() {
|
||
|
// make sure that staffAccess attributes not declared on the model don't
|
||
|
// give user access
|
||
|
const user = { staffAccess: { adminMetrics: false, somethingElse: true } }
|
||
|
expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
|
||
|
})
|
||
|
})
|
||
|
})
|