overleaf/services/real-time/test/unit/js/AuthorizationManagerTests.js

319 lines
9.5 KiB
JavaScript
Raw Normal View History

/* eslint-disable
no-return-assign,
no-unused-vars,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
const { expect } = require('chai')
const sinon = require('sinon')
const SandboxedModule = require('sandboxed-module')
const path = require('path')
const modulePath = '../../../app/js/AuthorizationManager'
describe('AuthorizationManager', function () {
beforeEach(function () {
this.client = { ol_context: {} }
return (this.AuthorizationManager = SandboxedModule.require(modulePath, {
requires: {}
}))
})
describe('assertClientCanViewProject', function () {
it('should allow the readOnly privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readOnly'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
(error) => {
expect(error).to.be.null
return done()
}
)
})
it('should allow the readAndWrite privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readAndWrite'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
(error) => {
expect(error).to.be.null
return done()
}
)
})
it('should allow the owner privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'owner'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
(error) => {
expect(error).to.be.null
return done()
}
)
})
return it('should return an error with any other privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'unknown'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
(error) => {
error.message.should.equal('not authorized')
return done()
}
)
})
})
describe('assertClientCanEditProject', function () {
it('should not allow the readOnly privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readOnly'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
(error) => {
error.message.should.equal('not authorized')
return done()
}
)
})
it('should allow the readAndWrite privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readAndWrite'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
(error) => {
expect(error).to.be.null
return done()
}
)
})
it('should allow the owner privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'owner'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
(error) => {
expect(error).to.be.null
return done()
}
)
})
return it('should return an error with any other privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'unknown'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
(error) => {
error.message.should.equal('not authorized')
return done()
}
)
})
})
// check doc access for project
describe('assertClientCanViewProjectAndDoc', function () {
beforeEach(function () {
this.doc_id = '12345'
this.callback = sinon.stub()
return (this.client.ol_context = {})
})
describe('when not authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'unknown')
})
it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
return describe('even when authorised at the doc level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
})
})
return describe('when authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'readOnly')
})
describe('and not authorised at the document level', function () {
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
})
describe('and authorised at the document level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should allow access', function () {
this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
this.callback
)
return this.callback.calledWith(null).should.equal(true)
})
})
return describe('when document authorisation is added and then removed', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
() => {
return this.AuthorizationManager.removeAccessToDoc(
this.client,
this.doc_id,
done
)
}
)
})
return it('should deny access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
})
})
})
return describe('assertClientCanEditProjectAndDoc', function () {
beforeEach(function () {
this.doc_id = '12345'
this.callback = sinon.stub()
return (this.client.ol_context = {})
})
describe('when not authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'readOnly')
})
it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
return describe('even when authorised at the doc level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
})
})
return describe('when authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'readAndWrite')
})
describe('and not authorised at the document level', function () {
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
})
describe('and authorised at the document level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should allow access', function () {
this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
this.callback
)
return this.callback.calledWith(null).should.equal(true)
})
})
return describe('when document authorisation is added and then removed', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
() => {
return this.AuthorizationManager.removeAccessToDoc(
this.client,
this.doc_id,
done
)
}
)
})
return it('should deny access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
(err) => err.message.should.equal('not authorized')
)
})
})
})
})
})