2016-03-14 13:06:57 -04:00
|
|
|
sinon = require('sinon')
|
|
|
|
|
chai = require('chai')
|
|
|
|
|
should = chai.should()
|
|
|
|
|
expect = chai.expect
|
|
|
|
|
modulePath = "../../../../app/js/Features/Authorization/AuthorizationManager.js"
|
|
|
|
|
SandboxedModule = require('sandboxed-module')
|
2016-03-18 11:59:03 -04:00
|
|
|
Errors = require "../../../../app/js/Features/Errors/Errors.js"
|
2016-03-14 13:06:57 -04:00
|
|
|
|
|
|
|
|
describe "AuthorizationManager", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager = SandboxedModule.require modulePath, requires:
|
|
|
|
|
"../Collaborators/CollaboratorsHandler": @CollaboratorsHandler = {}
|
2018-02-15 07:18:43 -05:00
|
|
|
'../Project/ProjectGetter': @ProjectGetter = {}
|
2016-03-14 13:06:57 -04:00
|
|
|
"../../models/User": User: @User = {}
|
2016-03-18 11:59:03 -04:00
|
|
|
"../Errors/Errors": Errors
|
2017-09-27 09:01:52 -04:00
|
|
|
"../TokenAccess/TokenAccessHandler": @TokenAccessHandler = {
|
2017-10-18 08:04:37 -04:00
|
|
|
isValidToken: sinon.stub().callsArgWith(2, null, false, false)
|
2017-09-27 09:01:52 -04:00
|
|
|
}
|
2016-03-14 13:06:57 -04:00
|
|
|
@user_id = "user-id-1"
|
|
|
|
|
@project_id = "project-id-1"
|
2017-10-13 06:20:57 -04:00
|
|
|
@token = 'some-token'
|
2016-03-14 13:06:57 -04:00
|
|
|
@callback = sinon.stub()
|
|
|
|
|
|
|
|
|
|
describe "getPrivilegeLevelForProject", ->
|
|
|
|
|
beforeEach ->
|
2018-02-15 07:18:43 -05:00
|
|
|
@ProjectGetter.getProject = sinon.stub()
|
2016-03-21 13:03:31 -04:00
|
|
|
@AuthorizationManager.isUserSiteAdmin = sinon.stub()
|
2016-03-14 13:06:57 -04:00
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel = sinon.stub()
|
|
|
|
|
|
2017-10-18 10:31:03 -04:00
|
|
|
describe 'with a token-based project', ->
|
|
|
|
|
beforeEach ->
|
2018-02-15 07:18:43 -05:00
|
|
|
@ProjectGetter.getProject
|
|
|
|
|
.withArgs(@project_id, { publicAccesLevel: 1 })
|
2017-10-18 10:31:03 -04:00
|
|
|
.yields(null, { publicAccesLevel: "tokenBased" })
|
|
|
|
|
|
|
|
|
|
describe "with a user_id with a privilege level", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, false)
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, "readOnly")
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
|
|
|
|
|
|
|
|
|
it "should return the user's privilege level", ->
|
|
|
|
|
@callback.calledWith(null, "readOnly", false).should.equal true
|
|
|
|
|
|
|
|
|
|
describe "with a user_id with no privilege level", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, false)
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, false)
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
|
|
|
|
|
|
|
|
|
it "should return false", ->
|
|
|
|
|
@callback.calledWith(null, false, false).should.equal true
|
|
|
|
|
|
|
|
|
|
describe "with a user_id who is an admin", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, true)
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, false)
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
|
|
|
|
|
|
|
|
|
it "should return the user as an owner", ->
|
|
|
|
|
@callback.calledWith(null, "owner", false).should.equal true
|
|
|
|
|
|
|
|
|
|
describe "with no user (anonymous)", ->
|
|
|
|
|
|
|
|
|
|
describe 'when the token is not valid', ->
|
|
|
|
|
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@TokenAccessHandler.isValidToken = sinon.stub()
|
|
|
|
|
.withArgs(@project_id, @token)
|
|
|
|
|
.yields(null, false, false)
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject null, @project_id, @token, @callback
|
|
|
|
|
|
|
|
|
|
it "should not call CollaboratorsHandler.getMemberIdPrivilegeLevel", ->
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it "should not call AuthorizationManager.isUserSiteAdmin", ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it 'should check if the token is valid', ->
|
|
|
|
|
@TokenAccessHandler.isValidToken.calledWith(@project_id, @token).should.equal true
|
|
|
|
|
|
|
|
|
|
it "should return false", ->
|
|
|
|
|
@callback.calledWith(null, false, false).should.equal true
|
|
|
|
|
|
|
|
|
|
describe 'when the token is valid for read-and-write', ->
|
|
|
|
|
|
|
|
|
|
describe 'when read-write-sharing is not enabled', ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED = false
|
|
|
|
|
@TokenAccessHandler.isValidToken = sinon.stub()
|
|
|
|
|
.withArgs(@project_id, @token)
|
|
|
|
|
.yields(null, true, false)
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject null, @project_id, @token, @callback
|
|
|
|
|
|
|
|
|
|
it "should not call CollaboratorsHandler.getMemberIdPrivilegeLevel", ->
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it "should not call AuthorizationManager.isUserSiteAdmin", ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it 'should check if the token is valid', ->
|
|
|
|
|
@TokenAccessHandler.isValidToken.calledWith(@project_id, @token).should.equal true
|
|
|
|
|
|
|
|
|
|
it "should deny access", ->
|
|
|
|
|
@callback.calledWith(null, false, false).should.equal true
|
|
|
|
|
|
|
|
|
|
describe 'when read-write-sharing is enabled', ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@TokenAccessHandler.ANONYMOUS_READ_AND_WRITE_ENABLED = true
|
|
|
|
|
@TokenAccessHandler.isValidToken = sinon.stub()
|
|
|
|
|
.withArgs(@project_id, @token)
|
|
|
|
|
.yields(null, true, false)
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject null, @project_id, @token, @callback
|
|
|
|
|
|
|
|
|
|
it "should not call CollaboratorsHandler.getMemberIdPrivilegeLevel", ->
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it "should not call AuthorizationManager.isUserSiteAdmin", ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it 'should check if the token is valid', ->
|
|
|
|
|
@TokenAccessHandler.isValidToken.calledWith(@project_id, @token).should.equal true
|
|
|
|
|
|
|
|
|
|
it "should give read-write access", ->
|
|
|
|
|
@callback.calledWith(null, "readAndWrite", false).should.equal true
|
|
|
|
|
|
|
|
|
|
describe 'when the token is valid for read-only', ->
|
|
|
|
|
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@TokenAccessHandler.isValidToken = sinon.stub()
|
|
|
|
|
.withArgs(@project_id, @token)
|
|
|
|
|
.yields(null, false, true)
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject null, @project_id, @token, @callback
|
|
|
|
|
|
|
|
|
|
it "should not call CollaboratorsHandler.getMemberIdPrivilegeLevel", ->
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it "should not call AuthorizationManager.isUserSiteAdmin", ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.called.should.equal false
|
|
|
|
|
|
|
|
|
|
it 'should check if the token is valid', ->
|
|
|
|
|
@TokenAccessHandler.isValidToken.calledWith(@project_id, @token).should.equal true
|
|
|
|
|
|
|
|
|
|
it "should give read-only access", ->
|
|
|
|
|
@callback.calledWith(null, "readOnly", false).should.equal true
|
|
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "with a private project", ->
|
|
|
|
|
beforeEach ->
|
2018-02-15 07:18:43 -05:00
|
|
|
@ProjectGetter.getProject
|
|
|
|
|
.withArgs(@project_id, { publicAccesLevel: 1 })
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, { publicAccesLevel: "private" })
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "with a user_id with a privilege level", ->
|
|
|
|
|
beforeEach ->
|
2016-03-21 13:03:31 -04:00
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, false)
|
2016-03-14 13:06:57 -04:00
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, "readOnly")
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return the user's privilege level", ->
|
|
|
|
|
@callback.calledWith(null, "readOnly", false).should.equal true
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "with a user_id with no privilege level", ->
|
|
|
|
|
beforeEach ->
|
2016-03-21 13:03:31 -04:00
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, false)
|
2016-03-14 13:06:57 -04:00
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, false)
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", ->
|
|
|
|
|
@callback.calledWith(null, false, false).should.equal true
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-21 13:03:31 -04:00
|
|
|
describe "with a user_id who is an admin", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, true)
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, false)
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-21 13:03:31 -04:00
|
|
|
it "should return the user as an owner", ->
|
|
|
|
|
@callback.calledWith(null, "owner", false).should.equal true
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "with no user (anonymous)", ->
|
|
|
|
|
beforeEach ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject null, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should not call CollaboratorsHandler.getMemberIdPrivilegeLevel", ->
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel.called.should.equal false
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-21 13:03:31 -04:00
|
|
|
it "should not call AuthorizationManager.isUserSiteAdmin", ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.called.should.equal false
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", ->
|
|
|
|
|
@callback.calledWith(null, false, false).should.equal true
|
|
|
|
|
|
|
|
|
|
describe "with a public project", ->
|
|
|
|
|
beforeEach ->
|
2018-02-15 07:18:43 -05:00
|
|
|
@ProjectGetter.getProject
|
|
|
|
|
.withArgs(@project_id, { publicAccesLevel: 1 })
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, { publicAccesLevel: "readAndWrite" })
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "with a user_id with a privilege level", ->
|
|
|
|
|
beforeEach ->
|
2016-03-21 13:03:31 -04:00
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, false)
|
2016-03-14 13:06:57 -04:00
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, "readOnly")
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return the user's privilege level", ->
|
|
|
|
|
@callback.calledWith(null, "readOnly", false).should.equal true
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "with a user_id with no privilege level", ->
|
|
|
|
|
beforeEach ->
|
2016-03-21 13:03:31 -04:00
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, false)
|
2016-03-14 13:06:57 -04:00
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, false)
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return the public privilege level", ->
|
|
|
|
|
@callback.calledWith(null, "readAndWrite", true).should.equal true
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-21 13:03:31 -04:00
|
|
|
describe "with a user_id who is an admin", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, true)
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, false)
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-21 13:03:31 -04:00
|
|
|
it "should return the user as an owner", ->
|
|
|
|
|
@callback.calledWith(null, "owner", false).should.equal true
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "with no user (anonymous)", ->
|
|
|
|
|
beforeEach ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject null, @project_id, @token, @callback
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should not call CollaboratorsHandler.getMemberIdPrivilegeLevel", ->
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel.called.should.equal false
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-21 13:03:31 -04:00
|
|
|
it "should not call AuthorizationManager.isUserSiteAdmin", ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.called.should.equal false
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return the public privilege level", ->
|
|
|
|
|
@callback.calledWith(null, "readAndWrite", true).should.equal true
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-18 11:59:03 -04:00
|
|
|
describe "when the project doesn't exist", ->
|
|
|
|
|
beforeEach ->
|
2018-02-15 07:18:43 -05:00
|
|
|
@ProjectGetter.getProject
|
|
|
|
|
.withArgs(@project_id, { publicAccesLevel: 1 })
|
2016-03-18 11:59:03 -04:00
|
|
|
.yields(null, null)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-18 11:59:03 -04:00
|
|
|
it "should return a NotFoundError", ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject @user_id, @project_id, @token, (error) ->
|
2016-03-18 11:59:03 -04:00
|
|
|
error.should.be.instanceof Errors.NotFoundError
|
2017-03-17 10:42:07 -04:00
|
|
|
|
2017-03-27 04:57:15 -04:00
|
|
|
describe "when the project id is not valid", ->
|
2017-03-17 10:42:07 -04:00
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin.withArgs(@user_id).yields(null, false)
|
|
|
|
|
@CollaboratorsHandler.getMemberIdPrivilegeLevel
|
|
|
|
|
.withArgs(@user_id, @project_id)
|
|
|
|
|
.yields(null, "readOnly")
|
|
|
|
|
|
|
|
|
|
it "should return a error", (done)->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject undefined, "not project id", @token, (err) =>
|
2018-02-15 07:18:43 -05:00
|
|
|
@ProjectGetter.getProject.called.should.equal false
|
2017-03-17 10:42:07 -04:00
|
|
|
expect(err).to.exist
|
|
|
|
|
done()
|
|
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "canUserReadProject", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject = sinon.stub()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user is owner", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "owner", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserReadProject @user_id, @project_id, @token, (error, canRead) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canRead).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-write access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readAndWrite", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserReadProject @user_id, @project_id, @token, (error, canRead) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canRead).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-only access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readOnly", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserReadProject @user_id, @project_id, @token, (error, canRead) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canRead).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has no access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, false, false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserReadProject @user_id, @project_id, @token, (error, canRead) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canRead).to.equal false
|
|
|
|
|
done()
|
|
|
|
|
|
|
|
|
|
describe "canUserWriteProjectContent", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject = sinon.stub()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user is owner", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "owner", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectContent @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-write access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readAndWrite", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectContent @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-only access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readOnly", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectContent @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has no access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, false, false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectContent @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal false
|
|
|
|
|
done()
|
|
|
|
|
|
|
|
|
|
describe "canUserWriteProjectSettings", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject = sinon.stub()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user is owner", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "owner", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectSettings @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-write access as a collaborator", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readAndWrite", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectSettings @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-write access as the public", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readAndWrite", true)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectSettings @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-only access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readOnly", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectSettings @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has no access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, false, false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserWriteProjectSettings @user_id, @project_id, @token, (error, canWrite) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canWrite).to.equal false
|
|
|
|
|
done()
|
|
|
|
|
|
|
|
|
|
describe "canUserAdminProject", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject = sinon.stub()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user is owner", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "owner", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserAdminProject @user_id, @project_id, @token, (error, canAdmin) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canAdmin).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-write access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readAndWrite", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserAdminProject @user_id, @project_id, @token, (error, canAdmin) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canAdmin).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has read-only access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, "readOnly", false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserAdminProject @user_id, @project_id, @token, (error, canAdmin) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canAdmin).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user has no access", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@AuthorizationManager.getPrivilegeLevelForProject
|
2017-10-13 06:20:57 -04:00
|
|
|
.withArgs(@user_id, @project_id, @token)
|
2016-03-14 13:06:57 -04:00
|
|
|
.yields(null, false, false)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
2017-10-13 06:20:57 -04:00
|
|
|
@AuthorizationManager.canUserAdminProject @user_id, @project_id, @token, (error, canAdmin) ->
|
2016-03-14 13:06:57 -04:00
|
|
|
expect(canAdmin).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "isUserSiteAdmin", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@User.findOne = sinon.stub()
|
|
|
|
|
|
|
|
|
|
describe "when user is admin", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@User.findOne
|
|
|
|
|
.withArgs({ _id: @user_id }, { isAdmin: 1 })
|
|
|
|
|
.yields(null, { isAdmin: true })
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return true", (done) ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin @user_id, (error, isAdmin) ->
|
|
|
|
|
expect(isAdmin).to.equal true
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user is not admin", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@User.findOne
|
|
|
|
|
.withArgs({ _id: @user_id }, { isAdmin: 1 })
|
|
|
|
|
.yields(null, { isAdmin: false })
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin @user_id, (error, isAdmin) ->
|
|
|
|
|
expect(isAdmin).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when user is not found", ->
|
|
|
|
|
beforeEach ->
|
|
|
|
|
@User.findOne
|
|
|
|
|
.withArgs({ _id: @user_id }, { isAdmin: 1 })
|
|
|
|
|
.yields(null, null)
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
it "should return false", (done) ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin @user_id, (error, isAdmin) ->
|
|
|
|
|
expect(isAdmin).to.equal false
|
|
|
|
|
done()
|
2017-09-27 09:01:52 -04:00
|
|
|
|
2016-03-14 13:06:57 -04:00
|
|
|
describe "when no user is passed", ->
|
|
|
|
|
it "should return false", (done) ->
|
|
|
|
|
@AuthorizationManager.isUserSiteAdmin null, (error, isAdmin) =>
|
|
|
|
|
@User.findOne.called.should.equal false
|
|
|
|
|
expect(isAdmin).to.equal false
|
|
|
|
|
done()
|
