github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2390 from overleaf/ta-metrics-tests-move

Browse source 
Move Metrics Acceptance Tests

GitOrigin-RevId: ac789ef9157615b89b1d63f28a2be090df5b62a8
This commit is contained in:
Eric Mc Sween 2019-11-21 07:43:07 -05:00 committed by sharelatex
parent df6d0625f1
commit c419918e60
1 changed files with 1 additions and 289 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

290
services/web/test/acceptance/src/UserMembershipAuthorizationTests.js
View file

@ -1,11 +1,9 @@
const { expect } = require('chai')
const async = require('async')
const { ObjectId } = require('../../../app/src/infrastructure/mongojs')
const User = require('./helpers/User')
const Institution = require('./helpers/Institution')
const Subscription = require('./helpers/Subscription')
const Publisher = require('./helpers/Publisher')
const MockV1Api = require('./helpers/MockV1Api')
describe('UserMembershipAuthorization', function() {
beforeEach(function(done) {
@ -13,36 +11,6 @@ describe('UserMembershipAuthorization', function() {
async.series([this.user.ensureUserExists.bind(this.user)], done)
})
describe('team', function() {
beforeEach(function(done) {
this.subscription = new Subscription({
groupPlan: true,
overleaf: { id: 123 }
})
async.series(
[
this.subscription.ensureExists.bind(this.subscription),
cb => this.user.login(cb)
],
done
)
})
describe('metrics', function() {
it('should allow managers only', function(done) {
const url = `/metrics/teams/123`
async.series(
[
expectAccess(this.user, url, 403),
cb => this.subscription.setManagerIds([this.user._id], cb),
expectAccess(this.user, url, 200)
],
done
)
})
})
})
describe('group', function() {
beforeEach(function(done) {
this.subscription = new Subscription({
@ -71,25 +39,6 @@ describe('UserMembershipAuthorization', function() {
})
})
describe('metrics', function() {
it('should allow managers only', function(done) {
const url = `/metrics/groups/${this.subscription._id}`
async.series(
[
expectAccess(this.user, url, 403),
cb => this.subscription.setManagerIds([this.user._id], cb),
expectAccess(this.user, url, 200)
],
done
)
})
it('should handle groups not found', function(done) {
const url = `/metrics/groups/${ObjectId()}`
async.series([expectAccess(this.user, url, 404)], done)
})
})
describe('managers management', function() {
it('should allow managers only', function(done) {
const url = `/manage/groups/${this.subscription._id}/managers`
@ -111,52 +60,6 @@ describe('UserMembershipAuthorization', function() {
async.series([this.institution.ensureExists.bind(this.institution)], done)
})
describe('metrics', function() {
it('should allow users with staff access', function(done) {
const url = `/metrics/institutions/${this.institution.v1Id}`
async.series(
[
cb => this.user.ensureStaffAccess('institutionMetrics', cb),
this.user.login.bind(this.user),
expectAccess(this.user, url, 200)
],
done
)
})
it('should allow admins', function(done) {
const url = `/metrics/institutions/${this.institution.v1Id}`
async.series(
[
this.user.ensureAdmin.bind(this.user),
this.user.login.bind(this.user),
expectAccess(this.user, url, 200)
],
done
)
})
it('should allow managers', function(done) {
const url = `/metrics/institutions/${this.institution.v1Id}`
async.series(
[
this.user.login.bind(this.user),
cb => this.institution.setManagerIds([this.user._id], cb),
expectAccess(this.user, url, 200)
],
done
)
})
it('should not allow users without access', function(done) {
const url = `/metrics/institutions/${this.institution.v1Id}`
async.series(
[this.user.login.bind(this.user), expectAccess(this.user, url, 403)],
done
)
})
})
describe('users management', function() {
it('should allow managers only', function(done) {
const url = `/manage/institutions/${this.institution.v1Id}/managers`
@ -172,21 +75,6 @@ describe('UserMembershipAuthorization', function() {
})
})
describe('hub', function() {
it('should allow managers only', function(done) {
const url = `/institutions/${this.institution.v1Id}/hub`
async.series(
[
this.user.login.bind(this.user),
expectAccess(this.user, url, 403),
cb => this.institution.setManagerIds([this.user._id], cb),
expectAccess(this.user, url, 200)
],
done
)
})
})
describe('creation', function() {
it('should allow staff only', function(done) {
const url = `/entities/institution/create/foo`
@ -216,20 +104,6 @@ describe('UserMembershipAuthorization', function() {
)
})
describe('conversion metrics', function() {
it('should allow managers only', function(done) {
const url = `/metrics/conversions/${this.publisher.slug}`
async.series(
[
expectAccess(this.user, url, 403),
cb => this.publisher.setManagerIds([this.user._id], cb),
expectAccess(this.user, url, 200)
],
done
)
})
})
describe('managers management', function() {
it('should allow managers only', function(done) {
const url = `/manage/publishers/${this.publisher.slug}/managers`
@ -246,7 +120,7 @@ describe('UserMembershipAuthorization', function() {
describe('creation', function() {
it('should redirect staff only', function(done) {
const url = `/publishers/foo/hub`
const url = `/manage/publishers/foo/managers`
async.series(
[
this.user.login.bind(this.user),
@ -273,168 +147,6 @@ describe('UserMembershipAuthorization', function() {
})
})
})
describe('template', function() {
beforeEach(function(done) {
this.publisher = new Publisher({})
async.series(
[
this.publisher.ensureExists.bind(this.publisher),
cb => this.user.login(cb)
],
done
)
})
it('allow publisher managers only', function(done) {
MockV1Api.setTemplates({
123: {
id: 123,
title: '123 title',
brand: { slug: this.publisher.slug }
}
})
const url = '/metrics/templates/123'
async.series(
[
expectAccess(this.user, url, 403),
cb => this.publisher.setManagerIds([this.user._id], cb),
expectAccess(this.user, url, 200)
],
done
)
})
it('handle templates without publisher', function(done) {
MockV1Api.setTemplates({
456: {
id: 456,
title: '456 title',
brand: { slug: null }
}
})
const url = '/metrics/templates/456'
async.series(
[
expectAccess(this.user, url, 403),
this.user.ensureAdmin.bind(this.user),
this.user.login.bind(this.user),
expectAccess(this.user, url, 200)
],
done
)
})
it('handle templates not found', function(done) {
const url = '/metrics/templates/789'
async.series(
[
this.user.ensureAdmin.bind(this.user),
this.user.login.bind(this.user),
expectAccess(this.user, url, 404)
],
done
)
})
})
describe('graph', function() {
describe('admin', function() {
it('allow admins only', function(done) {
const url = '/graphs/foo?resource_type=admin'
async.series(
[
this.user.login.bind(this.user),
expectAccess(this.user, url, 403),
this.user.ensureAdmin.bind(this.user),
this.user.login.bind(this.user),
expectAccess(this.user, url, 200)
],
done
)
})
it('handle missing resource type', function(done) {
const url = '/graphs/foo'
expectAccess(this.user, url, 404)(done)
})
it('handle incorrect resource type', function(done) {
const url = '/graphs/foo?resource_type=evil'
expectAccess(this.user, url, 404)(done)
})
})
describe('template', function() {
beforeEach(function(done) {
this.publisher = new Publisher({})
async.series(
[
this.publisher.ensureExists.bind(this.publisher),
cb => this.user.login(cb)
],
done
)
})
it('get template graphs', function(done) {
MockV1Api.setTemplates({
123: {
id: 123,
title: '123 title',
brand: { slug: this.publisher.slug }
}
})
const url = '/graphs/foo?resource_type=template&resource_id=123'
async.series(
[
this.user.ensureAdmin.bind(this.user),
this.user.login.bind(this.user),
expectAccess(this.user, url, 200)
],
done
)
})
})
})
describe('admin metrics', function() {
it('should not allow anonymous users', function(done) {
expectAccess(this.user, '/metrics/admin', 302, /\/login/)(done)
})
it('should not allow all users', function(done) {
async.series(
[
this.user.login.bind(this.user),
expectAccess(this.user, '/metrics/admin', 403)
],
done
)
})
it('should allow admin users', function(done) {
async.series(
[
this.user.ensureAdmin.bind(this.user),
this.user.login.bind(this.user),
expectAccess(this.user, '/metrics/admin', 200)
],
done
)
})
it('should allow users with staff access', function(done) {
async.series(
[
cb => this.user.ensureStaffAccess('adminMetrics', cb),
this.user.login.bind(this.user),
expectAccess(this.user, '/metrics/admin', 200)
],
done
)
})
})
})
function expectAccess(user, url, status, pattern) {