SandboxedModule = require('sandboxed-module') sinon = require('sinon') require('chai').should() modulePath = require('path').join __dirname, '../../../../app/js/Features/Security/AuthorizationManager' MockClient = require "../helpers/MockClient" describe "AuthorizationManager", -> beforeEach -> @client = new MockClient() @AuthorizationManager = SandboxedModule.require modulePath, requires: '../../managers/SecurityManager':{} describe "ensureClientCanViewProject", -> beforeEach -> @client.set("project_id", "project-id") it "should let the request through for a readOnly privilege", (done) -> @client.set("privilege_level", "readOnly") @AuthorizationManager.ensureClientCanViewProject @client, done it "should let the request through for a readAndWrite privilege", (done) -> @client.set("privilege_level", "readAndWrite") @AuthorizationManager.ensureClientCanViewProject @client, done it "should let the request through for a owner privilege", (done) -> @client.set("privilege_level", "owner") @AuthorizationManager.ensureClientCanViewProject @client, done it "should ignore an empty privilege", -> @AuthorizationManager.ensureClientCanViewProject @client, () -> throw new Error("Should not be called") describe "ensureClientCanEditProject", -> beforeEach -> @client.set("project_id", "project-id") it "should ignore a readOnly privilege", -> @client.set("privilege_level", "readOnly") @AuthorizationManager.ensureClientCanEditProject @client, () -> throw new Error("Should not be called") it "should let the request through for a readAndWrite privilege", (done) -> @client.set("privilege_level", "readAndWrite") @AuthorizationManager.ensureClientCanEditProject @client, done it "should let the request through for a owner privilege", (done) -> @client.set("privilege_level", "owner") @AuthorizationManager.ensureClientCanEditProject @client, done it "should ignore an empty privilege", -> @AuthorizationManager.ensureClientCanEditProject @client, () -> throw new Error("Should not be called") describe "ensureClientCanAdminProject", -> beforeEach -> @client.set("project_id", "project-id") it "should ignore a readOnly privilege", -> @client.set("privilege_level", "readOnly") @AuthorizationManager.ensureClientCanAdminProject @client, () -> throw new Error("Should not be called") it "should ignore a readAndWrite privilege", -> @client.set("privilege_level", "readAndWrite") @AuthorizationManager.ensureClientCanAdminProject @client, () -> throw new Error("Should not be called") it "should let the request through for a owner privilege", (done) -> @client.set("privilege_level", "owner") @AuthorizationManager.ensureClientCanAdminProject @client, done it "should ignore an empty privilege", -> @AuthorizationManager.ensureClientCanAdminProject @client, () -> throw new Error("Should not be called") describe "ensureClientHasPrivilegeLevelForProject", -> it "should ignore callback if privilege_level is not set", -> @client.set("project_id", "project-id") @AuthorizationManager.ensureClientHasPrivilegeLevelForProject @client, ["owner"], (error, project_id) -> throw new Error("Should not be called") it "should ignore callback if project_id is not set", -> @client.set("privilege_level", "owner") @AuthorizationManager.ensureClientHasPrivilegeLevelForProject @client, ["owner"], (error, project_id) -> throw new Error("Should not be called") it "should return the project_id", (done) -> @client.set("privilege_level", "owner") @client.set("project_id", "project-id-123") @AuthorizationManager.ensureClientHasPrivilegeLevelForProject @client, ["owner"], (error, project_id) -> project_id.should.equal "project-id-123" done()