overleaf/services/real-time/test/unit/js/AuthorizationManagerTests.js
Antoine Clausse 7f48c67512 Add prefer-node-protocol ESLint rule (#21532)
* Add `unicorn/prefer-node-protocol`

* Fix `unicorn/prefer-node-protocol` ESLint errors

* Run `npm run format:fix`

* Add sandboxed-module sourceTransformers in mocha setups

Fix `no such file or directory, open 'node:fs'` in `sandboxed-module`

* Remove `node:` in the SandboxedModule requires

* Fix new linting errors with `node:`

GitOrigin-RevId: 68f6e31e2191fcff4cb8058dd0a6914c14f59926
2024-11-11 09:04:51 +00:00

318 lines
9.4 KiB
JavaScript

/* eslint-disable
no-return-assign,
no-unused-vars,
*/
// TODO: This file was created by bulk-decaffeinate.
// Fix any style issues and re-enable lint.
/*
* decaffeinate suggestions:
* DS102: Remove unnecessary code created because of implicit returns
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
*/
const { expect } = require('chai')
const sinon = require('sinon')
const SandboxedModule = require('sandboxed-module')
const path = require('node:path')
const modulePath = '../../../app/js/AuthorizationManager'
describe('AuthorizationManager', function () {
beforeEach(function () {
this.client = { ol_context: {} }
return (this.AuthorizationManager = SandboxedModule.require(modulePath, {
requires: {},
}))
})
describe('assertClientCanViewProject', function () {
it('should allow the readOnly privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readOnly'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
error => {
expect(error).to.be.null
return done()
}
)
})
it('should allow the readAndWrite privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readAndWrite'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
error => {
expect(error).to.be.null
return done()
}
)
})
it('should allow the owner privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'owner'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
error => {
expect(error).to.be.null
return done()
}
)
})
return it('should return an error with any other privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'unknown'
return this.AuthorizationManager.assertClientCanViewProject(
this.client,
error => {
error.message.should.equal('not authorized')
return done()
}
)
})
})
describe('assertClientCanEditProject', function () {
it('should not allow the readOnly privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readOnly'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
error => {
error.message.should.equal('not authorized')
return done()
}
)
})
it('should allow the readAndWrite privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'readAndWrite'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
error => {
expect(error).to.be.null
return done()
}
)
})
it('should allow the owner privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'owner'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
error => {
expect(error).to.be.null
return done()
}
)
})
return it('should return an error with any other privilegeLevel', function (done) {
this.client.ol_context.privilege_level = 'unknown'
return this.AuthorizationManager.assertClientCanEditProject(
this.client,
error => {
error.message.should.equal('not authorized')
return done()
}
)
})
})
// check doc access for project
describe('assertClientCanViewProjectAndDoc', function () {
beforeEach(function () {
this.doc_id = '12345'
this.callback = sinon.stub()
return (this.client.ol_context = {})
})
describe('when not authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'unknown')
})
it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
return describe('even when authorised at the doc level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
})
})
return describe('when authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'readOnly')
})
describe('and not authorised at the document level', function () {
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
})
describe('and authorised at the document level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should allow access', function () {
this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
this.callback
)
return this.callback.calledWith(null).should.equal(true)
})
})
return describe('when document authorisation is added and then removed', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
() => {
return this.AuthorizationManager.removeAccessToDoc(
this.client,
this.doc_id,
done
)
}
)
})
return it('should deny access', function () {
return this.AuthorizationManager.assertClientCanViewProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
})
})
})
return describe('assertClientCanEditProjectAndDoc', function () {
beforeEach(function () {
this.doc_id = '12345'
this.callback = sinon.stub()
return (this.client.ol_context = {})
})
describe('when not authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'readOnly')
})
it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
return describe('even when authorised at the doc level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
})
})
return describe('when authorised at the project level', function () {
beforeEach(function () {
return (this.client.ol_context.privilege_level = 'readAndWrite')
})
describe('and not authorised at the document level', function () {
return it('should not allow access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
})
describe('and authorised at the document level', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
done
)
})
return it('should allow access', function () {
this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
this.callback
)
return this.callback.calledWith(null).should.equal(true)
})
})
return describe('when document authorisation is added and then removed', function () {
beforeEach(function (done) {
return this.AuthorizationManager.addAccessToDoc(
this.client,
this.doc_id,
() => {
return this.AuthorizationManager.removeAccessToDoc(
this.client,
this.doc_id,
done
)
}
)
})
return it('should deny access', function () {
return this.AuthorizationManager.assertClientCanEditProjectAndDoc(
this.client,
this.doc_id,
err => err.message.should.equal('not authorized')
)
})
})
})
})
})