UNPKG

@bdelab/roar-firekit

Version:

A library to facilitate Firebase authentication and Cloud Firestore interaction for ROAR apps

github.com/yeatmanlab/roar-firekit

yeatmanlab/roar-firekit

100 lines (99 loc) • 6.48 kB

JavaScript

"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); const permissions_service_1 = require("./permissions.service"); const permissions_1 = require("../constants/permissions"); const user_roles_1 = require("../constants/user-roles"); const roles_1 = require("../constants/roles"); const MOCK_ADMIN_TOKEN = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJSUE1fVGVzdF9Ub2tlbiIsImlhdCI6MTc0MDU5NTg5MywiZXhwIjoxNzcyMTMxOTAzLCJhdWQiOiJyb2FyLmVkdWNhdGlvbiIsInN1YiI6InRlc3RUb2tlbkFkbWluIiwicm9sZSI6ImFkbWluIn0.x_WFnnQCFD4M-9f77X3QzGSpq_SynUC6yhIKbW1QfBY'; const MOCK_STUDENT_TOKEN = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJSUE1fVGVzdF9Ub2tlbiIsImlhdCI6MTc0MDU5NTM2NywiZXhwIjoxNzcyMTMxMzY3LCJhdWQiOiJyb2FyLmVkdWNhdGlvbiIsInN1YiI6InRlc3RUb2tlblN0dWRlbnQiLCJyb2xlIjoic3R1ZGVudCJ9.MpD5OOc7ekmPPOWSoWNW2X0MKuiftX8osSdGpgTT00Y'; const MOCK_PLATFORM_ADMIN_TOKEN = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJSUE1fVGVzdF9Ub2tlbiIsImlhdCI6MTc0MDU5NTg5MywiZXhwIjoxNzcyMTMxOTAzLCJhdWQiOiJyb2FyLmVkdWNhdGlvbiIsInN1YiI6InRlc3RUb2tlblBsYXRmb3JtQWRtaW4iLCJyb2xlIjoicGxhdGZvcm1fYWRtaW4ifQ.64xpaXChNVicuDrJzqXqiBrf3Xx03129DJ5S7US7vk0'; const MOCK_SUPER_ADMIN_TOKEN = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJSUE1fVGVzdF9Ub2tlbiIsImlhdCI6MTc0MDU5NTg5MywiZXhwIjoxNzcyMTMxOTAzLCJhdWQiOiJyb2FyLmVkdWNhdGlvbiIsInN1YiI6InRlc3RUb2tlblN1cGVyQWRtaW4iLCJyb2xlIjoic3VwZXJfYWRtaW4ifQ.K0crV-sD5twhTrrsq4HnRgEZRlKMuTftmJmRRvS7SN4'; const NO_ROLE_TOKEN = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJST0FSIFBlcm1pc3Npb25zIE1hbmFnZXIiLCJpYXQiOjE3NDE5ODI1OTAsImV4cCI6MTc3MzUxODU5MCwiYXVkIjoicm9hci5lZHVjYXRpb24iLCJzdWIiOiJUb2tlbiBmb3IgUlBNIHVuaXQgdGVzdHMifQ.-sKjiDioIfIpVYSZvM7wWXLmIwKb_NUUfG83IOSwNhI'; describe('canUser', () => { it('Students can only take actions in their permissions set', () => { const permissions = roles_1.roles[user_roles_1.UserRoles.STUDENT].permissions.map((permission) => { return { action: permission, expected: true }; }); permissions.push({ action: permissions_1.Permissions.Users.UPDATE, expected: false }, { action: 'test.fake.permission', expected: false }); for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser(MOCK_STUDENT_TOKEN, action.action); expect(canTakeAction).toBe(action.expected); } }); it('Admins can only take actions in their permission set', () => { const permissions = roles_1.roles[user_roles_1.UserRoles.ADMIN].permissions.map((permission) => { return { action: permission, expected: true }; }); permissions.push({ action: permissions_1.Permissions.Users.CREATE, expected: false }, { action: 'test.fake.permission', expected: false }); for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser(MOCK_ADMIN_TOKEN, action.action); expect(canTakeAction).toBe(action.expected); } }); it('Platform admins can take actions in their permission set', () => { const permissions = roles_1.roles[user_roles_1.UserRoles.PLATFORM_ADMIN].permissions.map((permission) => { return { action: permission, expected: true }; }); permissions.push({ action: 'test.fake.permission', expected: false }); for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser(MOCK_PLATFORM_ADMIN_TOKEN, action.action); expect(canTakeAction).toBe(action.expected); } }); it('Super admins can take all actions', () => { const permissions = roles_1.roles[user_roles_1.UserRoles.SUPER_ADMIN].permissions.map((permission) => { return { action: permission, expected: true }; }); // super_admins are also subject to permissions that do not exist. // This ensures that invalid permissions are not introduced. permissions.push({ action: 'test.fake.permission', expected: false }); for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser(MOCK_SUPER_ADMIN_TOKEN, action.action); expect(canTakeAction).toBe(action.expected); } }); it('Returns false for invalid permissions', () => { const permissions = [ { action: 'test.fake.permission', expected: false }, { action: 'users.false', expected: false }, ]; for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser(MOCK_ADMIN_TOKEN, action.action); expect(canTakeAction).toBe(action.expected); } }); it('Handles any case of permissions properly', () => { const permissions = [ { action: 'users.LIST', expected: false }, { action: 'uSERs.list', expected: false }, { action: 'users.liST', expected: false }, { action: 'USERS.LIST', expected: false }, ]; for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser(MOCK_ADMIN_TOKEN, action.action); expect(canTakeAction).toBe(action.expected); } }); it('Handles invalid tokens properly', () => { // In the case of an invalid token, the function should assume the GUEST role. const permissions = [ { action: permissions_1.Permissions.Users.LIST, expected: false }, { action: permissions_1.Permissions.Administrations.LIST, expected: false }, ]; for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser('invalid_token', action.action); expect(canTakeAction).toBe(action.expected); } }); it('Handles tokens with no role property', () => { // In the case of an invalid token, the function should assume the GUEST role. const permissions = [ { action: permissions_1.Permissions.Users.LIST, expected: false }, { action: permissions_1.Permissions.Administrations.LIST, expected: false }, ]; for (const action of permissions) { const canTakeAction = permissions_service_1.PermissionsService.canUser(NO_ROLE_TOKEN, action.action); expect(canTakeAction).toBe(action.expected); } }); });