@incdevco/framework
Version:
node.js lambda framework
185 lines (104 loc) • 3.86 kB
JavaScript
var Expect = require('chai').expect;
var Mock = require('../mock');
var Acl = require('./index');
var Rule = require('./rule');
describe('application acl', function () {
'use strict';
var acl, event, expected, mock;
beforeEach(function () {
acl = new Acl();
event = {
roles: []
};
expected = 'expected';
mock = new Mock();
});
describe('allow', function() {
it('should convert resources and privileges to array', function () {
acl.allow('role', 'resource', 'privilege');
Expect(acl.rules['resource']['privilege']).to.be.ok;
});
it('should not convert resources and privileges to array if already an array', function () {
acl.allow('role', ['resource'], ['privilege']);
Expect(acl.rules['resource']['privilege']).to.be.ok;
});
});
describe('isAllowed', function() {
it('should resolve with wildcard resource and privilege rule', function(done) {
acl.allow('test', '*', '*');
event.roles.push('test');
acl.isAllowed(event, 'resource', 'privilege')
.then(function() {
done();
})
.catch(done);
});
it('should resolve with resource and privilege rule', function(done) {
acl.allow('test', 'resource', 'privilege');
event.roles.push('test');
acl.isAllowed(event, 'resource', 'privilege')
.then(function() {
done();
})
.catch(done);
});
it('should reject with wildcard resource and actual privilege rule', function(done) {
acl.allow('test', '*', 'test');
event.roles.push('test');
acl.isAllowed(event, 'resource', 'test')
.then(function() {
done();
})
.catch(done);
});
it('should reject with "Not Allowed" error', function (done) {
acl.isAllowed(event, 'resource', 'privilege')
.then(function () {
throw new Error('resolved');
})
.catch(function (exception) {
Expect(exception.message).to.equal('Not Allowed', 'exception.message');
done();
})
.catch(done);
});
it('should reject when no rules are found', function (done) {
acl.isAllowed(event, 'resource', 'privilege')
.then(function () {
throw new Error('resolved');
})
.catch(function(exception) {
Expect(exception.message).to.equal('Not Allowed', 'exception.message');
done();
})
.catch(done);
});
it('should reject when no rules are found for privilege', function (done) {
acl.allow('role','user','test');
acl.isAllowed(event, 'user', 'privilege')
.then(function () {
throw new Error('resolved');
})
.catch(function(exception) {
Expect(exception.message).to.equal('Not Allowed', 'exception.message');
done();
})
.catch(done);
});
});
describe('Rule', function() {
it('should call assertion', function (done) {
var assertion = {}, resource, rule, privilege;
event.roles.push('role');
mock.mock(assertion).expect('assert')
.with(event, resource, privilege, context)
.willResolve(true);
rule = new Rule('role', assertion.assert);
rule.isAllowed(event, resource, privilege, context)
.then(function () {
mock.done(done);
})
.catch(done);
});
});
});