UNPKG

@sanity/sdk

Version:

Sanity SDK

github.com/sanity-io/sdk/tree/main/packages/core/README.md

sanity-io/sdk

237 lines (219 loc) 8.13 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
import {type SanityDocument} from '@sanity/types' import {type ExprNode} from 'groq-js' import {describe, expect, it} from 'vitest' import {createSanityInstance} from '../store/createSanityInstance' import {getDraftId, getPublishedId} from '../utils/ids' import {evaluateSync, parse} from './_synchronous-groq-js.mjs' import {type DocumentAction} from './actions' import {calculatePermissions, createGrantsLookup, type DatasetAcl, type Grant} from './permissions' import {type SyncTransactionState} from './reducers' const instance = createSanityInstance({projectId: 'p', dataset: 'd'}) afterAll(() => { instance.dispose() }) // Helper: Create a sample document that conforms to SanityDocument. const createDoc = (id: string, title: string, rev: string = 'initial'): SanityDocument => ({ _id: id, _type: 'article', _createdAt: '2025-01-01T00:00:00.000Z', _updatedAt: '2025-01-01T00:00:00.000Z', _rev: rev, title, }) // Simple "always allow" and "always deny" expressions const alwaysAllow = parse('true') const alwaysDeny = parse('false') // Helper to create a state object const createState = ( docStates: Record<string, {local: unknown}>, grants?: Record<Grant, ExprNode>, ): SyncTransactionState => ({ documentStates: docStates as SyncTransactionState['documentStates'], grants, queued: [], applied: [], }) describe('createGrantsLookup', () => { it('should create a lookup with expressions that evaluate to true', () => { const datasetAcl: DatasetAcl = [ {filter: '_id != null', permissions: ['read', 'update', 'create', 'history']}, ] const grants = createGrantsLookup(datasetAcl) const dummyDoc = {_id: 'doc1'} ;(['read', 'update', 'create', 'history'] as Grant[]).forEach((key) => { expect(grants[key]).toBeDefined() // Evaluate the expression for the dummy document. expect(evaluateSync(grants[key], {params: {document: dummyDoc}}).get()).toBe(true) }) }) }) describe('calculatePermissions', () => { const defaultGrants = { create: alwaysAllow, update: alwaysAllow, read: alwaysAllow, history: alwaysAllow, } it('should return allowed true when no errors occur', () => { // For a document.create action, the selector expects both published and draft keys. const state = createState( { [getPublishedId('doc1')]: {local: createDoc('doc1', 'Original Title')}, [getDraftId('doc1')]: {local: null}, }, defaultGrants, ) const actions: DocumentAction[] = [ {documentId: 'doc1', type: 'document.create', documentType: 'article'}, ] const result = calculatePermissions({instance, state}, actions) expect(result).toEqual({allowed: true}) }) it('should return undefined if documents are incomplete', () => { // Missing the draft key will cause documentsSelector to return undefined. const state = createState( { [getPublishedId('doc1')]: {local: createDoc('doc1', 'Title')}, // Missing getDraftId('doc1') }, defaultGrants, ) const actions: DocumentAction[] = [ {documentId: 'doc1', type: 'document.create', documentType: 'article'}, ] expect(calculatePermissions({instance, state}, actions)).toBeUndefined() }) it('should catch PermissionActionError from processActions and return allowed false with a reason', () => { // Deny the create grant so that document.create will fail. const deniedGrants = {...defaultGrants, create: alwaysDeny} const state = createState( { [getPublishedId('doc1')]: {local: createDoc('doc1', 'Title')}, [getDraftId('doc1')]: {local: null}, }, deniedGrants, ) const actions: DocumentAction[] = [ {documentId: 'doc1', type: 'document.create', documentType: 'article'}, ] const result = calculatePermissions({instance, state}, actions) expect(result).toBeDefined() expect(result?.allowed).toBe(false) expect(result?.reasons).toEqual( expect.arrayContaining([ expect.objectContaining({ message: expect.stringContaining( 'do not have permission to create a draft for document "doc1"', ), type: 'access', documentId: 'doc1', }), ]), ) }) it('should add a precondition error for a document.edit action with no patches when document is not found', () => { // Both published and draft documents are present as null. const state = createState( { [getPublishedId('doc1')]: {local: null}, [getDraftId('doc1')]: {local: null}, }, defaultGrants, ) const actions: DocumentAction[] = [ {documentId: 'doc1', documentType: 'book', type: 'document.edit'}, ] const result = calculatePermissions({instance, state}, actions) expect(result).toBeDefined() expect(result?.allowed).toBe(false) expect(result?.reasons).toEqual( expect.arrayContaining([ expect.objectContaining({ type: 'precondition', message: expect.stringContaining('could not be found'), documentId: 'doc1', }), ]), ) }) it('should add an access error for a document.edit action with no patches when update permission is denied', () => { const deniedGrants = {...defaultGrants, update: alwaysDeny} const state = createState( { [getPublishedId('doc1')]: {local: createDoc('doc1', 'Title')}, [getDraftId('doc1')]: {local: createDoc(getDraftId('doc1'), 'Draft Title')}, }, deniedGrants, ) const actions: DocumentAction[] = [ {documentId: 'doc1', documentType: 'book', type: 'document.edit'}, ] const result = calculatePermissions({instance, state}, actions) expect(result).toBeDefined() expect(result?.allowed).toBe(false) expect(result?.reasons).toEqual( expect.arrayContaining([ expect.objectContaining({ type: 'access', message: expect.stringContaining( 'You are not allowed to edit the document with ID "doc1"', ), documentId: 'doc1', }), ]), ) }) it('should return undefined if grants are not provided', () => { const state = createState({ [getPublishedId('doc1')]: {local: createDoc('doc1', 'Title')}, [getDraftId('doc1')]: {local: null}, }) const actions: DocumentAction[] = [ {documentId: 'doc1', type: 'document.create', documentType: 'article'}, ] expect(calculatePermissions({instance, state}, actions)).toBeUndefined() }) it('should catch ActionError from processActions and return a precondition error reason', () => { // For document.delete, if the published document is missing, processActions throws an ActionError. const state = createState( { [getPublishedId('doc1')]: {local: null}, [getDraftId('doc1')]: {local: null}, }, defaultGrants, ) const actions: DocumentAction[] = [ {documentId: 'doc1', documentType: 'book', type: 'document.delete'}, ] const result = calculatePermissions({instance, state}, actions) expect(result).toBeDefined() expect(result?.allowed).toBe(false) expect(result?.reasons).toEqual( expect.arrayContaining([ expect.objectContaining({ type: 'precondition', message: expect.stringContaining('The document you are trying to delete does not exist'), documentId: 'doc1', }), ]), ) }) it('should memoize the result for identical state and actions inputs', () => { const state = createState( { [getPublishedId('doc1')]: {local: createDoc('doc1', 'Title')}, [getDraftId('doc1')]: {local: null}, }, defaultGrants, ) const action: DocumentAction = { documentId: 'doc1', type: 'document.create', documentType: 'article', } // notice how the action is a copy const result1 = calculatePermissions({instance, state}, [{...action}]) const result2 = calculatePermissions({instance, state}, [{...action}]) expect(result1).toBe(result2) }) })