UNPKG

@websolutespa/payload-plugin-bowl

Version:

Bowl PayloadCms plugin of the BOM Repository

454 lines (453 loc) 20.4 kB
import { AdminCollection, config, getTestConfig, RoleCollection, RoleFieldCollection, TenantCollection, TypeACollection, TypeBCollection } from '@/test'; import { clearContext, endUsers, getContext, users } from '@websolutespa/test/payload'; import { v4 as uuid } from 'uuid'; import { afterAll, beforeAll, describe, expect, it } from 'vitest'; import { options } from '../../options'; describe('Access', ()=>{ let payload; let client; let adminToken; let editorToken; let endUserToken; let apiKey; let testConfig; let query; beforeAll(async ()=>{ const context = await getContext(config); payload = context.payload; client = context.client; adminToken = await client.getToken('users', users.admin); editorToken = await client.getToken('users', users.editor); endUserToken = await client.getToken('end_users', endUsers.user); apiKey = users.api.apiKey; testConfig = await getTestConfig(client, adminToken); query = `?market=${testConfig.documents.market.id}&locale=${options.defaultLocale}`; }); afterAll(async ()=>{ await clearContext(); }); describe('access helpers', ()=>{ let typeADoc1; let typeADoc2; let typeBDoc; let adminDoc; let roleDoc; let fieldDoc; let tenantDoc; beforeAll(async ()=>{ // setting up test docs ({ doc: adminDoc } = await client.post(AdminCollection.slug, { name: uuid() }, { headers: { Authorization: `JWT ${adminToken}` } })); ({ doc: roleDoc } = await client.post(RoleCollection.slug, { name: uuid() }, { headers: { Authorization: `JWT ${adminToken}` } })); ({ doc: fieldDoc } = await client.post(RoleFieldCollection.slug, { AdminOnlyField: uuid(), AdminOrEditorField: uuid(), endUserOnlyField: uuid() }, { headers: { Authorization: `JWT ${adminToken}` } })); ({ doc: typeADoc1 } = await client.post(TypeACollection.slug, { id: 1, name: uuid() }, { headers: { Authorization: `JWT ${adminToken}` } })); ({ doc: typeADoc2 } = await client.post(TypeACollection.slug, { id: 2, name: uuid() }, { headers: { Authorization: `JWT ${adminToken}` } })); ({ doc: typeBDoc } = await client.post(TypeBCollection.slug, { id: 1, name: uuid() }, { headers: { Authorization: `JWT ${adminToken}` } })); ({ doc: tenantDoc } = await client.post(TenantCollection.slug, { name: uuid(), typeA: [] }, { headers: { Authorization: `JWT ${adminToken}` } })); }); describe('logged as user with role Admin', ()=>{ describe('isAdmin() helper', ()=>{ it('role Admin should be able to access doc', async ()=>{ const doc = await client.get(`/${AdminCollection.slug}/${adminDoc.id}${query}`, { headers: { Authorization: `JWT ${adminToken}` } }); expect(doc.id).toBeDefined(); }); }); describe('hasCmsRole() and hasSiteRole() helpers', ()=>{ it('role Admin should be able to access doc', async ()=>{ const doc = await client.get(`/${RoleCollection.slug}/${roleDoc.id}${query}`, { headers: { Authorization: `JWT ${adminToken}` } }); expect(doc.id).toBeDefined(); }); }); describe('field access helpers', ()=>{ it('role Admin should be able to read "AdminOnlyField"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${adminToken}` } }); expect(doc.AdminOnlyField).toBeDefined(); }); it('role Admin should be able to read "AdminOrEditorField"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${adminToken}` } }); expect(doc.AdminOrEditorField).toBeDefined(); }); it('role Admin should NOT be able to read "endUserOnlyField"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${adminToken}` } }); expect(doc.endUserOnlyField).toBeUndefined(); }); }); describe('isTenant() helper', ()=>{ it('role Admin (with no tenants assigned) should NOT be able to access tenant restricted docs', async ()=>{ try { const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, { headers: { Authorization: `JWT ${adminToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(403); } }); }); }); describe('logged as user with role Editor', ()=>{ describe('isAdmin helper', ()=>{ it('role Editor should NOT be able to access doc', async ()=>{ try { const doc = await client.get(`/${AdminCollection.slug}/${adminDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(403); } }); }); describe('isRole helper', ()=>{ it('role Editor should be able to access doc', async ()=>{ const doc = await client.get(`/${RoleCollection.slug}/${roleDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.id).toBeDefined(); }); }); describe('field access helpers', ()=>{ it('role Editor should NOT be able to read "isAdmin"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.AdminOnlyField).toBeUndefined(); }); it('role Editor should be able to read "isRole(roles.Admin, roles.Editor)"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.AdminOrEditorField).toBeDefined(); }); it('role Editor should NOT be able to read "isRole(roles.User)"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.endUserOnlyField).toBeUndefined(); }); }); describe('isTenant() helper', ()=>{ it('role Editor (with no tenants assigned) should NEVER be able to access doc', async ()=>{ try { const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(403); } }); it('role Editor (with no tenants assigned) should NOT be able to access any tenant', async ()=>{ try { const doc = await client.get(`/${TypeACollection.slug}/${typeADoc1.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(403); } }); it('role Editor (with typeADoc1 assigned) should be able to access typeADoc1', async ()=>{ await payload.update({ collection: options.slug.users, where: { roles: { contains: options.roles.Editor } }, data: { tenants: [ { relationTo: TypeACollection.slug, value: typeADoc1.id } ] } }); const doc = await client.get(`/${TypeACollection.slug}/${typeADoc1.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.id).toBeDefined(); }); it('role Editor (with typeADoc1 assigned) should NOT be able to access typeADoc2', async ()=>{ await payload.update({ collection: options.slug.users, where: { roles: { contains: options.roles.Editor } }, data: { tenants: [ { relationTo: TypeACollection.slug, value: typeADoc1.id } ] } }); try { const doc = await client.get(`/${TypeACollection.slug}/${typeADoc2.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(404); } }); it('role Editor (with typeADoc1 assigned) should NOT be able to access typeBDoc', async ()=>{ try { const doc = await client.get(`/${TypeBCollection.slug}/${typeBDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(404); } }); it('role Editor (with any tenants assigned) should be able to access doc (with no tenants assigned)', async ()=>{ const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.id).toBeDefined(); }); it('role Editor (with typeADoc1 assigned) should be able to access doc (with typeADoc1 assigned)', async ()=>{ await payload.update({ collection: TenantCollection.slug, id: tenantDoc.id, data: { typeA: [ typeADoc1.id ] } }); const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.id).toBeDefined(); }); it('role Editor (with typeADoc1 assigned) should NOT be able to access doc (with typeADoc2 assigned)', async ()=>{ await payload.update({ collection: TenantCollection.slug, id: tenantDoc.id, data: { typeA: [ typeADoc2.id ] } }); try { const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(404); } }); it('role Editor (with typeADoc1) should be able to access doc (with typeADoc1 and typeADoc2 assigned)', async ()=>{ await payload.update({ collection: TenantCollection.slug, id: tenantDoc.id, data: { typeA: [ typeADoc1.id, typeADoc2.id ] } }); const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.id).toBeDefined(); }); it('role Editor (with typeADoc1 and typeADoc2 assigned) should be able to access doc (with typeADoc1 and tenantDoc_id21_type1 assigned)', async ()=>{ await payload.update({ collection: options.slug.users, where: { roles: { contains: options.roles.Editor } }, data: { tenants: [ { relationTo: TypeACollection.slug, value: typeADoc1.id }, { relationTo: TypeACollection.slug, value: typeADoc2.id } ] } }); const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, { headers: { Authorization: `JWT ${editorToken}` } }); expect(doc.id).toBeDefined(); }); }); }); describe('logged as endUser with role User', ()=>{ describe('isAdmin helper', ()=>{ it('role User should NOT be able to access doc', async ()=>{ try { const doc = await client.get(`/${AdminCollection.slug}/${adminDoc.id}${query}`, { headers: { Authorization: `JWT ${endUserToken}` } }); expect(doc).toBeUndefined(); } catch (error) { expect(error).toBeDefined(); expect(error.status).toBe(403); } }); }); describe('isRole helper', ()=>{ it('role User should be able to access doc', async ()=>{ const doc = await client.get(`/${RoleCollection.slug}/${roleDoc.id}${query}`, { headers: { Authorization: `JWT ${endUserToken}` } }); expect(doc.id).toBeDefined(); }); }); describe('field access helpers', ()=>{ it('role User should NOT be able to read "isAdmin"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${endUserToken}` } }); expect(doc.AdminOnlyField).toBeUndefined(); }); it('role User should NOT be able to read "isRole(roles.Admin, roles.Editor)"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${endUserToken}` } }); expect(doc.AdminOrEditorField).toBeUndefined(); }); it('role User should be able to read "isRole(roles.User)"', async ()=>{ const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, { headers: { Authorization: `JWT ${endUserToken}` } }); expect(doc.endUserOnlyField).toBeDefined(); }); }); }); }); }); //# sourceMappingURL=access.test.js.map