@websolutespa/payload-plugin-bowl
Version:
Bowl PayloadCms plugin of the BOM Repository
454 lines (453 loc) • 20.4 kB
JavaScript
import { AdminCollection, config, getTestConfig, RoleCollection, RoleFieldCollection, TenantCollection, TypeACollection, TypeBCollection } from '@/test';
import { clearContext, endUsers, getContext, users } from '@websolutespa/test/payload';
import { v4 as uuid } from 'uuid';
import { afterAll, beforeAll, describe, expect, it } from 'vitest';
import { options } from '../../options';
describe('Access', ()=>{
let payload;
let client;
let adminToken;
let editorToken;
let endUserToken;
let apiKey;
let testConfig;
let query;
beforeAll(async ()=>{
const context = await getContext(config);
payload = context.payload;
client = context.client;
adminToken = await client.getToken('users', users.admin);
editorToken = await client.getToken('users', users.editor);
endUserToken = await client.getToken('end_users', endUsers.user);
apiKey = users.api.apiKey;
testConfig = await getTestConfig(client, adminToken);
query = `?market=${testConfig.documents.market.id}&locale=${options.defaultLocale}`;
});
afterAll(async ()=>{
await clearContext();
});
describe('access helpers', ()=>{
let typeADoc1;
let typeADoc2;
let typeBDoc;
let adminDoc;
let roleDoc;
let fieldDoc;
let tenantDoc;
beforeAll(async ()=>{
// setting up test docs
({ doc: adminDoc } = await client.post(AdminCollection.slug, {
name: uuid()
}, {
headers: {
Authorization: `JWT ${adminToken}`
}
}));
({ doc: roleDoc } = await client.post(RoleCollection.slug, {
name: uuid()
}, {
headers: {
Authorization: `JWT ${adminToken}`
}
}));
({ doc: fieldDoc } = await client.post(RoleFieldCollection.slug, {
AdminOnlyField: uuid(),
AdminOrEditorField: uuid(),
endUserOnlyField: uuid()
}, {
headers: {
Authorization: `JWT ${adminToken}`
}
}));
({ doc: typeADoc1 } = await client.post(TypeACollection.slug, {
id: 1,
name: uuid()
}, {
headers: {
Authorization: `JWT ${adminToken}`
}
}));
({ doc: typeADoc2 } = await client.post(TypeACollection.slug, {
id: 2,
name: uuid()
}, {
headers: {
Authorization: `JWT ${adminToken}`
}
}));
({ doc: typeBDoc } = await client.post(TypeBCollection.slug, {
id: 1,
name: uuid()
}, {
headers: {
Authorization: `JWT ${adminToken}`
}
}));
({ doc: tenantDoc } = await client.post(TenantCollection.slug, {
name: uuid(),
typeA: []
}, {
headers: {
Authorization: `JWT ${adminToken}`
}
}));
});
describe('logged as user with role Admin', ()=>{
describe('isAdmin() helper', ()=>{
it('role Admin should be able to access doc', async ()=>{
const doc = await client.get(`/${AdminCollection.slug}/${adminDoc.id}${query}`, {
headers: {
Authorization: `JWT ${adminToken}`
}
});
expect(doc.id).toBeDefined();
});
});
describe('hasCmsRole() and hasSiteRole() helpers', ()=>{
it('role Admin should be able to access doc', async ()=>{
const doc = await client.get(`/${RoleCollection.slug}/${roleDoc.id}${query}`, {
headers: {
Authorization: `JWT ${adminToken}`
}
});
expect(doc.id).toBeDefined();
});
});
describe('field access helpers', ()=>{
it('role Admin should be able to read "AdminOnlyField"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${adminToken}`
}
});
expect(doc.AdminOnlyField).toBeDefined();
});
it('role Admin should be able to read "AdminOrEditorField"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${adminToken}`
}
});
expect(doc.AdminOrEditorField).toBeDefined();
});
it('role Admin should NOT be able to read "endUserOnlyField"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${adminToken}`
}
});
expect(doc.endUserOnlyField).toBeUndefined();
});
});
describe('isTenant() helper', ()=>{
it('role Admin (with no tenants assigned) should NOT be able to access tenant restricted docs', async ()=>{
try {
const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, {
headers: {
Authorization: `JWT ${adminToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(403);
}
});
});
});
describe('logged as user with role Editor', ()=>{
describe('isAdmin helper', ()=>{
it('role Editor should NOT be able to access doc', async ()=>{
try {
const doc = await client.get(`/${AdminCollection.slug}/${adminDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(403);
}
});
});
describe('isRole helper', ()=>{
it('role Editor should be able to access doc', async ()=>{
const doc = await client.get(`/${RoleCollection.slug}/${roleDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.id).toBeDefined();
});
});
describe('field access helpers', ()=>{
it('role Editor should NOT be able to read "isAdmin"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.AdminOnlyField).toBeUndefined();
});
it('role Editor should be able to read "isRole(roles.Admin, roles.Editor)"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.AdminOrEditorField).toBeDefined();
});
it('role Editor should NOT be able to read "isRole(roles.User)"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.endUserOnlyField).toBeUndefined();
});
});
describe('isTenant() helper', ()=>{
it('role Editor (with no tenants assigned) should NEVER be able to access doc', async ()=>{
try {
const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(403);
}
});
it('role Editor (with no tenants assigned) should NOT be able to access any tenant', async ()=>{
try {
const doc = await client.get(`/${TypeACollection.slug}/${typeADoc1.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(403);
}
});
it('role Editor (with typeADoc1 assigned) should be able to access typeADoc1', async ()=>{
await payload.update({
collection: options.slug.users,
where: {
roles: {
contains: options.roles.Editor
}
},
data: {
tenants: [
{
relationTo: TypeACollection.slug,
value: typeADoc1.id
}
]
}
});
const doc = await client.get(`/${TypeACollection.slug}/${typeADoc1.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.id).toBeDefined();
});
it('role Editor (with typeADoc1 assigned) should NOT be able to access typeADoc2', async ()=>{
await payload.update({
collection: options.slug.users,
where: {
roles: {
contains: options.roles.Editor
}
},
data: {
tenants: [
{
relationTo: TypeACollection.slug,
value: typeADoc1.id
}
]
}
});
try {
const doc = await client.get(`/${TypeACollection.slug}/${typeADoc2.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(404);
}
});
it('role Editor (with typeADoc1 assigned) should NOT be able to access typeBDoc', async ()=>{
try {
const doc = await client.get(`/${TypeBCollection.slug}/${typeBDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(404);
}
});
it('role Editor (with any tenants assigned) should be able to access doc (with no tenants assigned)', async ()=>{
const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.id).toBeDefined();
});
it('role Editor (with typeADoc1 assigned) should be able to access doc (with typeADoc1 assigned)', async ()=>{
await payload.update({
collection: TenantCollection.slug,
id: tenantDoc.id,
data: {
typeA: [
typeADoc1.id
]
}
});
const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.id).toBeDefined();
});
it('role Editor (with typeADoc1 assigned) should NOT be able to access doc (with typeADoc2 assigned)', async ()=>{
await payload.update({
collection: TenantCollection.slug,
id: tenantDoc.id,
data: {
typeA: [
typeADoc2.id
]
}
});
try {
const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(404);
}
});
it('role Editor (with typeADoc1) should be able to access doc (with typeADoc1 and typeADoc2 assigned)', async ()=>{
await payload.update({
collection: TenantCollection.slug,
id: tenantDoc.id,
data: {
typeA: [
typeADoc1.id,
typeADoc2.id
]
}
});
const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.id).toBeDefined();
});
it('role Editor (with typeADoc1 and typeADoc2 assigned) should be able to access doc (with typeADoc1 and tenantDoc_id21_type1 assigned)', async ()=>{
await payload.update({
collection: options.slug.users,
where: {
roles: {
contains: options.roles.Editor
}
},
data: {
tenants: [
{
relationTo: TypeACollection.slug,
value: typeADoc1.id
},
{
relationTo: TypeACollection.slug,
value: typeADoc2.id
}
]
}
});
const doc = await client.get(`/${TenantCollection.slug}/${tenantDoc.id}${query}`, {
headers: {
Authorization: `JWT ${editorToken}`
}
});
expect(doc.id).toBeDefined();
});
});
});
describe('logged as endUser with role User', ()=>{
describe('isAdmin helper', ()=>{
it('role User should NOT be able to access doc', async ()=>{
try {
const doc = await client.get(`/${AdminCollection.slug}/${adminDoc.id}${query}`, {
headers: {
Authorization: `JWT ${endUserToken}`
}
});
expect(doc).toBeUndefined();
} catch (error) {
expect(error).toBeDefined();
expect(error.status).toBe(403);
}
});
});
describe('isRole helper', ()=>{
it('role User should be able to access doc', async ()=>{
const doc = await client.get(`/${RoleCollection.slug}/${roleDoc.id}${query}`, {
headers: {
Authorization: `JWT ${endUserToken}`
}
});
expect(doc.id).toBeDefined();
});
});
describe('field access helpers', ()=>{
it('role User should NOT be able to read "isAdmin"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${endUserToken}`
}
});
expect(doc.AdminOnlyField).toBeUndefined();
});
it('role User should NOT be able to read "isRole(roles.Admin, roles.Editor)"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${endUserToken}`
}
});
expect(doc.AdminOrEditorField).toBeUndefined();
});
it('role User should be able to read "isRole(roles.User)"', async ()=>{
const doc = await client.get(`/${RoleFieldCollection.slug}/${fieldDoc.id}${query}`, {
headers: {
Authorization: `JWT ${endUserToken}`
}
});
expect(doc.endUserOnlyField).toBeDefined();
});
});
});
});
});
//# sourceMappingURL=access.test.js.map