UNPKG

express-acler

Version:

ACL manager for Express using ACLer

github.com/Rocketseat/express-acler

182 lines (140 loc) • 4.31 kB

JavaScript

const sinon = require("sinon"); const expressAcler = require("../index.js"); const user = { username: "Higo Ribeiro", get roles() { return ["moderator"]; }, get permissions() { return ["writer", "read"]; } }; const index = (req, res) => { return res.send("Hi"); }; let acler; beforeAll(() => { acler = expressAcler(); }); describe("Testing acler permissions", () => { it("User without permissions", () => { expect(acler.can("read")).toThrow("User permissions is required"); }); it("User with permissions", () => { const next = sinon.fake(); const acl = acler.can("read")({ user }, null, next); expect(next.calledOnce).toBe(true); }); it("User with permissions but can't delete", () => { const next = sinon.fake(); const acl = () => acler.can("delete")({ user }, null, next); expect(acl).toThrow("You not allowed to this resource"); expect(next.notCalled).toBe(true); }); it("Changed permissions configurations without user updated", () => { const acl = expressAcler({ permissions: "permission" }).can("read"); expect(acl).toThrow("User permissions is required"); }); it("Changed permissions configurations with user updated", () => { const next = sinon.fake(); const acl = expressAcler({ permissions: "permission" }).can("read")( { ...user, permission: user.permissions }, null, next ); expect(next.calledOnce).toBe(true); }); it("Changed permissions configurations with user updated but can't delete", () => { const next = sinon.fake(); const acl = () => expressAcler({ permissions: "permission" }).can("delete")( { ...user, permission: user.permissions }, null, next ); expect(acl).toThrow("You not allowed to this resource"); expect(next.notCalled).toBe(true); }); it("Changed error permissions message configurations with user updated but can't delete", () => { const next = sinon.fake(); const acl = () => expressAcler({ errors: { permissions: "You don't have permission to continue" } }).can("delete")( { user }, null, next ); expect(acl).toThrow("You don't have permission to continue"); expect(next.notCalled).toBe(true); }); }); describe("Testing acler roles", () => { it("User without roles", () => { expect(acler.is("moderator")).toThrow("User roles is required"); }); it("User with roles", () => { const next = sinon.fake(); const acl = acler.is("moderator")({ user }, null, next); expect(next.calledOnce).toBe(true); }); it("User with roles and not an administrator", () => { const next = sinon.fake(); const acl = () => acler.is("administrator")({ user }, null, next); expect(acl).toThrow("You not allowed to this resource"); expect(next.notCalled).toBe(true); }); it("Changed roles configurations without user updated", () => { const acl = expressAcler({ roles: "role" }).is("moderator"); expect(acl).toThrow("User roles is required"); }); it("Changed roles configurations with user updated", () => { const next = sinon.fake(); const acl = expressAcler({ roles: "role" }).is("moderator")( { ...user, role: user.roles }, null, next ); expect(next.calledOnce).toBe(true); }); it("Changed role configurations with user updated and not an administrator", () => { const next = sinon.fake(); const acl = () => expressAcler({ roles: "role" }).is("administrator")( { ...user, role: user.roles }, null, next ); expect(acl).toThrow("You not allowed to this resource"); expect(next.notCalled).toBe(true); }); it("Changed error roles message configurations with user updated but not an administrator", () => { const next = sinon.fake(); const acl = () => expressAcler({ errors: { roles: "You don't have role to continue" } }).is("administrator")( { user }, null, next ); expect(acl).toThrow("You don't have role to continue"); expect(next.notCalled).toBe(true); }); });