yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-04 03:43:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: partial permission updates

Browse Source
This commit is contained in:
Marc-Roig 2023-08-22 15:43:40 +02:00
parent 7217d58c78
commit 73f3560b91
No known key found for this signature in database
GPG Key ID: FB4E2C43A0BEE249
1 changed files with 213 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

268
api-tests/core/admin/admin-role.test.api.js
View File

@ -72,7 +72,7 @@ describe('Role CRUD End to End', () => {
data.editorRole = res.body.data.find((r) => r.code === 'strapi-editor'); data.editorRole = res.body.data.find((r) => r.code === 'strapi-editor');
}); });
test('Author have admin::is-creator condition for every permission', async () => { test('Author has admin::is-creator condition for every permission', async () => {
const res = await rq({ const res = await rq({
url: `/admin/roles/${data.authorRole.id}/permissions`, url: `/admin/roles/${data.authorRole.id}/permissions`,
method: 'GET', method: 'GET',
@ -117,14 +117,20 @@ describe('Role CRUD End to End', () => {
]; ];
test('Conditions of editors and author can be modified', async () => { test('Conditions of editors and author can be modified', async () => {
let oldPermRes = await rq({
url: `/admin/roles/${data.editorRole.id}/permissions`,
method: 'GET',
});
let res = await rq({ let res = await rq({
url: `/admin/roles/${data.editorRole.id}/permissions`, url: `/admin/roles/${data.editorRole.id}/permissions`,
method: 'PUT', method: 'PUT',
body: { permissions: newPermissions }, body: { permissions: { connect: newPermissions } },
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
expect(res.body.data).toHaveLength(2); // Old permissions should be kept
expect(res.body.data).toHaveLength(oldPermRes.body.data.length + 2);
expect(res.body).toEqual({ expect(res.body).toEqual({
data: expect.arrayContaining([ data: expect.arrayContaining([
expect.objectContaining({ expect.objectContaining({
@ -142,14 +148,20 @@ describe('Role CRUD End to End', () => {
]), ]),
}); });
oldPermRes = await rq({
url: `/admin/roles/${data.authorRole.id}/permissions`,
method: 'GET',
});
res = await rq({ res = await rq({
url: `/admin/roles/${data.authorRole.id}/permissions`, url: `/admin/roles/${data.authorRole.id}/permissions`,
method: 'PUT', method: 'PUT',
body: { permissions: newPermissions }, body: { permissions: { connect: newPermissions } },
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
expect(res.body.data).toHaveLength(2); // Old permissions should be kept
expect(res.body.data).toHaveLength(oldPermRes.body.data.length + 2);
expect(res.body).toEqual({ expect(res.body).toEqual({
data: expect.arrayContaining([ data: expect.arrayContaining([
expect.objectContaining({ expect.objectContaining({
@ -590,22 +602,24 @@ describe('Role CRUD End to End', () => {
}); });
}); });
test('assign permissions on role', async () => { test('connect new permissions on role', async () => {
const res = await rq({ const res = await rq({
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`, url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
method: 'PUT', method: 'PUT',
body: { body: {
permissions: [ permissions: {
{ connect: [
action: 'plugin::users-permissions.roles.update', {
}, action: 'plugin::users-permissions.roles.update',
{ },
action: 'plugin::content-manager.explorer.create', {
subject: 'plugin::users-permissions.user', action: 'plugin::content-manager.explorer.create',
properties: { fields: ['username'], locales: [] }, subject: 'plugin::users-permissions.user',
conditions: ['admin::is-creator'], properties: { fields: ['username'], locales: [] },
}, conditions: ['admin::is-creator'],
], },
],
},
}, },
}); });
@ -627,11 +641,47 @@ describe('Role CRUD End to End', () => {
}); });
}); });
test('assign permissions on role with an unknown condition', async () => { test('connect existing permissions on role', async () => {
const permissions = [ const newPermissions = await rq({
{ url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
action: 'plugin::users-permissions.roles.update', method: 'GET',
})
.then((res) => res.body.data)
.then((permissions) =>
// Update permissions of content-manager.explorer.create to have empty fields
permissions.map((p) => {
if (p.action === 'plugin::content-manager.explorer.create') {
return {
...p,
properties: { ...p.properties, fields: [] },
};
}
return p;
})
);
const res = await rq({
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
method: 'PUT',
body: {
permissions: {
connect: newPermissions,
},
}, },
});
expect(res.statusCode).toBe(200);
expect(res.body.data).toEqual(expect.arrayContaining(newPermissions));
});
test('connect permissions on role with an unknown condition', async () => {
const oldPermissionsId = await rq({
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
method: 'GET',
}).then((res) => res.body.data.map((p) => p.id));
const permissions = [
{ {
action: 'plugin::content-manager.explorer.create', action: 'plugin::content-manager.explorer.create',
subject: 'plugin::users-permissions.user', subject: 'plugin::users-permissions.user',
@ -639,55 +689,125 @@ describe('Role CRUD End to End', () => {
conditions: ['admin::is-creator'], conditions: ['admin::is-creator'],
}, },
]; ];
const res = await rq({ const res = await rq({
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`, url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
method: 'PUT', method: 'PUT',
body: { body: {
permissions: [ permissions: {
permissions[0], connect: [
{ {
...permissions[1], ...permissions[0],
conditions: [...permissions[1].conditions, 'unknown-condition'], conditions: [...permissions[0].conditions, 'unknown-condition'],
}, },
], ],
disconnect: oldPermissionsId.map((id) => ({ id })),
},
}, },
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
expect(res.body.data).toHaveLength(1); expect(res.body.data).toHaveLength(1);
expect(res.body.data[0]).toMatchObject(permissions[1]); expect(res.body.data[0]).toMatchObject(permissions[0]);
}); });
test("can't assign non-existing permissions on role", async () => { describe('connect non valid permissions on role', () => {
const res = await rq({ test("can't connect permissions on role with invalid id", async () => {
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`, const res = await rq({
method: 'PUT', url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
body: { method: 'PUT',
permissions: [ body: {
{ permissions: {
action: 'non.existing.action', connect: [
{
id: 99999999,
action: 'plugin::users-permissions.roles.update',
},
],
}, },
], },
}, });
expect(res.statusCode).toBe(400);
expect(res.body).toMatchObject({
data: null,
error: {
details: {},
message: 'Some permissions to update do not exist',
name: 'ApplicationError',
status: 400,
},
});
}); });
expect(res.statusCode).toBe(400); test("can't connect content manager permission without subject", async () => {
expect(res.body).toMatchObject({ const res = await rq({
data: null, url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
error: { method: 'PUT',
details: { body: {
errors: [ permissions: {
{ connect: [
message: 'action is not an existing permission action', {
name: 'ValidationError', action: 'plugin::content-manager.explorer.create',
path: ['permissions', '0', 'action'], },
}, ],
], },
}, },
message: 'action is not an existing permission action', });
name: 'ValidationError',
status: 400, expect(res.statusCode).toBe(400);
}, expect(res.body).toMatchObject({
data: null,
error: {
details: {
errors: [
{
message: 'Invalid subject submitted',
name: 'ValidationError',
path: ['permissions', 'connect', '0', 'subject'],
},
],
},
message: 'Invalid subject submitted',
name: 'ValidationError',
status: 400,
},
});
});
test("can't connect non-existing permissions on role", async () => {
const res = await rq({
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
method: 'PUT',
body: {
permissions: {
connect: [
{
action: 'non.existing.action',
},
],
},
},
});
expect(res.statusCode).toBe(400);
expect(res.body).toMatchObject({
data: null,
error: {
details: {
errors: [
{
message: 'action is not an existing permission action',
name: 'ValidationError',
path: ['permissions', 'connect', '0', 'action'],
},
],
},
message: 'action is not an existing permission action',
name: 'ValidationError',
status: 400,
},
});
}); });
}); });
@ -715,5 +835,43 @@ describe('Role CRUD End to End', () => {
} }
}); });
}); });
test('disconnect permissions on role', async () => {
// Connect some first, and disconnect all ids afterwards
const oldPermissions = await rq({
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
method: 'PUT',
body: {
permissions: {
connect: [
{
action: 'plugin::users-permissions.roles.update',
},
{
action: 'plugin::content-manager.explorer.create',
subject: 'plugin::users-permissions.user',
properties: { fields: ['username'], locales: [] },
conditions: ['admin::is-creator'],
},
],
},
},
}).then((res) => res.body.data);
const res = await rq({
url: `/admin/roles/${data.rolesWithoutUsers[0].id}/permissions`,
method: 'PUT',
body: {
permissions: {
// Disconnect all but the last one
disconnect: oldPermissions.slice(0, -1).map((p) => ({ id: p.id })),
},
},
});
expect(res.statusCode).toBe(200);
expect(res.body.data).toHaveLength(1);
expect(res.body.data[0]).toMatchObject(oldPermissions[oldPermissions.length - 1]);
});
}); });
}); });