yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-08-31 04:03:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: run rbac api tests (#20252)

Browse Source 
* feat: run rbac condition tests

* fix: omit documentId when creating an article
This commit is contained in:
Marc Roig 2024-05-03 14:15:21 +02:00 committed by GitHub
parent 23fa63efeb
commit 823c409265
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 59 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tests/api/core/admin/admin-permissions-conditions.test.api.js
View File

@ -6,8 +6,7 @@ const { createStrapiInstance } = require('api-tests/strapi');
const { createRequest, createAuthRequest } = require('api-tests/request');
const { createUtils } = require('api-tests/utils');
// TODO: V5 fix RBAC
describe.skip('Admin Permissions - Conditions', () => {
describe('Admin Permissions - Conditions', () => {
let strapi;
let utils;
const builder = createTestBuilder();
@ -138,17 +137,17 @@ describe.skip('Admin Permissions - Conditions', () => {
body: localTestData.entry,
});
expect(res.statusCode).toBe(200);
expect(res.statusCode).toBe(201);
localTestData.entry = res.body.data;
});
test('User A can read its entry', async () => {
const { id } = localTestData.entry;
const { documentId } = localTestData.entry;
const modelName = getModelName();
const rq = getUserRequest(0);
const res = await rq({
method: 'GET',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`,
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
});
expect(res.statusCode).toBe(200);
@ -156,12 +155,12 @@ describe.skip('Admin Permissions - Conditions', () => {
});
test('User B can read the entry created by user A', async () => {
const { id } = localTestData.entry;
const { documentId } = localTestData.entry;
const modelName = getModelName();
const rq = getUserRequest(1);
const res = await rq({
method: 'GET',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`,
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
});
expect(res.statusCode).toBe(200);
@ -169,28 +168,26 @@ describe.skip('Admin Permissions - Conditions', () => {
});
test('User B cannot delete the entry created by user A', async () => {
const { id } = localTestData.entry;
const { documentId } = localTestData.entry;
const modelName = getModelName();
const rq = getUserRequest(1);
const res = await rq({
method: 'DELETE',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`,
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
});
expect(res.statusCode).toBe(403);
});
test('User A can delete its entry', async () => {
const { id } = localTestData.entry;
const { documentId } = localTestData.entry;
const modelName = getModelName();
const rq = getUserRequest(0);
const res = await rq({
method: 'DELETE',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`,
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
});
expect(res.statusCode).toBe(200);
// Fix V5: Decide if we want to return the deleted entry or not
// expect(res.body.data).toMatchObject(localTestData.entry);
});
});

79
tests/api/core/admin/admin-permissions-custom-conditions.test.api.js
View File

@ -1,13 +1,13 @@
'use strict';
const { prop } = require('lodash/fp');
const { prop, omit } = require('lodash/fp');
const { createTestBuilder } = require('api-tests/builder');
const { createStrapiInstance } = require('api-tests/strapi');
const { createRequest, createAuthRequest } = require('api-tests/request');
const { createUtils } = require('api-tests/utils');
// V5: Fix relations
describe.skip('Admin Permissions - Conditions', () => {
describe('Admin Permissions - Conditions', () => {
let strapi;
let utils;
const builder = createTestBuilder();
@ -145,7 +145,8 @@ describe.skip('Admin Permissions - Conditions', () => {
url: `/content-manager/collection-types/api::category.category`,
body: category,
});
category.id = body.id;
category.id = body.data.id;
category.documentId = body.data.documentId;
}
// Update the local data store
@ -170,7 +171,7 @@ describe.skip('Admin Permissions - Conditions', () => {
.build();
strapi = await createStrapiInstance({
bootstrap: ({ strapi }) => {
bootstrap({ strapi }) {
// Create custom conditions
return strapi
.service('admin::permission')
@ -195,65 +196,65 @@ describe.skip('Admin Permissions - Conditions', () => {
const res = await rq({
method: 'POST',
url: `/content-manager/collection-types/api::article.article`,
body: { ...localTestData.cheapArticle, category: localTestData.categories[0].id },
body: { ...localTestData.cheapArticle, category: localTestData.categories[0].documentId },
});
const resExpensive = await rq({
method: 'POST',
url: `/content-manager/collection-types/api::article.article`,
body: { ...localTestData.expensiveArticle, category: localTestData.categories[1].id },
body: { ...localTestData.expensiveArticle, category: localTestData.categories[1].documentId },
});
expect(res.statusCode).toBe(200);
expect(resExpensive.statusCode).toBe(200);
expect(res.statusCode).toBe(201);
expect(resExpensive.statusCode).toBe(201);
localTestData.cheapArticle.id = res.body.id;
localTestData.expensiveArticle.id = resExpensive.body.id;
localTestData.cheapArticle.documentId = res.body.data.documentId;
localTestData.expensiveArticle.documentId = resExpensive.body.data.documentId;
});
test('User can read cheap articles', async () => {
const { id } = localTestData.cheapArticle;
const { documentId } = localTestData.cheapArticle;
const rq = getUserRequest(0);
const res = await rq({
method: 'GET',
url: `/content-manager/collection-types/api::article.article/${id}`,
url: `/content-manager/collection-types/api::article.article/${documentId}`,
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject(localTestData.cheapArticle);
expect(res.body.data).toMatchObject(localTestData.cheapArticle);
});
test('User cannot read expensive articles', async () => {
const { id } = localTestData.expensiveArticle;
const { documentId } = localTestData.expensiveArticle;
const rq = getUserRequest(0);
const res = await rq({
method: 'GET',
url: `/content-manager/collection-types/api::article.article/${id}`,
url: `/content-manager/collection-types/api::article.article/${documentId}`,
});
expect(res.statusCode).toBe(403);
});
test('User can update cheap articles', async () => {
const { id } = localTestData.cheapArticle;
const { documentId } = localTestData.cheapArticle;
const rq = getUserRequest(0);
const res = await rq({
method: 'PUT',
url: `/content-manager/collection-types/api::article.article/${id}`,
url: `/content-manager/collection-types/api::article.article/${documentId}`,
body: { ...localTestData.cheapArticle, title: 'New title' },
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({ ...localTestData.cheapArticle, title: 'New title' });
expect(res.body.data).toMatchObject({ ...localTestData.cheapArticle, title: 'New title' });
localTestData.cheapArticle.title = 'New title';
});
test('User cannot update expensive articles', async () => {
const { id } = localTestData.expensiveArticle;
const { documentId } = localTestData.expensiveArticle;
const rq = getUserRequest(0);
const res = await rq({
method: 'PUT',
url: `/content-manager/collection-types/api::article.article/${id}`,
url: `/content-manager/collection-types/api::article.article/${documentId}`,
body: { ...localTestData.expensiveArticle, title: 'New title' },
});
@ -261,45 +262,63 @@ describe.skip('Admin Permissions - Conditions', () => {
});
test('User can publish cheap articles', async () => {
const { id } = localTestData.cheapArticle;
const { documentId } = localTestData.cheapArticle;
const rq = getUserRequest(0);
const res = await rq({
method: 'POST',
url: `/content-manager/collection-types/api::article.article/${id}/actions/publish`,
url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`,
});
expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject(localTestData.cheapArticle);
expect(res.body.data).toMatchObject(localTestData.cheapArticle);
});
test('User cannot publish expensive articles', async () => {
const { id } = localTestData.expensiveArticle;
const { documentId } = localTestData.expensiveArticle;
const rq = getUserRequest(0);
const res = await rq({
method: 'POST',
url: `/content-manager/collection-types/api::article.article/${id}/actions/publish`,
url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`,
});
expect(res.statusCode).toBe(403);
});
test('User can delete cheap articles', async () => {
const { id } = localTestData.cheapArticle;
// Create a new cheap draft article
const { body } = await requests.admin({
method: 'POST',
url: `/content-manager/collection-types/api::article.article`,
body: {
...omit('documentId', localTestData.cheapArticle),
category: localTestData.categories[0].documentId,
},
});
const rq = getUserRequest(0);
const res = await rq({
method: 'DELETE',
url: `/content-manager/collection-types/api::article.article/${id}`,
url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`,
});
expect(res.statusCode).toBe(200);
});
test('User cannot delete expensive articles', async () => {
const { id } = localTestData.expensiveArticle;
// Create a new expensive draft article
const { body } = await requests.admin({
method: 'POST',
url: `/content-manager/collection-types/api::article.article`,
body: {
...omit('documentId', localTestData.expensiveArticle),
category: localTestData.categories[1].documentId,
},
});
const rq = getUserRequest(0);
const res = await rq({
method: 'DELETE',
url: `/content-manager/collection-types/api::article.article/${id}`,
url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`,
});
expect(res.statusCode).toBe(403);