diff --git a/tests/api/core/admin/admin-permissions-conditions.test.api.js b/tests/api/core/admin/admin-permissions-conditions.test.api.js index 94857bde62..355ece83c9 100644 --- a/tests/api/core/admin/admin-permissions-conditions.test.api.js +++ b/tests/api/core/admin/admin-permissions-conditions.test.api.js @@ -6,8 +6,7 @@ const { createStrapiInstance } = require('api-tests/strapi'); const { createRequest, createAuthRequest } = require('api-tests/request'); const { createUtils } = require('api-tests/utils'); -// TODO: V5 fix RBAC -describe.skip('Admin Permissions - Conditions', () => { +describe('Admin Permissions - Conditions', () => { let strapi; let utils; const builder = createTestBuilder(); @@ -138,17 +137,17 @@ describe.skip('Admin Permissions - Conditions', () => { body: localTestData.entry, }); - expect(res.statusCode).toBe(200); + expect(res.statusCode).toBe(201); localTestData.entry = res.body.data; }); test('User A can read its entry', async () => { - const { id } = localTestData.entry; + const { documentId } = localTestData.entry; const modelName = getModelName(); const rq = getUserRequest(0); const res = await rq({ method: 'GET', - url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, + url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`, }); expect(res.statusCode).toBe(200); @@ -156,12 +155,12 @@ describe.skip('Admin Permissions - Conditions', () => { }); test('User B can read the entry created by user A', async () => { - const { id } = localTestData.entry; + const { documentId } = localTestData.entry; const modelName = getModelName(); const rq = getUserRequest(1); const res = await rq({ method: 'GET', - url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, + url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`, }); expect(res.statusCode).toBe(200); @@ -169,28 +168,26 @@ describe.skip('Admin Permissions - Conditions', () => { }); test('User B cannot delete the entry created by user A', async () => { - const { id } = localTestData.entry; + const { documentId } = localTestData.entry; const modelName = getModelName(); const rq = getUserRequest(1); const res = await rq({ method: 'DELETE', - url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, + url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`, }); expect(res.statusCode).toBe(403); }); test('User A can delete its entry', async () => { - const { id } = localTestData.entry; + const { documentId } = localTestData.entry; const modelName = getModelName(); const rq = getUserRequest(0); const res = await rq({ method: 'DELETE', - url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, + url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`, }); expect(res.statusCode).toBe(200); - // Fix V5: Decide if we want to return the deleted entry or not - // expect(res.body.data).toMatchObject(localTestData.entry); }); }); diff --git a/tests/api/core/admin/admin-permissions-custom-conditions.test.api.js b/tests/api/core/admin/admin-permissions-custom-conditions.test.api.js index 0feba3228c..d5553e2ab4 100644 --- a/tests/api/core/admin/admin-permissions-custom-conditions.test.api.js +++ b/tests/api/core/admin/admin-permissions-custom-conditions.test.api.js @@ -1,13 +1,13 @@ 'use strict'; -const { prop } = require('lodash/fp'); +const { prop, omit } = require('lodash/fp'); + const { createTestBuilder } = require('api-tests/builder'); const { createStrapiInstance } = require('api-tests/strapi'); const { createRequest, createAuthRequest } = require('api-tests/request'); const { createUtils } = require('api-tests/utils'); -// V5: Fix relations -describe.skip('Admin Permissions - Conditions', () => { +describe('Admin Permissions - Conditions', () => { let strapi; let utils; const builder = createTestBuilder(); @@ -145,7 +145,8 @@ describe.skip('Admin Permissions - Conditions', () => { url: `/content-manager/collection-types/api::category.category`, body: category, }); - category.id = body.id; + category.id = body.data.id; + category.documentId = body.data.documentId; } // Update the local data store @@ -170,7 +171,7 @@ describe.skip('Admin Permissions - Conditions', () => { .build(); strapi = await createStrapiInstance({ - bootstrap: ({ strapi }) => { + bootstrap({ strapi }) { // Create custom conditions return strapi .service('admin::permission') @@ -195,65 +196,65 @@ describe.skip('Admin Permissions - Conditions', () => { const res = await rq({ method: 'POST', url: `/content-manager/collection-types/api::article.article`, - body: { ...localTestData.cheapArticle, category: localTestData.categories[0].id }, + body: { ...localTestData.cheapArticle, category: localTestData.categories[0].documentId }, }); const resExpensive = await rq({ method: 'POST', url: `/content-manager/collection-types/api::article.article`, - body: { ...localTestData.expensiveArticle, category: localTestData.categories[1].id }, + body: { ...localTestData.expensiveArticle, category: localTestData.categories[1].documentId }, }); - expect(res.statusCode).toBe(200); - expect(resExpensive.statusCode).toBe(200); + expect(res.statusCode).toBe(201); + expect(resExpensive.statusCode).toBe(201); - localTestData.cheapArticle.id = res.body.id; - localTestData.expensiveArticle.id = resExpensive.body.id; + localTestData.cheapArticle.documentId = res.body.data.documentId; + localTestData.expensiveArticle.documentId = resExpensive.body.data.documentId; }); test('User can read cheap articles', async () => { - const { id } = localTestData.cheapArticle; + const { documentId } = localTestData.cheapArticle; const rq = getUserRequest(0); const res = await rq({ method: 'GET', - url: `/content-manager/collection-types/api::article.article/${id}`, + url: `/content-manager/collection-types/api::article.article/${documentId}`, }); expect(res.statusCode).toBe(200); - expect(res.body).toMatchObject(localTestData.cheapArticle); + expect(res.body.data).toMatchObject(localTestData.cheapArticle); }); test('User cannot read expensive articles', async () => { - const { id } = localTestData.expensiveArticle; + const { documentId } = localTestData.expensiveArticle; const rq = getUserRequest(0); const res = await rq({ method: 'GET', - url: `/content-manager/collection-types/api::article.article/${id}`, + url: `/content-manager/collection-types/api::article.article/${documentId}`, }); expect(res.statusCode).toBe(403); }); test('User can update cheap articles', async () => { - const { id } = localTestData.cheapArticle; + const { documentId } = localTestData.cheapArticle; const rq = getUserRequest(0); const res = await rq({ method: 'PUT', - url: `/content-manager/collection-types/api::article.article/${id}`, + url: `/content-manager/collection-types/api::article.article/${documentId}`, body: { ...localTestData.cheapArticle, title: 'New title' }, }); expect(res.statusCode).toBe(200); - expect(res.body).toMatchObject({ ...localTestData.cheapArticle, title: 'New title' }); + expect(res.body.data).toMatchObject({ ...localTestData.cheapArticle, title: 'New title' }); localTestData.cheapArticle.title = 'New title'; }); test('User cannot update expensive articles', async () => { - const { id } = localTestData.expensiveArticle; + const { documentId } = localTestData.expensiveArticle; const rq = getUserRequest(0); const res = await rq({ method: 'PUT', - url: `/content-manager/collection-types/api::article.article/${id}`, + url: `/content-manager/collection-types/api::article.article/${documentId}`, body: { ...localTestData.expensiveArticle, title: 'New title' }, }); @@ -261,45 +262,63 @@ describe.skip('Admin Permissions - Conditions', () => { }); test('User can publish cheap articles', async () => { - const { id } = localTestData.cheapArticle; + const { documentId } = localTestData.cheapArticle; const rq = getUserRequest(0); const res = await rq({ method: 'POST', - url: `/content-manager/collection-types/api::article.article/${id}/actions/publish`, + url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`, }); expect(res.statusCode).toBe(200); - expect(res.body).toMatchObject(localTestData.cheapArticle); + expect(res.body.data).toMatchObject(localTestData.cheapArticle); }); test('User cannot publish expensive articles', async () => { - const { id } = localTestData.expensiveArticle; + const { documentId } = localTestData.expensiveArticle; const rq = getUserRequest(0); const res = await rq({ method: 'POST', - url: `/content-manager/collection-types/api::article.article/${id}/actions/publish`, + url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`, }); expect(res.statusCode).toBe(403); }); test('User can delete cheap articles', async () => { - const { id } = localTestData.cheapArticle; + // Create a new cheap draft article + const { body } = await requests.admin({ + method: 'POST', + url: `/content-manager/collection-types/api::article.article`, + body: { + ...omit('documentId', localTestData.cheapArticle), + category: localTestData.categories[0].documentId, + }, + }); + const rq = getUserRequest(0); const res = await rq({ method: 'DELETE', - url: `/content-manager/collection-types/api::article.article/${id}`, + url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`, }); expect(res.statusCode).toBe(200); }); test('User cannot delete expensive articles', async () => { - const { id } = localTestData.expensiveArticle; + // Create a new expensive draft article + const { body } = await requests.admin({ + method: 'POST', + url: `/content-manager/collection-types/api::article.article`, + body: { + ...omit('documentId', localTestData.expensiveArticle), + category: localTestData.categories[1].documentId, + }, + }); + const rq = getUserRequest(0); const res = await rq({ method: 'DELETE', - url: `/content-manager/collection-types/api::article.article/${id}`, + url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`, }); expect(res.statusCode).toBe(403);