yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-09-01 12:53:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: run rbac api tests (#20252)

Browse Source 
* feat: run rbac condition tests

* fix: omit documentId when creating an article
This commit is contained in:
Marc Roig 2024-05-03 14:15:21 +02:00 committed by GitHub
parent 23fa63efeb
commit 823c409265
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 59 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tests/api/core/admin/admin-permissions-conditions.test.api.js
View File

@ -6,8 +6,7 @@ const { createStrapiInstance } = require('api-tests/strapi');
const { createRequest, createAuthRequest } = require('api-tests/request'); const { createRequest, createAuthRequest } = require('api-tests/request');
const { createUtils } = require('api-tests/utils'); const { createUtils } = require('api-tests/utils');
// TODO: V5 fix RBAC describe('Admin Permissions - Conditions', () => {
describe.skip('Admin Permissions - Conditions', () => {
let strapi; let strapi;
let utils; let utils;
const builder = createTestBuilder(); const builder = createTestBuilder();
@ -138,17 +137,17 @@ describe.skip('Admin Permissions - Conditions', () => {
body: localTestData.entry, body: localTestData.entry,
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(201);
localTestData.entry = res.body.data; localTestData.entry = res.body.data;
}); });
test('User A can read its entry', async () => { test('User A can read its entry', async () => {
const { id } = localTestData.entry; const { documentId } = localTestData.entry;
const modelName = getModelName(); const modelName = getModelName();
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'GET', method: 'GET',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
@ -156,12 +155,12 @@ describe.skip('Admin Permissions - Conditions', () => {
}); });
test('User B can read the entry created by user A', async () => { test('User B can read the entry created by user A', async () => {
const { id } = localTestData.entry; const { documentId } = localTestData.entry;
const modelName = getModelName(); const modelName = getModelName();
const rq = getUserRequest(1); const rq = getUserRequest(1);
const res = await rq({ const res = await rq({
method: 'GET', method: 'GET',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
@ -169,28 +168,26 @@ describe.skip('Admin Permissions - Conditions', () => {
}); });
test('User B cannot delete the entry created by user A', async () => { test('User B cannot delete the entry created by user A', async () => {
const { id } = localTestData.entry; const { documentId } = localTestData.entry;
const modelName = getModelName(); const modelName = getModelName();
const rq = getUserRequest(1); const rq = getUserRequest(1);
const res = await rq({ const res = await rq({
method: 'DELETE', method: 'DELETE',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
}); });
expect(res.statusCode).toBe(403); expect(res.statusCode).toBe(403);
}); });
test('User A can delete its entry', async () => { test('User A can delete its entry', async () => {
const { id } = localTestData.entry; const { documentId } = localTestData.entry;
const modelName = getModelName(); const modelName = getModelName();
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'DELETE', method: 'DELETE',
url: `/content-manager/collection-types/api::${modelName}.${modelName}/${id}`, url: `/content-manager/collection-types/api::${modelName}.${modelName}/${documentId}`,
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
// Fix V5: Decide if we want to return the deleted entry or not
// expect(res.body.data).toMatchObject(localTestData.entry);
}); });
}); });

79
tests/api/core/admin/admin-permissions-custom-conditions.test.api.js
View File

@ -1,13 +1,13 @@
'use strict'; 'use strict';
const { prop } = require('lodash/fp'); const { prop, omit } = require('lodash/fp');
const { createTestBuilder } = require('api-tests/builder'); const { createTestBuilder } = require('api-tests/builder');
const { createStrapiInstance } = require('api-tests/strapi'); const { createStrapiInstance } = require('api-tests/strapi');
const { createRequest, createAuthRequest } = require('api-tests/request'); const { createRequest, createAuthRequest } = require('api-tests/request');
const { createUtils } = require('api-tests/utils'); const { createUtils } = require('api-tests/utils');
// V5: Fix relations describe('Admin Permissions - Conditions', () => {
describe.skip('Admin Permissions - Conditions', () => {
let strapi; let strapi;
let utils; let utils;
const builder = createTestBuilder(); const builder = createTestBuilder();
@ -145,7 +145,8 @@ describe.skip('Admin Permissions - Conditions', () => {
url: `/content-manager/collection-types/api::category.category`, url: `/content-manager/collection-types/api::category.category`,
body: category, body: category,
}); });
category.id = body.id; category.id = body.data.id;
category.documentId = body.data.documentId;
} }
// Update the local data store // Update the local data store
@ -170,7 +171,7 @@ describe.skip('Admin Permissions - Conditions', () => {
.build(); .build();
strapi = await createStrapiInstance({ strapi = await createStrapiInstance({
bootstrap: ({ strapi }) => { bootstrap({ strapi }) {
// Create custom conditions // Create custom conditions
return strapi return strapi
.service('admin::permission') .service('admin::permission')
@ -195,65 +196,65 @@ describe.skip('Admin Permissions - Conditions', () => {
const res = await rq({ const res = await rq({
method: 'POST', method: 'POST',
url: `/content-manager/collection-types/api::article.article`, url: `/content-manager/collection-types/api::article.article`,
body: { ...localTestData.cheapArticle, category: localTestData.categories[0].id }, body: { ...localTestData.cheapArticle, category: localTestData.categories[0].documentId },
}); });
const resExpensive = await rq({ const resExpensive = await rq({
method: 'POST', method: 'POST',
url: `/content-manager/collection-types/api::article.article`, url: `/content-manager/collection-types/api::article.article`,
body: { ...localTestData.expensiveArticle, category: localTestData.categories[1].id }, body: { ...localTestData.expensiveArticle, category: localTestData.categories[1].documentId },
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(201);
expect(resExpensive.statusCode).toBe(200); expect(resExpensive.statusCode).toBe(201);
localTestData.cheapArticle.id = res.body.id; localTestData.cheapArticle.documentId = res.body.data.documentId;
localTestData.expensiveArticle.id = resExpensive.body.id; localTestData.expensiveArticle.documentId = resExpensive.body.data.documentId;
}); });
test('User can read cheap articles', async () => { test('User can read cheap articles', async () => {
const { id } = localTestData.cheapArticle; const { documentId } = localTestData.cheapArticle;
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'GET', method: 'GET',
url: `/content-manager/collection-types/api::article.article/${id}`, url: `/content-manager/collection-types/api::article.article/${documentId}`,
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject(localTestData.cheapArticle); expect(res.body.data).toMatchObject(localTestData.cheapArticle);
}); });
test('User cannot read expensive articles', async () => { test('User cannot read expensive articles', async () => {
const { id } = localTestData.expensiveArticle; const { documentId } = localTestData.expensiveArticle;
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'GET', method: 'GET',
url: `/content-manager/collection-types/api::article.article/${id}`, url: `/content-manager/collection-types/api::article.article/${documentId}`,
}); });
expect(res.statusCode).toBe(403); expect(res.statusCode).toBe(403);
}); });
test('User can update cheap articles', async () => { test('User can update cheap articles', async () => {
const { id } = localTestData.cheapArticle; const { documentId } = localTestData.cheapArticle;
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'PUT', method: 'PUT',
url: `/content-manager/collection-types/api::article.article/${id}`, url: `/content-manager/collection-types/api::article.article/${documentId}`,
body: { ...localTestData.cheapArticle, title: 'New title' }, body: { ...localTestData.cheapArticle, title: 'New title' },
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject({ ...localTestData.cheapArticle, title: 'New title' }); expect(res.body.data).toMatchObject({ ...localTestData.cheapArticle, title: 'New title' });
localTestData.cheapArticle.title = 'New title'; localTestData.cheapArticle.title = 'New title';
}); });
test('User cannot update expensive articles', async () => { test('User cannot update expensive articles', async () => {
const { id } = localTestData.expensiveArticle; const { documentId } = localTestData.expensiveArticle;
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'PUT', method: 'PUT',
url: `/content-manager/collection-types/api::article.article/${id}`, url: `/content-manager/collection-types/api::article.article/${documentId}`,
body: { ...localTestData.expensiveArticle, title: 'New title' }, body: { ...localTestData.expensiveArticle, title: 'New title' },
}); });
@ -261,45 +262,63 @@ describe.skip('Admin Permissions - Conditions', () => {
}); });
test('User can publish cheap articles', async () => { test('User can publish cheap articles', async () => {
const { id } = localTestData.cheapArticle; const { documentId } = localTestData.cheapArticle;
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'POST', method: 'POST',
url: `/content-manager/collection-types/api::article.article/${id}/actions/publish`, url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`,
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
expect(res.body).toMatchObject(localTestData.cheapArticle); expect(res.body.data).toMatchObject(localTestData.cheapArticle);
}); });
test('User cannot publish expensive articles', async () => { test('User cannot publish expensive articles', async () => {
const { id } = localTestData.expensiveArticle; const { documentId } = localTestData.expensiveArticle;
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'POST', method: 'POST',
url: `/content-manager/collection-types/api::article.article/${id}/actions/publish`, url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`,
}); });
expect(res.statusCode).toBe(403); expect(res.statusCode).toBe(403);
}); });
test('User can delete cheap articles', async () => { test('User can delete cheap articles', async () => {
const { id } = localTestData.cheapArticle; // Create a new cheap draft article
const { body } = await requests.admin({
method: 'POST',
url: `/content-manager/collection-types/api::article.article`,
body: {
...omit('documentId', localTestData.cheapArticle),
category: localTestData.categories[0].documentId,
},
});
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'DELETE', method: 'DELETE',
url: `/content-manager/collection-types/api::article.article/${id}`, url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`,
}); });
expect(res.statusCode).toBe(200); expect(res.statusCode).toBe(200);
}); });
test('User cannot delete expensive articles', async () => { test('User cannot delete expensive articles', async () => {
const { id } = localTestData.expensiveArticle; // Create a new expensive draft article
const { body } = await requests.admin({
method: 'POST',
url: `/content-manager/collection-types/api::article.article`,
body: {
...omit('documentId', localTestData.expensiveArticle),
category: localTestData.categories[1].documentId,
},
});
const rq = getUserRequest(0); const rq = getUserRequest(0);
const res = await rq({ const res = await rq({
method: 'DELETE', method: 'DELETE',
url: `/content-manager/collection-types/api::article.article/${id}`, url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`,
}); });
expect(res.statusCode).toBe(403); expect(res.statusCode).toBe(403);