Add basic tests for permissions-manager sanitize utils

2025-09-26 00:39:49 +00:00 · 2022-04-26 14:43:09 +02:00 · 2022-04-26 14:43:09 +02:00 · 956ab9de47
commit 956ab9de47
parent 1d50038e44
1 changed files with 94 additions and 0 deletions
--- a/packages/core/admin/server/services/tests/permissions-manager-sanitize.test.js
+++ b/packages/core/admin/server/services/tests/permissions-manager-sanitize.test.js
@ -0,0 +1,94 @@
+'use strict';
+
+const { AbilityBuilder, Ability } = require('@casl/ability');
+const { pick } = require('lodash/fp');
+const sift = require('sift');
+
+const createSanitizeHelpers = require('../permission/permissions-manager/sanitize');
+
+const allowedOperations = [
+  '$or',
+  '$and',
+  '$eq',
+  '$ne',
+  '$in',
+  '$nin',
+  '$lt',
+  '$lte',
+  '$gt',
+  '$gte',
+  '$exists',
+  '$elemMatch',
+];
+
+const operations = pick(allowedOperations, sift);
+
+const conditionsMatcher = conditions => {
+  return sift.createQueryTester(conditions, { operations });
+};
+
+const defineAbility = register => {
+  const { can, build } = new AbilityBuilder(Ability);
+
+  register(can);
+
+  return build({ conditionsMatcher });
+};
+
+const fooModel = {
+  uid: 'api::foo.foo',
+  attributes: {
+    a: {
+      type: 'string',
+      hidden: true,
+    },
+    b: {
+      type: 'password',
+    },
+    c: {
+      type: 'string',
+    },
+  },
+};
+
+const sanitizeHelpers = {
+  sanitizeOutput: null,
+  sanitizeInput: null,
+};
+
+describe('Permissions Manager - Sanitize', () => {
+  beforeAll(() => {
+    global.strapi = {
+      getModel() {
+        return fooModel;
+      },
+    };
+
+    Object.assign(
+      sanitizeHelpers,
+      createSanitizeHelpers({
+        action: 'read',
+        model: fooModel,
+        ability: defineAbility(can => can('read', 'api::foo.foo')),
+      })
+    );
+  });
+
+  describe('Sanitize Output', () => {
+    it('Removes hidden fields', async () => {
+      const data = { a: 'Foo', c: 'Bar' };
+      const result = await sanitizeHelpers.sanitizeOutput(data, { subject: fooModel.uid });
+
+      expect(result).toEqual({ c: 'Bar' });
+    });
+  });
+
+  describe('Sanitize Input', () => {
+    it('Removes hidden fields', async () => {
+      const data = { a: 'Foo', c: 'Bar' };
+      const result = await sanitizeHelpers.sanitizeInput(data, { subject: fooModel.uid });
+
+      expect(result).toEqual({ c: 'Bar' });
+    });
+  });
+});