From 956ab9de47c00d2c5168ba2415c99d79a6858126 Mon Sep 17 00:00:00 2001
From: Convly <jean-sebastien.herbaux@epitech.eu>
Date: Tue, 26 Apr 2022 14:43:09 +0200
Subject: [PATCH] Add basic tests for permissions-manager sanitize utils

---
 .../permissions-manager-sanitize.test.js      | 94 +++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 packages/core/admin/server/services/__tests__/permissions-manager-sanitize.test.js

diff --git a/packages/core/admin/server/services/__tests__/permissions-manager-sanitize.test.js b/packages/core/admin/server/services/__tests__/permissions-manager-sanitize.test.js
new file mode 100644
index 0000000000..15836c91cd
--- /dev/null
+++ b/packages/core/admin/server/services/__tests__/permissions-manager-sanitize.test.js
@@ -0,0 +1,94 @@
+'use strict';
+
+const { AbilityBuilder, Ability } = require('@casl/ability');
+const { pick } = require('lodash/fp');
+const sift = require('sift');
+
+const createSanitizeHelpers = require('../permission/permissions-manager/sanitize');
+
+const allowedOperations = [
+  '$or',
+  '$and',
+  '$eq',
+  '$ne',
+  '$in',
+  '$nin',
+  '$lt',
+  '$lte',
+  '$gt',
+  '$gte',
+  '$exists',
+  '$elemMatch',
+];
+
+const operations = pick(allowedOperations, sift);
+
+const conditionsMatcher = conditions => {
+  return sift.createQueryTester(conditions, { operations });
+};
+
+const defineAbility = register => {
+  const { can, build } = new AbilityBuilder(Ability);
+
+  register(can);
+
+  return build({ conditionsMatcher });
+};
+
+const fooModel = {
+  uid: 'api::foo.foo',
+  attributes: {
+    a: {
+      type: 'string',
+      hidden: true,
+    },
+    b: {
+      type: 'password',
+    },
+    c: {
+      type: 'string',
+    },
+  },
+};
+
+const sanitizeHelpers = {
+  sanitizeOutput: null,
+  sanitizeInput: null,
+};
+
+describe('Permissions Manager - Sanitize', () => {
+  beforeAll(() => {
+    global.strapi = {
+      getModel() {
+        return fooModel;
+      },
+    };
+
+    Object.assign(
+      sanitizeHelpers,
+      createSanitizeHelpers({
+        action: 'read',
+        model: fooModel,
+        ability: defineAbility(can => can('read', 'api::foo.foo')),
+      })
+    );
+  });
+
+  describe('Sanitize Output', () => {
+    it('Removes hidden fields', async () => {
+      const data = { a: 'Foo', c: 'Bar' };
+      const result = await sanitizeHelpers.sanitizeOutput(data, { subject: fooModel.uid });
+
+      expect(result).toEqual({ c: 'Bar' });
+    });
+  });
+
+  describe('Sanitize Input', () => {
+    it('Removes hidden fields', async () => {
+      const data = { a: 'Foo', c: 'Bar' };
+      const result = await sanitizeHelpers.sanitizeInput(data, { subject: fooModel.uid });
+
+      expect(result).toEqual({ c: 'Bar' });
+    });
+  });
+});