Add basic tests for permissions-manager sanitize utils

2025-09-26 17:00:55 +00:00 · 2022-04-26 14:43:09 +02:00 · 2022-04-26 14:43:09 +02:00 · 956ab9de47
commit 956ab9de47
parent 1d50038e44
1 changed files with 94 additions and 0 deletions
--- a/packages/core/admin/server/services/tests/permissions-manager-sanitize.test.js
+++ b/packages/core/admin/server/services/tests/permissions-manager-sanitize.test.js
@ -0,0 +1,94 @@
 'use strict';
 const { AbilityBuilder, Ability } = require('@casl/ability');
 const { pick } = require('lodash/fp');
 const sift = require('sift');
 const createSanitizeHelpers = require('../permission/permissions-manager/sanitize');
 const allowedOperations = [
  '$or',
  '$and',
  '$eq',
  '$ne',
  '$in',
  '$nin',
  '$lt',
  '$lte',
  '$gt',
  '$gte',
  '$exists',
  '$elemMatch',
 ];
 const operations = pick(allowedOperations, sift);
 const conditionsMatcher = conditions => {
  return sift.createQueryTester(conditions, { operations });
 };
 const defineAbility = register => {
  const { can, build } = new AbilityBuilder(Ability);
  register(can);
  return build({ conditionsMatcher });
 };
 const fooModel = {
  uid: 'api::foo.foo',
  attributes: {
    a: {
      type: 'string',
      hidden: true,
    },
    b: {
      type: 'password',
    },
    c: {
      type: 'string',
    },
  },
 };
 const sanitizeHelpers = {
  sanitizeOutput: null,
  sanitizeInput: null,
 };
 describe('Permissions Manager - Sanitize', () => {
  beforeAll(() => {
    global.strapi = {
      getModel() {
        return fooModel;
      },
    };
    Object.assign(
      sanitizeHelpers,
      createSanitizeHelpers({
        action: 'read',
        model: fooModel,
        ability: defineAbility(can => can('read', 'api::foo.foo')),
      })
    );
  });
  describe('Sanitize Output', () => {
    it('Removes hidden fields', async () => {
      const data = { a: 'Foo', c: 'Bar' };
      const result = await sanitizeHelpers.sanitizeOutput(data, { subject: fooModel.uid });
      expect(result).toEqual({ c: 'Bar' });
    });
  });
  describe('Sanitize Input', () => {
    it('Removes hidden fields', async () => {
      const data = { a: 'Foo', c: 'Bar' };
      const result = await sanitizeHelpers.sanitizeInput(data, { subject: fooModel.uid });
      expect(result).toEqual({ c: 'Bar' });
    });
  });
 });