strapi/tests/api/core/upload/admin/file.test.api.js

'use strict';

const fs = require('fs');
const path = require('path');

const { createTestBuilder } = require('api-tests/builder');
const { createStrapiInstance } = require('api-tests/strapi');
const { createAuthRequest } = require('api-tests/request');
const { createUtils } = require('api-tests/utils');

const builder = createTestBuilder();
let strapi;
let rq;
let utils;

const dogModel = {
  displayName: 'Dog',
  singularName: 'dog',
  pluralName: 'dogs',
  kind: 'collectionType',
  attributes: {
    profilePicture: {
      type: 'media',
    },
  },
};

describe('Upload', () => {
  beforeAll(async () => {
    await builder.addContentType(dogModel).build();
    strapi = await createStrapiInstance();
    rq = await createAuthRequest({ strapi });
    utils = createUtils(strapi);
  });

  afterAll(async () => {
    await strapi.destroy();
    await builder.cleanup();
  });

  describe('Create', () => {
    test('Rejects when no files are provided', async () => {
      const res = await rq({ method: 'POST', url: '/upload', formData: {} });
      expect(res.statusCode).toBe(400);
    });

    test('Can upload a file', async () => {
      const res = await rq({
        method: 'POST',
        url: '/upload',
        formData: { files: fs.createReadStream(path.join(__dirname, '../utils/rec.jpg')) },
      });

      expect(res.statusCode).toBe(201);
    });
  });

  describe('Read', () => {
    let uploadReaderRole;

    let u1Req;
    let u2Req;

    const users = { u1: null, u2: null };

    beforeAll(async () => {
      uploadReaderRole = await utils.createRole({
        name: 'UploadReader',
        description: 'Can only see files created by same role as creator',
      });

      // Add permissions to the role with conditions
      // This is important in order to dynamically add filters with sensitive fields to the final query
      await utils.assignPermissionsToRole(uploadReaderRole.id, [
        {
          action: 'plugin::upload.read',
          subject: null,
          conditions: ['admin::has-same-role-as-creator'],
          properties: {},
        },
        {
          action: 'plugin::upload.assets.create',
          subject: null,
          conditions: ['admin::has-same-role-as-creator'],
          properties: {},
        },
        {
          action: 'plugin::upload.assets.update',
          subject: null,
          conditions: ['admin::has-same-role-as-creator'],
          properties: {},
        },
      ]);

      // TODO: We create 2 users in order to be able to test the condition itself (same role as creator)

      users.u1 = await utils.createUser({
        firstname: 'reader1',
        lastname: 'reader1',
        email: 'reader1@strapi.io',
        password: 'Reader1',
        isActive: true,
        roles: [uploadReaderRole.id],
      });

      users.u2 = await utils.createUser({
        firstname: 'reader2',
        lastname: 'reader2',
        email: 'reader2@strapi.io',
        password: 'Reader2',
        isActive: true,
        roles: [uploadReaderRole.id],
      });

      // Users' requests

      u1Req = await createAuthRequest({
        strapi,
        userInfo: { email: 'reader1@strapi.io', password: 'Reader1' },
      });

      u2Req = await createAuthRequest({
        strapi,
        userInfo: { email: 'reader2@strapi.io', password: 'Reader2' },
      });
    });

    // Cleanup test fixtures
    afterAll(async () => {
      await utils.deleteUsersById([users.u1.id, users.u2.id]);
      await utils.deleteRolesById([uploadReaderRole.id]);
    });

    test('GET /upload/files => Find files', async () => {
      const res = await rq({ method: 'GET', url: '/upload/files' });

      expect(res.statusCode).toBe(200);
      expect(res.body).toEqual({
        results: expect.arrayContaining([
          expect.objectContaining({
            id: expect.anything(),
            url: expect.any(String),
          }),
        ]),
        pagination: {
          page: expect.any(Number),
          pageSize: expect.any(Number),
          pageCount: expect.any(Number),
          total: expect.any(Number),
        },
      });
      res.body.results.forEach((file) => expect(file.folder).toBeDefined());
    });

    test(`Using custom conditions don't trigger validation errors for dynamically added fields`, async () => {
      const res = await u1Req({ method: 'GET', url: '/upload/files' });

      // The request succeed, no validation error
      expect(res.statusCode).toBe(200);

      // No data is returned, the condition is successfully applied (u1 did not upload any file)
      expect(res.body).toEqual({
        results: [],
        pagination: {
          page: expect.any(Number),
          pageSize: expect.any(Number),
          pageCount: expect.any(Number),
          total: expect.any(Number),
        },
      });
    });
  });
});