mirror of
https://github.com/strapi/strapi.git
synced 2025-10-24 06:23:40 +00:00

* fix: inconsistent publish permissions * fix: tests * fix: api tests * fix: is create should be is nil * fix: publish and update by using locale * fix: remove some conditions to the Document actions --------- Co-authored-by: Simone Taeggi <startae14@gmail.com>
328 lines
9.6 KiB
JavaScript
328 lines
9.6 KiB
JavaScript
'use strict';
|
|
|
|
const { prop, omit } = require('lodash/fp');
|
|
|
|
const { createTestBuilder } = require('api-tests/builder');
|
|
const { createStrapiInstance } = require('api-tests/strapi');
|
|
const { createRequest, createAuthRequest } = require('api-tests/request');
|
|
const { createUtils } = require('api-tests/utils');
|
|
|
|
describe('Admin Permissions - Conditions', () => {
|
|
let strapi;
|
|
let utils;
|
|
const builder = createTestBuilder();
|
|
const requests = {
|
|
public: null,
|
|
admin: null,
|
|
};
|
|
|
|
const localTestData = {
|
|
models: {
|
|
article: {
|
|
singularName: 'article',
|
|
pluralName: 'articles',
|
|
displayName: 'Article',
|
|
draftAndPublish: true,
|
|
attributes: {
|
|
title: {
|
|
type: 'string',
|
|
},
|
|
price: {
|
|
type: 'integer',
|
|
},
|
|
category: {
|
|
type: 'relation',
|
|
relation: 'manyToOne',
|
|
target: 'api::category.category',
|
|
},
|
|
},
|
|
},
|
|
category: {
|
|
singularName: 'category',
|
|
pluralName: 'categories',
|
|
displayName: 'Category',
|
|
draftAndPublish: true,
|
|
attributes: {
|
|
name: {
|
|
type: 'string',
|
|
},
|
|
},
|
|
},
|
|
},
|
|
cheapArticle: {
|
|
title: 'Cheap Article',
|
|
price: 999,
|
|
},
|
|
expensiveArticle: {
|
|
title: 'Expensive Article',
|
|
price: 1001,
|
|
},
|
|
categories: [{ name: 'Cheap' }, { name: 'Expensive' }],
|
|
role: {
|
|
name: 'foobar',
|
|
description: 'A dummy test role',
|
|
},
|
|
permissions: [
|
|
{
|
|
action: 'plugin::content-manager.explorer.create',
|
|
subject: 'api::article.article',
|
|
fields: null,
|
|
conditions: [],
|
|
},
|
|
{
|
|
action: 'plugin::content-manager.explorer.update',
|
|
subject: 'api::article.article',
|
|
fields: null,
|
|
conditions: ['plugin::test.cheap-article'],
|
|
},
|
|
{
|
|
action: 'plugin::content-manager.explorer.read',
|
|
subject: 'api::article.article',
|
|
fields: null,
|
|
conditions: ['plugin::test.cheap-article'],
|
|
},
|
|
{
|
|
action: 'plugin::content-manager.explorer.delete',
|
|
subject: 'api::article.article',
|
|
fields: null,
|
|
conditions: ['plugin::test.cheap-article'],
|
|
},
|
|
{
|
|
action: 'plugin::content-manager.explorer.publish',
|
|
subject: 'api::article.article',
|
|
fields: null,
|
|
conditions: ['plugin::test.cheap-article'],
|
|
},
|
|
],
|
|
customConditions: [
|
|
{
|
|
displayName: 'Custom Condition',
|
|
name: 'cheap-article',
|
|
plugin: 'test',
|
|
handler: () => ({
|
|
'category.name': { $eq: 'Cheap' },
|
|
}),
|
|
},
|
|
],
|
|
userPassword: 'fooBar42',
|
|
users: [{ firstname: 'Alice', lastname: 'Foo', email: 'alice.foo@test.com' }],
|
|
};
|
|
|
|
const createFixtures = async () => {
|
|
// Login with admin and init admin tools
|
|
requests.admin = await createAuthRequest({ strapi });
|
|
requests.public = createRequest({ strapi });
|
|
|
|
// Create the foobar role
|
|
const role = await utils.createRole(localTestData.role);
|
|
|
|
// Assign permissions to the foobar role
|
|
const permissions = await utils.assignPermissionsToRole(role.id, localTestData.permissions);
|
|
Object.assign(role, { permissions });
|
|
|
|
// Create users with the new role & create associated auth requests
|
|
const users = [];
|
|
|
|
for (let i = 0; i < localTestData.users.length; i += 1) {
|
|
const userFixture = localTestData.users[i];
|
|
const userAttributes = {
|
|
...userFixture,
|
|
password: localTestData.userPassword,
|
|
roles: [role.id],
|
|
};
|
|
|
|
const createdUser = await utils.createUser(userAttributes);
|
|
|
|
requests[createdUser.id] = await createAuthRequest({ strapi, userInfo: createdUser });
|
|
|
|
users.push(createdUser);
|
|
}
|
|
|
|
// Create categories
|
|
for (const category of localTestData.categories) {
|
|
const { body } = await requests.admin({
|
|
method: 'POST',
|
|
url: `/content-manager/collection-types/api::category.category`,
|
|
body: category,
|
|
});
|
|
category.id = body.data.id;
|
|
category.documentId = body.data.documentId;
|
|
}
|
|
|
|
// Update the local data store
|
|
Object.assign(localTestData, { role, permissions, users });
|
|
};
|
|
|
|
const getUserRequest = (idx) => requests[localTestData.users[idx].id];
|
|
|
|
const deleteFixtures = async () => {
|
|
// Delete users
|
|
const usersId = localTestData.users.map(prop('id'));
|
|
await utils.deleteUsersById(usersId);
|
|
|
|
// Delete the foobar role
|
|
await utils.deleteRolesById([localTestData.role.id]);
|
|
};
|
|
|
|
beforeAll(async () => {
|
|
await builder
|
|
.addContentType(localTestData.models.category)
|
|
.addContentType(localTestData.models.article)
|
|
.build();
|
|
|
|
strapi = await createStrapiInstance({
|
|
bootstrap({ strapi }) {
|
|
// Create custom conditions
|
|
return strapi
|
|
.service('admin::permission')
|
|
.conditionProvider.registerMany(localTestData.customConditions);
|
|
},
|
|
});
|
|
utils = createUtils(strapi);
|
|
|
|
await createFixtures();
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await deleteFixtures();
|
|
|
|
await strapi.destroy();
|
|
await builder.cleanup();
|
|
});
|
|
|
|
test('User can create articles', async () => {
|
|
const rq = getUserRequest(0);
|
|
|
|
const res = await rq({
|
|
method: 'POST',
|
|
url: `/content-manager/collection-types/api::article.article`,
|
|
body: { ...localTestData.cheapArticle, category: localTestData.categories[0].documentId },
|
|
});
|
|
|
|
const resExpensive = await rq({
|
|
method: 'POST',
|
|
url: `/content-manager/collection-types/api::article.article`,
|
|
body: { ...localTestData.expensiveArticle, category: localTestData.categories[1].documentId },
|
|
});
|
|
|
|
expect(res.statusCode).toBe(201);
|
|
expect(resExpensive.statusCode).toBe(201);
|
|
|
|
localTestData.cheapArticle.documentId = res.body.data.documentId;
|
|
localTestData.expensiveArticle.documentId = resExpensive.body.data.documentId;
|
|
});
|
|
|
|
test('User can read cheap articles', async () => {
|
|
const { documentId } = localTestData.cheapArticle;
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'GET',
|
|
url: `/content-manager/collection-types/api::article.article/${documentId}`,
|
|
});
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
expect(res.body.data).toMatchObject(localTestData.cheapArticle);
|
|
});
|
|
|
|
test('User cannot read expensive articles', async () => {
|
|
const { documentId } = localTestData.expensiveArticle;
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'GET',
|
|
url: `/content-manager/collection-types/api::article.article/${documentId}`,
|
|
});
|
|
|
|
expect(res.statusCode).toBe(403);
|
|
});
|
|
|
|
test('User can update cheap articles', async () => {
|
|
const { documentId } = localTestData.cheapArticle;
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'PUT',
|
|
url: `/content-manager/collection-types/api::article.article/${documentId}`,
|
|
body: { ...localTestData.cheapArticle, title: 'New title' },
|
|
});
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
expect(res.body.data).toMatchObject({ ...localTestData.cheapArticle, title: 'New title' });
|
|
localTestData.cheapArticle.title = 'New title';
|
|
});
|
|
|
|
test('User cannot update expensive articles', async () => {
|
|
const { documentId } = localTestData.expensiveArticle;
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'PUT',
|
|
url: `/content-manager/collection-types/api::article.article/${documentId}`,
|
|
body: { ...localTestData.expensiveArticle, title: 'New title' },
|
|
});
|
|
|
|
expect(res.statusCode).toBe(403);
|
|
});
|
|
|
|
test('User can publish cheap articles', async () => {
|
|
const { documentId } = localTestData.cheapArticle;
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'POST',
|
|
url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`,
|
|
body: { ...localTestData.cheapArticle, category: localTestData.categories[0].documentId },
|
|
});
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
expect(res.body.data).toMatchObject(localTestData.cheapArticle);
|
|
});
|
|
|
|
test('User cannot publish expensive articles', async () => {
|
|
const { documentId } = localTestData.expensiveArticle;
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'POST',
|
|
url: `/content-manager/collection-types/api::article.article/${documentId}/actions/publish`,
|
|
});
|
|
|
|
expect(res.statusCode).toBe(403);
|
|
});
|
|
|
|
test('User can delete cheap articles', async () => {
|
|
// Create a new cheap draft article
|
|
const { body } = await requests.admin({
|
|
method: 'POST',
|
|
url: `/content-manager/collection-types/api::article.article`,
|
|
body: {
|
|
...omit('documentId', localTestData.cheapArticle),
|
|
category: localTestData.categories[0].documentId,
|
|
},
|
|
});
|
|
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'DELETE',
|
|
url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`,
|
|
});
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
});
|
|
|
|
test('User cannot delete expensive articles', async () => {
|
|
// Create a new expensive draft article
|
|
const { body } = await requests.admin({
|
|
method: 'POST',
|
|
url: `/content-manager/collection-types/api::article.article`,
|
|
body: {
|
|
...omit('documentId', localTestData.expensiveArticle),
|
|
category: localTestData.categories[1].documentId,
|
|
},
|
|
});
|
|
|
|
const rq = getUserRequest(0);
|
|
const res = await rq({
|
|
method: 'DELETE',
|
|
url: `/content-manager/collection-types/api::article.article/${body.data.documentId}`,
|
|
});
|
|
|
|
expect(res.statusCode).toBe(403);
|
|
});
|
|
});
|