mirror of
https://github.com/directus/directus.git
synced 2026-02-08 10:14:59 -05:00
d57ea95e52
* branch init tests and stuff * types changed * added '@' to modules mapper * removed unneeded dotenv import * tests passing * forgot to save before committing * remove app/generate-joi * Skip validation if permissions filter is empty * Remove another generate-joi api util * Default allowUnknown to true * Remove wrapping nested filter as Joi.object() * Remove duplicate nested field from unit test * Fix between operator for float values * Removed unused allowUnknown option Co-authored-by: ian <licitdev@gmail.com> Co-authored-by: rijkvanzanten <rijkvanzanten@me.com>
70 lines
2.0 KiB
TypeScript
70 lines
2.0 KiB
TypeScript
import { isAllowed } from '../../src/utils/is-allowed';
|
|
|
|
jest.mock('../../src/stores', () => {
|
|
return {
|
|
usePermissionsStore: jest
|
|
.fn()
|
|
.mockReturnValueOnce({ permissions: [{}] }) // 1
|
|
.mockReturnValueOnce({ permissions: [{}] }) // 2
|
|
.mockReturnValueOnce({ permissions: [{ collection: 'test', action: 'update' }] }) //3
|
|
.mockReturnValueOnce({
|
|
permissions: [
|
|
{
|
|
collection: 'test',
|
|
action: 'share',
|
|
permissions: { testField: { _eq: 'field' } },
|
|
fields: ['testField'],
|
|
},
|
|
],
|
|
}) // 4
|
|
.mockReturnValueOnce({
|
|
permissions: [
|
|
{
|
|
collection: 'test',
|
|
action: 'share',
|
|
permissions: { testField: { _eq: 'field' } },
|
|
fields: ['field'],
|
|
},
|
|
],
|
|
}) //5
|
|
.mockReturnValueOnce({
|
|
permissions: [
|
|
{
|
|
collection: 'test',
|
|
action: 'update',
|
|
permissions: { testField: { _eq: 'field' } },
|
|
fields: ['field'],
|
|
},
|
|
],
|
|
}), //6
|
|
|
|
useUserStore: jest.fn().mockReturnValueOnce({ isAdmin: true }).mockReturnValue({ isAdmin: false }),
|
|
};
|
|
});
|
|
|
|
describe('isAllowed', () => {
|
|
it('returns true if user is admin', () => {
|
|
expect(isAllowed('test', 'update', {})).toBe(true);
|
|
}); // 1
|
|
|
|
it('returns false if there are no matching permissions', () => {
|
|
expect(isAllowed('test', 'update', {})).toBe(false);
|
|
}); // 2
|
|
|
|
it('returns false if there is a matching permission but the action is not "share"', () => {
|
|
expect(isAllowed('test', 'update', { testField: 'field' })).toBe(false);
|
|
}); // 3
|
|
|
|
it('returns true if there is a matching permission and matching fields', () => {
|
|
expect(isAllowed('test', 'share', { testField: 'field' }, true)).toBe(true);
|
|
}); // 4
|
|
|
|
it('returns false if there is a matching permission and unmatching fields', () => {
|
|
expect(isAllowed('test', 'share', { testField: 'no-match' }, true)).toBe(false);
|
|
}); // 5
|
|
|
|
it('returns false if action is not share and there is no matching fields', () => {
|
|
expect(isAllowed('test', 'update', { no: 'no-match' }, true)).toBe(false);
|
|
}); // 6
|
|
});
|