From ac40e51cba828e6a58f7ee495597bc5f0c60e501 Mon Sep 17 00:00:00 2001 From: JR40159 <126243293+JR40159@users.noreply.github.com> Date: Wed, 14 Feb 2024 16:46:56 +0000 Subject: [PATCH] Add tests --- .../src/connectors/v2/authorisation/base.ts | 14 +- .../connectors/authorisation/base.spec.ts | 144 ++++++++++++++++++ 2 files changed, 145 insertions(+), 13 deletions(-) diff --git a/backend/src/connectors/v2/authorisation/base.ts b/backend/src/connectors/v2/authorisation/base.ts index 7619d00d2..f95b3a6dc 100644 --- a/backend/src/connectors/v2/authorisation/base.ts +++ b/backend/src/connectors/v2/authorisation/base.ts @@ -133,7 +133,7 @@ export class BasicAuthorisationConnector { } async schemas(user: UserDoc, schemas: Array, action: SchemaActionKeys): Promise> { - if (action === SchemaAction.Create) { + if (action === SchemaAction.Create || action === SchemaAction.Delete) { const isAdmin = await authentication.hasRole(user, Roles.Admin) if (!isAdmin) { @@ -145,18 +145,6 @@ export class BasicAuthorisationConnector { } } - if (action === SchemaAction.Delete) { - const isAdmin = await authentication.hasRole(user, Roles.Admin) - - if (!isAdmin) { - return schemas.map((schema) => ({ - id: schema.id, - success: false, - info: 'You cannot delete a schema if you are not an admin.', - })) - } - } - return schemas.map((schema) => ({ id: schema.id, success: true, diff --git a/backend/test/connectors/authorisation/base.spec.ts b/backend/test/connectors/authorisation/base.spec.ts index f6e46c83e..16b4ede6b 100644 --- a/backend/test/connectors/authorisation/base.spec.ts +++ b/backend/test/connectors/authorisation/base.spec.ts @@ -2,6 +2,8 @@ import { describe, expect, test, vi } from 'vitest' import { BasicAuthorisationConnector } from '../../../src/connectors/v2/authorisation/base.js' import { ModelDoc } from '../../../src/models/v2/Model.js' +import { ReleaseDoc } from '../../../src/models/v2/Release.js' +import { SchemaDoc } from '../../../src/models/v2/Schema.js' import { UserDoc } from '../../../src/models/v2/User.js' const mockAccessRequestService = vi.hoisted(() => ({ @@ -17,6 +19,12 @@ const mockReviewService = vi.hoisted(() => ({ })) vi.mock('../../../src/services/v2/review.js', () => mockReviewService) +const mockAuthentication = vi.hoisted(() => ({ + getUserModelRoles: vi.fn(() => [] as Array), + hasRole: vi.fn(), +})) +vi.mock('../../../src/connectors/v2/authentication/index.js', async () => ({ default: mockAuthentication })) + describe('connectors > authorisation > base', () => { const user = { dn: 'testUser' } as UserDoc const model = { id: 'testModel' } as ModelDoc @@ -40,4 +48,140 @@ describe('connectors > authorisation > base', () => { expect(result).toBe(approvedAccessRequest) }) + + test('hasModelVisibilityAccess > public model', async () => { + const connector = new BasicAuthorisationConnector() + + const result = await connector.hasModelVisibilityAccess(user, { id: 'testModel', visibility: 'public' } as ModelDoc) + + expect(result).toBe(true) + }) + + test('hasModelVisibilityAccess > private model with no roles', async () => { + const connector = new BasicAuthorisationConnector() + + const result = await connector.hasModelVisibilityAccess(user, { + id: 'testModel', + visibility: 'private', + } as ModelDoc) + + expect(result).toBe(false) + }) + + test('hasModelVisibilityAccess > private model with roles', async () => { + const connector = new BasicAuthorisationConnector() + mockAuthentication.getUserModelRoles.mockReturnValueOnce(['owner']) + + const result = await connector.hasModelVisibilityAccess(user, { + id: 'testModel', + visibility: 'private', + } as ModelDoc) + + expect(result).toBe(true) + }) + + test('model > private model with no roles', async () => { + const connector = new BasicAuthorisationConnector() + + const result = await connector.model( + user, + { + id: 'testModel', + visibility: 'private', + } as ModelDoc, + 'create', + ) + + expect(result).toStrictEqual({ + id: 'testModel', + info: 'You cannot interact with a private model that you do not have access to.', + success: false, + }) + }) + + test('model > private model with roles', async () => { + const connector = new BasicAuthorisationConnector() + mockAuthentication.getUserModelRoles.mockReturnValueOnce(['owner']) + mockAuthentication.getUserModelRoles.mockReturnValueOnce(['owner']) + + const result = await connector.model( + user, + { + id: 'testModel', + visibility: 'private', + } as ModelDoc, + 'create', + ) + + expect(result).toStrictEqual({ + id: 'testModel', + success: true, + }) + }) + + test('schema > create schema as Admin', async () => { + const connector = new BasicAuthorisationConnector() + mockAuthentication.hasRole.mockReturnValueOnce(true) + + const result = await connector.schema(user, { id: 'testSchema' } as SchemaDoc, 'create') + + expect(result).toStrictEqual({ + id: 'testSchema', + success: true, + }) + }) + + test('schema > create schema not as an Admin', async () => { + const connector = new BasicAuthorisationConnector() + mockAuthentication.hasRole.mockReturnValueOnce(false) + + const result = await connector.schema(user, { id: 'testSchema' } as SchemaDoc, 'create') + + expect(result).toStrictEqual({ + id: 'testSchema', + info: 'You cannot upload or modify a schema if you are not an admin.', + success: false, + }) + }) + + test('release > private model with roles', async () => { + const connector = new BasicAuthorisationConnector() + mockAuthentication.getUserModelRoles.mockReturnValueOnce(['owner']) + mockAuthentication.getUserModelRoles.mockReturnValueOnce(['owner']) + + const result = await connector.release( + user, + { + id: 'testModel', + visibility: 'private', + } as ModelDoc, + {} as ReleaseDoc, + 'create', + ) + + expect(result).toStrictEqual({ + id: 'testModel', + success: true, + }) + }) + + test('release > private model with no roles', async () => { + const connector = new BasicAuthorisationConnector() + + const result = await connector.release( + user, + { + id: 'testModel', + visibility: 'private', + } as ModelDoc, + {} as ReleaseDoc, + 'create', + ) + + expect(result).toStrictEqual({ + id: 'testModel', + info: 'You cannot interact with a private model that you do not have access to.', + success: false, + }) + }) })