forest_liana 6.0.5 → 6.2.2

data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb

@@ -109,7 +109,7 @@ module ForestLiana
 
     describe 'handling cache' do
       let(:collection_name) { 'all_rights_collection' }
-      let(:fake_ressource) { nil }
+      let(:fake_ressource) { collection_name }
       let(:default_rendering_id) { 1 }
 
       context 'when calling twice the same permissions' do
@@ -191,7 +191,7 @@ module ForestLiana
 
 
     context 'scopes cache' do
-      let(:fake_ressource) { nil }
+      let(:fake_ressource) { collection_name }
       let(:rendering_id) { 1 }
       let(:collection_name) { 'custom' }
       let(:scope_permissions) { { rendering_id => { 'custom' => nil } } }
@@ -349,7 +349,7 @@ module ForestLiana
     describe '#is_authorized?' do
       # Resource is only used to retrieve the collection name as it's stubbed it does not
       # need to be defined
-      let(:fake_ressource) { nil }
+      let(:fake_ressource) { collection_name }
       let(:default_rendering_id) { nil }
       let(:api_permissions) { default_api_permissions }
       let(:collection_name) { 'all_rights_collection' }

data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb

@@ -132,7 +132,7 @@ module ForestLiana
 
     describe 'handling cache' do
       let(:collection_name) { 'all_rights_collection_boolean' }
-      let(:fake_ressource) { nil }
+      let(:fake_ressource) { collection_name }
       let(:default_rendering_id) { 1 }
 
       context 'collections cache' do
@@ -396,7 +396,7 @@ module ForestLiana
     describe '#is_authorized?' do
       # Resource is only used to retrieve the collection name as it's stub it does not
       # need to be defined
-      let(:fake_ressource) { nil }
+      let(:fake_ressource) { collection_name }
       let(:default_rendering_id) { nil }
       let(:api_permissions) { default_api_permissions }
 

data/spec/services/forest_liana/permissions_checker_live_queries_spec.rb

@@ -0,0 +1,131 @@
+module ForestLiana
+  describe PermissionsChecker do
+    before(:each) do
+      described_class.empty_cache
+    end
+
+    let(:user_id) { 1 }
+    let(:schema) {
+      [
+        ForestLiana::Model::Collection.new({
+          name: 'all_rights_collection_boolean',
+          fields: [],
+          actions: [
+            ForestLiana::Model::Action.new({
+              name: 'Test',
+              endpoint: 'forest/actions/Test',
+              http_method: 'POST'
+            })
+          ]
+        })
+      ]
+    }
+    let(:scope_permissions) { nil }
+    let(:default_api_permissions) {
+      {
+        "data" => {
+          'collections' => {
+            "all_rights_collection_boolean" => {
+              "collection" => {
+                "browseEnabled" => true,
+                "readEnabled" => true,
+                "editEnabled" => true,
+                "addEnabled" => true,
+                "deleteEnabled" => true,
+                "exportEnabled" => true
+              },
+              "actions" => {
+                "Test" => {
+                  "triggerEnabled" => true
+                },
+              }
+            },
+          },
+          'renderings' => scope_permissions
+        },
+        "meta" => {
+          "rolesACLActivated" => true
+        },
+        "stats" => {
+          "queries" => [
+          'SELECT COUNT(*) AS value FROM products;',
+          'SELECT COUNT(*) AS value FROM sometings;'
+          ],
+          "values" => [
+            {
+              "type" => "Value",
+              "collection" => "Product",
+              "aggregate" => "Count"
+            }
+          ],
+        },
+      }
+    }
+    let(:default_rendering_id) { 1 }
+
+    before do
+      allow(ForestLiana).to receive(:apimap).and_return(schema)
+    end
+
+    describe '#is_authorized?' do
+      # Resource is only used to retrieve the collection name as it's stub it does not
+      # need to be defined
+      let(:fake_ressource) { nil }
+      let(:default_rendering_id) { nil }
+      let(:api_permissions) { default_api_permissions }
+
+      before do
+        allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).and_return(api_permissions)
+      end
+
+      context 'when permissions liveQueries' do
+        context 'contains the query' do
+          request_info = {
+            "type" => "Value",
+            "collection" => "Product",
+            "aggregate" => "Count"
+          };
+          subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user_id: user_id, query_request_info: 'SELECT COUNT(*) AS value FROM sometings;') }
+
+          it 'should be authorized' do
+            expect(subject.is_authorized?).to be true
+          end
+        end
+
+        context 'does not contains the query' do
+          subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user_id: user_id, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
+          it 'should NOT be authorized' do
+            expect(subject.is_authorized?).to be false
+          end
+        end
+      end
+
+      context 'when permissions statWithParameters' do
+        context 'contains the stat with the same parameters' do
+          request_info = {
+            "type" => "Value",
+            "collection" => "Product",
+            "aggregate" => "Count"
+          };
+          subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user_id: user_id, query_request_info: request_info) }
+
+          it 'should be authorized' do
+            expect(subject.is_authorized?).to be true
+          end
+        end
+
+        context 'does not contains the stat with the same parameters' do
+          other_request_info = {
+            "type" => "Leaderboard",
+            "collection" => "Product",
+            "aggregate" => "Sum"
+          };
+          subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user_id: user_id, query_request_info: other_request_info) }
+          it 'should NOT be authorized' do
+            expect(subject.is_authorized?).to be false
+          end
+        end
+      end
+    end
+  end
+end

data/spec/services/forest_liana/resources_getter_spec.rb

@@ -0,0 +1,359 @@
+module ForestLiana
+  describe ResourcesGetter do
+    let(:resource) { User }
+    let(:pageSize) { 10 }
+    let(:pageNumber) { 1 }
+    let(:sort) { 'id' }
+    let(:fields) { }
+    let(:filters) { }
+
+    let(:getter) { described_class.new(resource, {
+      page: { size: pageSize, number: pageNumber },
+      sort: sort,
+      fields: fields,
+      filters: filters,
+    })}
+
+    before(:each) do
+      users = ['Michel', 'Robert', 'Vince', 'Sandro', 'Olesya', 'Romain', 'Valentin', 'Jason', 'Arnaud', 'Jeff', 'Steve', 'Marc', 'Xavier', 'Paul', 'Mickael', 'Mike', 'Maxime', 'Gertrude', 'Monique', 'Mia', 'Rachid', 'Edouard', 'Sacha', 'Caro', 'Amand', 'Nathan', 'Noémie', 'Robin', 'Gaelle', 'Isabelle']
+      .map { |name| User.create(name: name) }
+
+      islands = [
+        { :name => 'Skull', :updated_at => Time.now - 1.years },
+        { :name => 'Muerta', :updated_at => Time.now - 5.years },
+        { :name => 'Treasure', :updated_at => Time.now },
+        { :name => 'Birds', :updated_at => Time.now - 7.years },
+        { :name => 'Lille', :updated_at => Time.now - 1.years }
+      ].map { |island| Island.create(name: island[:name], updated_at: island[:updated_at]) }
+
+      trees = [
+        { :name => 'Lemon Tree', :created_at => Time.now - 7.years, :island => islands[0], :owner => users[0], :cutter => users[0] },
+        { :name => 'Ginger Tree', :created_at => Time.now - 7.years, :island => islands[0], :owner => users[1], :cutter => users[0] },
+        { :name => 'Apple Tree', :created_at => Time.now - 5.years, :island => islands[1], :owner => users[2], :cutter => users[0] },
+        { :name => 'Pear Tree', :created_at => Time.now + 4.hours, :island => islands[3], :owner => users[3], :cutter => users[1] },
+        { :name => 'Choco Tree', :created_at => Time.now, :island => islands[3], :owner => users[4], :cutter => users[1] }
+      ].map { |tree| Tree.create(name: tree[:name], created_at: tree[:created_at], island: tree[:island], owner: tree[:owner], cutter: tree[:cutter]) }
+
+      locations = [
+        { :coordinates => '12345', :island => islands[0] },
+        { :coordinates => '54321', :island => islands[1] },
+        { :coordinates => '43215', :island => islands[2] },
+        { :coordinates => '21543', :island => islands[3] },
+        { :coordinates => '32154', :island => islands[4] }
+      ].map { |location| Location.create(coordinates: location[:coordinates], island: location[:island]) }
+
+      reference = Reference.create()
+    end
+
+    after(:each) do
+      User.destroy_all
+      Island.destroy_all
+      Location.destroy_all
+      Tree.destroy_all
+    end
+
+    describe 'when there are more records than the page size' do
+      describe 'when asking for the 1st page and 15 records' do
+        let(:pageSize) { 15 }
+        let(:sort) { '-id' }
+
+        it 'should get only the expected records' do
+          getter.perform
+          records = getter.records
+          count = getter.count
+
+          expect(records.count).to eq 15
+          expect(count).to eq 30
+          expect(records.first.id).to eq 30
+          expect(records.last.id).to eq 16
+        end
+      end
+
+      describe 'when asking for the 2nd page and 10 records' do
+        let(:pageNumber) { 2 }
+        let(:sort) { '-id' }
+
+        it 'should get only the expected records' do
+          getter.perform
+          records = getter.records
+          count = getter.count
+
+          expect(records.count).to eq 10
+          expect(count).to eq 30
+          expect(records.first.id).to eq 20
+          expect(records.last.id).to eq 11
+        end
+      end
+    end
+
+    describe 'when on a model having a reserved SQL word as name' do
+      let(:resource) { Reference }
+
+      it 'should get the ressource properly' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 1
+        expect(count).to eq 1
+        expect(records.first.id).to eq 1
+      end
+    end
+
+    describe 'when sorting by a specific field' do
+      let(:pageSize) { 5 }
+      let(:sort) { '-name' }
+
+      it 'should get only the expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 5
+        expect(count).to eq 30
+        expect(records.map(&:name)).to eq ['Xavier', 'Vince', 'Valentin', 'Steve', 'Sandro']
+      end
+    end
+
+    describe 'when sorting by a belongs_to association' do
+      let(:resource) { Tree }
+      let(:sort) { 'owner.name' }
+
+      it 'should get only the expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 5
+        expect(count).to eq 5
+        expect(records.map(&:id)).to eq [1, 5, 2, 4, 3]
+      end
+    end
+
+    describe 'when sorting by a has_one association' do
+      let(:resource) { Island }
+      let(:sort) { 'location.coordinates' }
+      let(:pageSize) { 5 }
+
+      it 'should get only the expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 5
+        expect(count).to eq 5
+        expect(records.map(&:id)).to eq [1, 4, 5, 3, 2]
+      end
+    end
+
+    describe 'when filtering on an ambiguous field' do
+      let(:resource) { Tree }
+      let(:pageSize) { 5 }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        aggregator: 'and',
+        conditions: [{
+          field: 'created_at',
+          operator: 'after',
+          value: "#{Time.now - 6.year}",
+        }, {
+          field: 'cutter:name',
+          operator: 'equal',
+          value: 'Michel'
+        }]
+      }.to_json }
+
+      it 'should get only the expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 1
+        expect(count).to eq 1
+        expect(records.first.id).to eq 3
+        expect(records.first.name).to eq 'Apple Tree'
+        expect(records.first.cutter.name).to eq 'Michel'
+      end
+    end
+
+    describe 'when filtering on before x hours ago' do
+      let(:resource) { Tree }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        field: 'created_at',
+        operator: 'before_x_hours_ago',
+        value: 3
+      }.to_json }
+
+      it 'should filter as expected' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 3
+        expect(count).to eq 3
+        expect(records.map(&:name)).to eq ['Lemon Tree', 'Ginger Tree', 'Apple Tree']
+      end
+    end
+
+    describe 'when filtering on after x hours ago' do
+      let(:resource) { Tree }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        field: 'created_at',
+        operator: 'after_x_hours_ago',
+        value: 3
+      }.to_json }
+
+      it 'should filter as expected' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 2
+        expect(count).to eq 2
+        expect(records.map(&:name)).to eq ['Pear Tree', 'Choco Tree']
+      end
+    end
+
+    describe 'when sorting on an ambiguous field name with a filter' do
+      let(:resource) { Tree }
+      let(:sort) { '-name' }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        field: 'cutter:name',
+        operator: 'equal',
+        value: 'Michel'
+      }.to_json }
+
+      it 'should get only the sorted expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 3
+        expect(count).to eq 3
+        expect(records.map(&:name)).to eq ['Lemon Tree', 'Ginger Tree', 'Apple Tree']
+      end
+    end
+
+    describe 'when filtering on an updated_at field of the main collection' do
+      let(:resource) { Island }
+      let(:filters) { {
+        field: 'updated_at',
+        operator: 'previous_year'
+      }.to_json }
+
+      it 'should get only the expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 2
+        expect(count).to eq 2
+        expect(records.map(&:name)).to eq ['Skull', 'Lille']
+      end
+    end
+
+    describe 'when filtering on an updated_at field of an associated collection' do
+      let(:resource) { Tree }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        field: 'island:updated_at',
+        operator: 'previous_year'
+      }.to_json }
+
+      it 'should get only the expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 2
+        expect(count).to eq 2
+        expect(records.map(&:name)).to eq ['Lemon Tree', 'Ginger Tree']
+      end
+    end
+
+    describe 'when filtering on an exact updated_at field of an associated collection' do
+      let(:resource) { Tree }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        field: 'island:updated_at',
+        operator: 'equal',
+        value: 'Sat Jul 02 2016 11:52:00 GMT-0400 (EDT)',
+      }.to_json }
+
+      it 'should get only the expected records' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 0
+        expect(count).to eq 0
+      end
+    end
+
+    describe 'when filtering on a field of an associated collection that does not exist' do
+      let(:resource) { Tree }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        field: 'leaf:id',
+        operator: 'equal',
+        value: 1
+      }.to_json }
+
+      it 'should raise the right error' do
+        expect { getter }.to raise_error(ForestLiana::Errors::HTTP422Error, "Association 'leaf' not found")
+      end
+    end
+
+    describe 'when filtering on a field that does not exists' do
+      let(:resource) { Tree }
+      let(:fields) { { 'Tree' => 'id' } }
+      let(:filters) { {
+        field: 'content',
+        operator: 'contains',
+        value: 'c'
+      }.to_json }
+
+      it 'should raise the right error' do
+        expect { getter }.to raise_error(ForestLiana::Errors::HTTP422Error, "Field 'content' not found")
+      end
+    end
+
+    describe 'when filtering on a smart field' do
+      let(:filters) { {
+        field: 'cap_name',
+        operator: 'equal',
+        value: 'MICHEL',
+      }.to_json }
+
+      it 'should filter as expected' do
+        getter.perform
+        records = getter.records
+        count = getter.count
+
+        expect(records.count).to eq 1
+        expect(count).to eq 1
+        expect(records.first.id).to eq 1
+        expect(records.first.name).to eq 'Michel'
+      end
+    end
+
+    describe 'when filtering on a smart field with no filter method' do
+      let(:resource) { Location }
+      let(:filters) { {
+        field: 'alter_coordinates',
+        operator: 'equal',
+        value: '12345XYZ',
+      }.to_json }
+
+      it 'should raise the right error' do
+        expect { getter }.to raise_error(
+          ForestLiana::Errors::NotImplementedMethodError,
+           "method filter on smart field 'alter_coordinates' not found"
+        )
+      end
+    end
+  end
+end