@nocobase/plugin-acl 0.10.1-alpha.1 → 0.11.1-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/client.d.ts +3 -0
  2. package/client.js +1 -0
  3. package/lib/client/index.d.ts +5 -0
  4. package/lib/client/index.js +22 -0
  5. package/lib/{collections → server/collections}/roles.js +12 -1
  6. package/lib/server/index.d.ts +1 -0
  7. package/lib/server/index.js +13 -0
  8. package/lib/{model → server/model}/RoleResourceActionModel.js +1 -1
  9. package/lib/{server.js → server/server.js} +15 -16
  10. package/package.json +26 -9
  11. package/server.d.ts +3 -0
  12. package/server.js +1 -0
  13. package/src/client/index.ts +8 -0
  14. package/src/index.ts +1 -0
  15. package/src/server/__tests__/acl.test.ts +835 -0
  16. package/src/server/__tests__/actions.test.ts +141 -0
  17. package/src/server/__tests__/association-field.test.ts +413 -0
  18. package/src/server/__tests__/configuration.test.ts +70 -0
  19. package/src/server/__tests__/list-action.test.ts +446 -0
  20. package/src/server/__tests__/middleware.test.ts +210 -0
  21. package/src/server/__tests__/own.test.ts +124 -0
  22. package/src/server/__tests__/prepare.ts +20 -0
  23. package/src/server/__tests__/role-check.test.ts +46 -0
  24. package/src/server/__tests__/role-resource.test.ts +177 -0
  25. package/src/server/__tests__/role-user.test.ts +127 -0
  26. package/src/server/__tests__/role.test.ts +118 -0
  27. package/src/server/__tests__/scope.test.ts +55 -0
  28. package/src/server/__tests__/setCurrentRole.test.ts +86 -0
  29. package/src/server/__tests__/snippets.test.ts +35 -0
  30. package/src/server/__tests__/users.test.ts +136 -0
  31. package/src/server/__tests__/write-role-to-acl.test.ts +41 -0
  32. package/src/server/actions/available-actions.ts +18 -0
  33. package/src/server/actions/role-check.ts +50 -0
  34. package/src/server/actions/role-collections.ts +95 -0
  35. package/src/server/actions/user-setDefaultRole.ts +47 -0
  36. package/src/server/collections/roles-users.ts +8 -0
  37. package/src/server/collections/roles.ts +101 -0
  38. package/src/server/collections/rolesResources.ts +33 -0
  39. package/src/server/collections/rolesResourcesActions.ts +31 -0
  40. package/src/server/collections/rolesResourcesScopes.ts +25 -0
  41. package/src/server/collections/users.ts +31 -0
  42. package/src/server/index.ts +1 -0
  43. package/src/server/middlewares/setCurrentRole.ts +35 -0
  44. package/src/server/migrations/20221214072638-set-role-snippets.ts +23 -0
  45. package/src/server/model/RoleModel.ts +23 -0
  46. package/src/server/model/RoleResourceActionModel.ts +95 -0
  47. package/src/server/model/RoleResourceModel.ts +74 -0
  48. package/src/server/server.ts +854 -0
  49. /package/lib/{actions → server/actions}/available-actions.d.ts +0 -0
  50. /package/lib/{actions → server/actions}/available-actions.js +0 -0
  51. /package/lib/{actions → server/actions}/role-check.d.ts +0 -0
  52. /package/lib/{actions → server/actions}/role-check.js +0 -0
  53. /package/lib/{actions → server/actions}/role-collections.d.ts +0 -0
  54. /package/lib/{actions → server/actions}/role-collections.js +0 -0
  55. /package/lib/{actions → server/actions}/user-setDefaultRole.d.ts +0 -0
  56. /package/lib/{actions → server/actions}/user-setDefaultRole.js +0 -0
  57. /package/lib/{collections → server/collections}/roles-users.d.ts +0 -0
  58. /package/lib/{collections → server/collections}/roles-users.js +0 -0
  59. /package/lib/{collections → server/collections}/roles.d.ts +0 -0
  60. /package/lib/{collections → server/collections}/rolesResources.d.ts +0 -0
  61. /package/lib/{collections → server/collections}/rolesResources.js +0 -0
  62. /package/lib/{collections → server/collections}/rolesResourcesActions.d.ts +0 -0
  63. /package/lib/{collections → server/collections}/rolesResourcesActions.js +0 -0
  64. /package/lib/{collections → server/collections}/rolesResourcesScopes.d.ts +0 -0
  65. /package/lib/{collections → server/collections}/rolesResourcesScopes.js +0 -0
  66. /package/lib/{collections → server/collections}/users.d.ts +0 -0
  67. /package/lib/{collections → server/collections}/users.js +0 -0
  68. /package/lib/{middlewares → server/middlewares}/setCurrentRole.d.ts +0 -0
  69. /package/lib/{middlewares → server/middlewares}/setCurrentRole.js +0 -0
  70. /package/lib/{migrations → server/migrations}/20221214072638-set-role-snippets.d.ts +0 -0
  71. /package/lib/{migrations → server/migrations}/20221214072638-set-role-snippets.js +0 -0
  72. /package/lib/{model → server/model}/RoleModel.d.ts +0 -0
  73. /package/lib/{model → server/model}/RoleModel.js +0 -0
  74. /package/lib/{model → server/model}/RoleResourceActionModel.d.ts +0 -0
  75. /package/lib/{model → server/model}/RoleResourceModel.d.ts +0 -0
  76. /package/lib/{model → server/model}/RoleResourceModel.js +0 -0
  77. /package/lib/{server.d.ts → server/server.d.ts} +0 -0
package/src/server/__tests__/acl.test.ts ADDED
@@ -0,0 +1,835 @@
1
+ import { ACL } from '@nocobase/acl';
2
+ import { Database } from '@nocobase/database';
3
+ import { UiSchemaRepository } from '@nocobase/plugin-ui-schema-storage';
4
+ import UsersPlugin from '@nocobase/plugin-users';
5
+ import { MockServer } from '@nocobase/test';
6
+ import { prepareApp } from './prepare';
7
+
8
+ describe('acl', () => {
9
+ let app: MockServer;
10
+ let db: Database;
11
+ let acl: ACL;
12
+ let admin;
13
+ let adminAgent;
14
+
15
+ let userPlugin;
16
+
17
+ let uiSchemaRepository: UiSchemaRepository;
18
+
19
+ afterEach(async () => {
20
+ await app.destroy();
21
+ });
22
+
23
+ beforeEach(async () => {
24
+ app = await prepareApp();
25
+ db = app.db;
26
+ acl = app.acl;
27
+
28
+ const UserRepo = db.getCollection('users').repository;
29
+ admin = await UserRepo.create({
30
+ values: {
31
+ roles: ['admin'],
32
+ },
33
+ });
34
+
35
+ adminAgent = app.agent().login(admin);
36
+ uiSchemaRepository = db.getRepository('uiSchemas');
37
+ });
38
+
39
+ test('append createById', async () => {
40
+ const Company = await db.getRepository('collections').create({
41
+ context: {},
42
+ values: {
43
+ name: 'companies',
44
+ fields: [
45
+ {
46
+ type: 'string',
47
+ name: 'name',
48
+ },
49
+ {
50
+ type: 'hasMany',
51
+ name: 'users',
52
+ },
53
+ ],
54
+ },
55
+ });
56
+
57
+ const Repair = await db.getRepository('collections').create({
58
+ context: {},
59
+ values: {
60
+ name: 'repairs',
61
+ createdBy: true,
62
+ fields: [
63
+ {
64
+ type: 'belongsTo',
65
+ name: 'company',
66
+ },
67
+ {
68
+ type: 'string',
69
+ name: 'name',
70
+ },
71
+ ],
72
+ },
73
+ });
74
+
75
+ const c1 = await db.getRepository('companies').create({
76
+ values: {
77
+ name: 'c1',
78
+ },
79
+ });
80
+
81
+ await db.getRepository('roles').create({
82
+ values: {
83
+ name: 'test-role',
84
+ },
85
+ });
86
+
87
+ await adminAgent.resource('roles.resources', 'test-role').create({
88
+ values: {
89
+ name: 'repairs',
90
+ usingActionsConfig: true,
91
+ actions: [
92
+ {
93
+ name: 'list',
94
+ fields: ['id'],
95
+ },
96
+ ],
97
+ },
98
+ });
99
+
100
+ const u1 = await db.getRepository('users').create({
101
+ values: {
102
+ name: 'u1',
103
+ company: { id: c1.get('id') },
104
+ roles: ['test-role'],
105
+ },
106
+ });
107
+
108
+ const r1 = await db.getRepository('repairs').create({
109
+ values: {
110
+ name: 'r1',
111
+ company: { id: c1.get('id') },
112
+ },
113
+ });
114
+
115
+ userPlugin = app.getPlugin('users') as UsersPlugin;
116
+
117
+ const testAgent = app.agent().auth(
118
+ userPlugin.jwtService.sign({
119
+ userId: u1.get('id'),
120
+ }),
121
+ { type: 'bearer' },
122
+ );
123
+
124
+ // @ts-ignore
125
+ const response1 = await testAgent.resource('repairs').list({
126
+ filter: {
127
+ company: {
128
+ id: {
129
+ $isVar: 'currentUser.company.id',
130
+ },
131
+ },
132
+ },
133
+ });
134
+
135
+ // @ts-ignore
136
+ const response2 = await testAgent.resource('repairs').list({
137
+ filter: {
138
+ company: {
139
+ id: {
140
+ $isVar: 'currentUser.company.id',
141
+ },
142
+ },
143
+ },
144
+ });
145
+
146
+ // @ts-ignore
147
+ const response3 = await testAgent.resource('repairs').list({
148
+ filter: {
149
+ company: {
150
+ id: {
151
+ $isVar: 'currentUser.company.id',
152
+ },
153
+ },
154
+ },
155
+ });
156
+
157
+ const acl = app.acl;
158
+ const canResult = acl.can({ role: 'test-role', resource: 'repairs', action: 'list' });
159
+ const params = canResult['params'];
160
+
161
+ expect(params['fields']).toHaveLength(3);
162
+ });
163
+
164
+ it('should not have permission to list comments', async () => {
165
+ await db.getCollection('collections').repository.create({
166
+ values: {
167
+ name: 'comments',
168
+ fields: [
169
+ {
170
+ name: 'content',
171
+ type: 'string',
172
+ },
173
+ ],
174
+ },
175
+ context: {},
176
+ });
177
+
178
+ await db.getCollection('collections').repository.create({
179
+ values: {
180
+ name: 'posts',
181
+ fields: [
182
+ {
183
+ name: 'title',
184
+ type: 'string',
185
+ },
186
+ {
187
+ name: 'comments',
188
+ type: 'hasMany',
189
+ target: 'comments',
190
+ interface: 'linkTo',
191
+ },
192
+ ],
193
+ },
194
+ context: {},
195
+ });
196
+
197
+ await db.getRepository('roles').create({
198
+ values: {
199
+ name: 'test-role',
200
+ },
201
+ });
202
+
203
+ await adminAgent.resource('roles.resources', 'test-role').create({
204
+ values: {
205
+ name: 'posts',
206
+ usingActionsConfig: true,
207
+ actions: [
208
+ {
209
+ name: 'view',
210
+ fields: ['comments'],
211
+ },
212
+ ],
213
+ },
214
+ });
215
+
216
+ const acl = app.acl;
217
+
218
+ expect(
219
+ acl.can({
220
+ role: 'test-role',
221
+ resource: 'posts.comments',
222
+ action: 'list',
223
+ }),
224
+ ).not.toBeNull();
225
+
226
+ expect(
227
+ acl.can({
228
+ role: 'test-role',
229
+ resource: 'comments',
230
+ action: 'list',
231
+ }),
232
+ ).toBeNull();
233
+ });
234
+
235
+ it('should not destroy default roles when user is root user', async () => {
236
+ const rootUser = await db.getRepository('users').findOne({
237
+ filter: {
238
+ email: process.env.INIT_ROOT_EMAIL,
239
+ },
240
+ });
241
+ const userPlugin = app.getPlugin('users') as UsersPlugin;
242
+
243
+ const adminAgent = app.agent().login(rootUser);
244
+
245
+ expect(await db.getCollection('roles').repository.count()).toBe(3);
246
+
247
+ //@ts-ignore
248
+ await adminAgent.resource('roles').destroy({
249
+ filterByTk: 'root',
250
+ });
251
+
252
+ expect(await db.getCollection('roles').repository.count()).toBe(3);
253
+ });
254
+
255
+ it('should not destroy default roles', async () => {
256
+ expect(await db.getCollection('roles').repository.count()).toBe(3);
257
+
258
+ await adminAgent.resource('roles').destroy({
259
+ filterByTk: 'root',
260
+ });
261
+
262
+ expect(await db.getCollection('roles').repository.count()).toBe(3);
263
+ });
264
+
265
+ it('should not destroy all scope', async () => {
266
+ let allScope = await adminAgent.resource('rolesResourcesScopes').get({
267
+ filter: {
268
+ key: 'all',
269
+ },
270
+ });
271
+
272
+ expect(allScope.body.data).toBeDefined();
273
+
274
+ await adminAgent.resource('rolesResourcesScopes').destroy({
275
+ filter: {
276
+ key: 'all',
277
+ },
278
+ });
279
+
280
+ allScope = await adminAgent.resource('rolesResourcesScopes').get({
281
+ filter: {
282
+ key: 'all',
283
+ },
284
+ });
285
+
286
+ expect(allScope.body.data).toBeDefined();
287
+ });
288
+
289
+ it('should not destroy roles collections', async () => {
290
+ let rolesCollection = await adminAgent.resource('collections').get({
291
+ filterByTk: 'roles',
292
+ });
293
+
294
+ expect(rolesCollection.body.data).toBeDefined();
295
+
296
+ await adminAgent.resource('collections').destroy({
297
+ filterByTk: 'roles',
298
+ });
299
+
300
+ rolesCollection = await adminAgent.resource('collections').get({
301
+ filterByTk: 'roles',
302
+ });
303
+
304
+ expect(rolesCollection.body.data).toBeDefined();
305
+ });
306
+
307
+ it('should works with universal actions', async () => {
308
+ await db.getRepository('roles').create({
309
+ values: {
310
+ name: 'new',
311
+ },
312
+ });
313
+
314
+ expect(
315
+ acl.can({
316
+ role: 'new',
317
+ resource: 'posts',
318
+ action: 'create',
319
+ }),
320
+ ).toBeNull();
321
+
322
+ // grant universal action
323
+ await adminAgent.resource('roles').update({
324
+ resourceIndex: 'new',
325
+ values: {
326
+ strategy: {
327
+ actions: ['create'],
328
+ },
329
+ },
330
+ forceUpdate: true,
331
+ });
332
+
333
+ expect(
334
+ acl.can({
335
+ role: 'new',
336
+ resource: 'posts',
337
+ action: 'create',
338
+ }),
339
+ ).toMatchObject({
340
+ role: 'new',
341
+ resource: 'posts',
342
+ action: 'create',
343
+ });
344
+ });
345
+
346
+ it('should deny when resource action has no resource', async () => {
347
+ await db.getRepository('roles').create({
348
+ values: {
349
+ name: 'new',
350
+ strategy: {
351
+ actions: ['update:own', 'destroy:own', 'create', 'view'],
352
+ },
353
+ },
354
+ });
355
+
356
+ // create c1 collection
357
+ await db.getRepository('collections').create({
358
+ values: {
359
+ name: 'c1',
360
+ title: 'table1',
361
+ },
362
+ });
363
+
364
+ // create c2 collection
365
+ await db.getRepository('collections').create({
366
+ values: {
367
+ name: 'c2',
368
+ title: 'table2',
369
+ },
370
+ });
371
+
372
+ await adminAgent.resource('roles.resources', 'new').create({
373
+ values: {
374
+ name: 'c1',
375
+ usingActionsConfig: true,
376
+ actions: [],
377
+ },
378
+ });
379
+
380
+ expect(
381
+ acl.can({
382
+ role: 'new',
383
+ resource: 'c1',
384
+ action: 'list',
385
+ }),
386
+ ).toBeNull();
387
+ });
388
+
389
+ it('should works with resources actions', async () => {
390
+ const role = await db.getRepository('roles').create({
391
+ values: {
392
+ name: 'new',
393
+ strategy: {
394
+ actions: ['list'],
395
+ },
396
+ },
397
+ });
398
+
399
+ // create c1 collection
400
+ await db.getRepository('collections').create({
401
+ values: {
402
+ name: 'c1',
403
+ title: 'table1',
404
+ },
405
+ });
406
+
407
+ // create c2 collection
408
+ await db.getRepository('collections').create({
409
+ values: {
410
+ name: 'c2',
411
+ title: 'table2',
412
+ },
413
+ });
414
+
415
+ // create c1 published scope
416
+ const {
417
+ body: { data: publishedScope },
418
+ } = await adminAgent.resource('rolesResourcesScopes').create({
419
+ values: {
420
+ resourceName: 'c1',
421
+ name: 'published',
422
+ scope: {
423
+ published: true,
424
+ },
425
+ },
426
+ });
427
+
428
+ // await db.getRepository('rolesResourcesScopes').findOne();
429
+
430
+ // set admin resources
431
+ await adminAgent.resource('roles.resources', 'new').create({
432
+ values: {
433
+ name: 'c1',
434
+ usingActionsConfig: true,
435
+ actions: [
436
+ {
437
+ name: 'create',
438
+ scope: publishedScope.id,
439
+ },
440
+ {
441
+ name: 'view',
442
+ fields: ['title', 'age'],
443
+ },
444
+ ],
445
+ },
446
+ });
447
+
448
+ expect(
449
+ acl.can({
450
+ role: 'new',
451
+ resource: 'c1',
452
+ action: 'create',
453
+ }),
454
+ ).toMatchObject({
455
+ role: 'new',
456
+ resource: 'c1',
457
+ action: 'create',
458
+ params: {
459
+ filter: { published: true },
460
+ },
461
+ });
462
+
463
+ expect(
464
+ acl.can({
465
+ role: 'new',
466
+ resource: 'c1',
467
+ action: 'view',
468
+ }),
469
+ ).toMatchObject({
470
+ role: 'new',
471
+ resource: 'c1',
472
+ action: 'view',
473
+ params: {
474
+ fields: ['age', 'title', 'id', 'createdAt', 'updatedAt'],
475
+ },
476
+ });
477
+
478
+ // revoke action
479
+ const response = await adminAgent.resource('roles.resources', role.get('name')).list({
480
+ appends: ['actions'],
481
+ });
482
+
483
+ expect(response.statusCode).toEqual(200);
484
+
485
+ const actions = response.body.data[0].actions;
486
+ const collectionName = response.body.data[0].name;
487
+
488
+ await adminAgent.resource('roles.resources', role.get('name')).update({
489
+ filterByTk: collectionName,
490
+ values: {
491
+ name: 'c1',
492
+ usingActionsConfig: true,
493
+ actions: [
494
+ {
495
+ name: 'view',
496
+ fields: ['title', 'age'],
497
+ },
498
+ ],
499
+ },
500
+ });
501
+
502
+ expect(
503
+ acl.can({
504
+ role: 'new',
505
+ resource: 'c1',
506
+ action: 'create',
507
+ }),
508
+ ).toBeNull();
509
+ });
510
+
511
+ it('should revoke resource when collection destroy', async () => {
512
+ await db.getRepository('roles').create({
513
+ values: {
514
+ name: 'new',
515
+ },
516
+ });
517
+
518
+ await db.getRepository('collections').create({
519
+ values: {
520
+ name: 'posts',
521
+ },
522
+ });
523
+
524
+ await db.getRepository('fields').create({
525
+ values: {
526
+ collectionName: 'posts',
527
+ type: 'string',
528
+ name: 'title',
529
+ },
530
+ });
531
+
532
+ await adminAgent.resource('roles.resources').create({
533
+ associatedIndex: 'new',
534
+ values: {
535
+ name: 'posts',
536
+ usingActionsConfig: true,
537
+ actions: [
538
+ {
539
+ name: 'view',
540
+ fields: ['title'],
541
+ },
542
+ ],
543
+ },
544
+ });
545
+
546
+ expect(
547
+ acl.can({
548
+ role: 'new',
549
+ resource: 'posts',
550
+ action: 'view',
551
+ }),
552
+ ).not.toBeNull();
553
+
554
+ await db.getRepository('collections').destroy({
555
+ filter: {
556
+ name: 'posts',
557
+ },
558
+ });
559
+
560
+ expect(
561
+ acl.can({
562
+ role: 'new',
563
+ resource: 'posts',
564
+ action: 'view',
565
+ }),
566
+ ).toBeNull();
567
+ });
568
+
569
+ it('should revoke actions when not using actions config', async () => {
570
+ await db.getRepository('roles').create({
571
+ values: {
572
+ name: 'new',
573
+ },
574
+ });
575
+
576
+ await db.getRepository('collections').create({
577
+ values: {
578
+ name: 'posts',
579
+ title: 'posts',
580
+ },
581
+ });
582
+
583
+ await adminAgent.resource('roles.resources').create({
584
+ associatedIndex: 'new',
585
+ values: {
586
+ name: 'posts',
587
+ usingActionsConfig: true,
588
+ actions: [
589
+ {
590
+ name: 'create',
591
+ },
592
+ ],
593
+ },
594
+ });
595
+
596
+ expect(
597
+ acl.can({
598
+ role: 'new',
599
+ resource: 'posts',
600
+ action: 'create',
601
+ }),
602
+ ).toMatchObject({
603
+ role: 'new',
604
+ resource: 'posts',
605
+ action: 'create',
606
+ });
607
+
608
+ await adminAgent.resource('roles.resources', 'new').update({
609
+ filterByTk: (
610
+ await db.getRepository('rolesResources').findOne({
611
+ filter: {
612
+ name: 'posts',
613
+ roleName: 'new',
614
+ },
615
+ })
616
+ ).get('name') as string,
617
+ values: {
618
+ usingActionsConfig: false,
619
+ },
620
+ });
621
+
622
+ expect(
623
+ acl.can({
624
+ role: 'new',
625
+ resource: 'posts',
626
+ action: 'create',
627
+ }),
628
+ ).toBeNull();
629
+
630
+ await adminAgent.resource('roles.resources', 'new').update({
631
+ filterByTk: (
632
+ await db.getRepository('rolesResources').findOne({
633
+ filter: {
634
+ name: 'posts',
635
+ roleName: 'new',
636
+ },
637
+ })
638
+ ).get('name') as string,
639
+ values: {
640
+ usingActionsConfig: true,
641
+ },
642
+ });
643
+
644
+ expect(
645
+ acl.can({
646
+ role: 'new',
647
+ resource: 'posts',
648
+ action: 'create',
649
+ }),
650
+ ).toMatchObject({
651
+ role: 'new',
652
+ resource: 'posts',
653
+ action: 'create',
654
+ });
655
+ });
656
+
657
+ it('should add fields when field created', async () => {
658
+ await db.getRepository('roles').create({
659
+ values: {
660
+ name: 'new',
661
+ },
662
+ });
663
+
664
+ await db.getRepository('collections').create({
665
+ values: {
666
+ name: 'posts',
667
+ },
668
+ });
669
+
670
+ await db.getRepository('fields').create({
671
+ values: {
672
+ collectionName: 'posts',
673
+ type: 'string',
674
+ name: 'title',
675
+ },
676
+ });
677
+
678
+ await adminAgent.resource('roles.resources').create({
679
+ associatedIndex: 'new',
680
+ values: {
681
+ name: 'posts',
682
+ usingActionsConfig: true,
683
+ actions: [
684
+ {
685
+ name: 'view',
686
+ fields: ['title'],
687
+ },
688
+ ],
689
+ },
690
+ });
691
+
692
+ const allowFields = acl.can({
693
+ role: 'new',
694
+ resource: 'posts',
695
+ action: 'view',
696
+ })['params']['fields'];
697
+
698
+ expect(allowFields.includes('title')).toBeTruthy();
699
+
700
+ await db.getRepository('fields').create({
701
+ values: {
702
+ collectionName: 'posts',
703
+ type: 'string',
704
+ name: 'description',
705
+ },
706
+ });
707
+
708
+ const newAllowFields = acl.can({
709
+ role: 'new',
710
+ resource: 'posts',
711
+ action: 'view',
712
+ })['params']['fields'];
713
+
714
+ expect(newAllowFields.includes('description')).toBeTruthy();
715
+ });
716
+
717
+ it('should get role menus', async () => {
718
+ const role = await db.getRepository('roles').create({
719
+ values: {
720
+ name: 'new',
721
+ strategy: {
722
+ actions: ['view'],
723
+ },
724
+ },
725
+ });
726
+
727
+ const menuResponse = await adminAgent.resource('roles.menuUiSchemas', 'new').list();
728
+
729
+ expect(menuResponse.statusCode).toEqual(200);
730
+ });
731
+
732
+ it('should toggle role menus', async () => {
733
+ const role = await db.getRepository('roles').create({
734
+ values: {
735
+ name: 'new',
736
+ strategy: {
737
+ actions: ['*'],
738
+ },
739
+ snippets: ['pm.*'],
740
+ },
741
+ });
742
+ const UserRepo = db.getCollection('users').repository;
743
+ const user = await UserRepo.create({
744
+ values: {
745
+ roles: ['new'],
746
+ },
747
+ });
748
+
749
+ const userAgent = app.agent().login(user);
750
+
751
+ const schema = {
752
+ 'x-uid': 'test',
753
+ };
754
+
755
+ await uiSchemaRepository.insert(schema);
756
+
757
+ const response = await userAgent
758
+ // @ts-ignore
759
+ .resource('roles.menuUiSchemas', 'new')
760
+ .toggle({
761
+ values: { tk: 'test' },
762
+ });
763
+
764
+ expect(response.statusCode).toEqual(200);
765
+ });
766
+
767
+ it('should sync data to acl after app reload', async () => {
768
+ const role = await db.getRepository('roles').create({
769
+ values: {
770
+ name: 'new',
771
+ resources: [
772
+ {
773
+ name: 'posts',
774
+ usingActionsConfig: true,
775
+ actions: [
776
+ {
777
+ name: 'view',
778
+ fields: ['title'],
779
+ },
780
+ ],
781
+ },
782
+ ],
783
+ },
784
+ hooks: false,
785
+ });
786
+
787
+ expect(app.acl.getRole('new')).toBeUndefined();
788
+
789
+ await app.reload();
790
+
791
+ expect(app.acl.getRole('new')).toBeDefined();
792
+
793
+ expect(
794
+ app.acl.can({
795
+ role: 'new',
796
+ resource: 'posts',
797
+ action: 'view',
798
+ }),
799
+ ).toMatchObject({
800
+ role: 'new',
801
+ resource: 'posts',
802
+ action: 'view',
803
+ });
804
+ });
805
+
806
+ it('should destroy new role when user are root user', async () => {
807
+ const rootUser = await db.getRepository('users').findOne({
808
+ filterByTk: 1,
809
+ });
810
+
811
+ const rootAgent = app.agent().login(rootUser);
812
+
813
+ const response = await rootAgent
814
+ // @ts-ignore
815
+ .resource('roles')
816
+ .create({
817
+ values: {
818
+ name: 'testRole',
819
+ },
820
+ });
821
+
822
+ expect(response.statusCode).toEqual(200);
823
+
824
+ expect(await db.getRepository('roles').findOne({ filterByTk: 'testRole' })).toBeDefined();
825
+ const destroyResponse = await rootAgent
826
+ // @ts-ignore
827
+ .resource('roles')
828
+ .destroy({
829
+ filterByTk: 'testRole',
830
+ });
831
+
832
+ expect(destroyResponse.statusCode).toEqual(200);
833
+ expect(await db.getRepository('roles').findOne({ filterByTk: 'testRole' })).toBeNull();
834
+ });
835
+ });