@nocobase/plugin-acl 0.8.1-alpha.4 → 0.9.0-alpha.2

package/src/__tests__/association-field.test.ts

@@ -1,308 +0,0 @@
-import { ACL } from '@nocobase/acl';
-import { Database, HasManyRepository } from '@nocobase/database';
-import UsersPlugin from '@nocobase/plugin-users';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-
-describe('association field acl', () => {
-  let app: MockServer;
-  let db: Database;
-  let acl: ACL;
-
-  let user;
-  let userAgent;
-  let admin;
-  let adminAgent;
-
-  afterEach(async () => {
-    await app.destroy();
-  });
-
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-    acl = app.acl;
-
-    await db.getRepository('roles').create({
-      values: {
-        name: 'new',
-        allowConfigure: true,
-      },
-    });
-
-    await db.getRepository('roles').create({
-      values: {
-        name: 'testAdmin',
-        allowConfigure: true,
-      },
-    });
-    const UserRepo = db.getCollection('users').repository;
-    user = await UserRepo.create({
-      values: {
-        roles: ['new'],
-      },
-    });
-    admin = await UserRepo.create({
-      values: {
-        roles: ['testAdmin'],
-      },
-    });
-
-    const userPlugin = app.getPlugin('users') as UsersPlugin;
-    userAgent = app.agent().auth(
-      userPlugin.jwtService.sign({
-        userId: user.get('id'),
-      }),
-      { type: 'bearer' },
-    );
-    adminAgent = app.agent().auth(
-      userPlugin.jwtService.sign({
-        userId: admin.get('id'),
-      }),
-      { type: 'bearer' },
-    );
-
-    await db.getRepository('collections').create({
-      values: {
-        name: 'orders',
-      },
-      context: {},
-    });
-
-    await db.getRepository('collections.fields', 'users').create({
-      values: {
-        name: 'name',
-        type: 'string',
-      },
-      context: {},
-    });
-
-    await db.getRepository('collections.fields', 'users').create({
-      values: {
-        name: 'age',
-        type: 'integer',
-      },
-      context: {},
-    });
-
-    await db.getRepository('collections.fields', 'users').create({
-      values: {
-        interface: 'linkTo',
-        name: 'orders',
-        type: 'hasMany',
-        target: 'orders',
-      },
-      context: {},
-    });
-
-    await db.getRepository('collections.fields', 'orders').create({
-      values: {
-        name: 'content',
-        type: 'string',
-      },
-      context: {},
-    });
-
-    await adminAgent.resource('roles.resources', 'new').create({
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'create',
-            fields: ['orders'],
-          },
-          {
-            name: 'view',
-            fields: ['orders'],
-          },
-        ],
-      },
-    });
-  });
-
-  it('should revoke target action on association action revoke', async () => {
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'orders',
-        action: 'list',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'orders',
-      action: 'list',
-    });
-
-    await adminAgent.resource('roles.resources', 'new').update({
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [],
-      },
-    });
-
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'orders',
-        action: 'list',
-      }),
-    ).toBeNull();
-  });
-
-  it('should revoke association action on action revoke', async () => {
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users.orders',
-        action: 'add',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users.orders',
-      action: 'add',
-    });
-
-    const viewAction = await db.getRepository('rolesResourcesActions').findOne({
-      filter: {
-        name: 'view',
-      },
-    });
-
-    const actionId = viewAction.get('id') as number;
-
-    const response = await adminAgent.resource('roles.resources', 'new').update({
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [
-          {
-            id: actionId,
-          },
-        ],
-      },
-    });
-
-    expect(response.statusCode).toEqual(200);
-
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users.orders',
-        action: 'add',
-      }),
-    ).toBeNull();
-  });
-
-  it('should revoke association action on field deleted', async () => {
-    await adminAgent.resource('roles.resources', 'new').update({
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'create',
-            fields: ['name', 'age'],
-          },
-        ],
-      },
-    });
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users',
-        action: 'create',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users',
-      action: 'create',
-      params: {
-        whitelist: ['age', 'name'],
-      },
-    });
-    const roleResource = await db.getRepository('rolesResources').findOne({
-      filter: {
-        name: 'users',
-      },
-    });
-
-    const action = await db
-      .getRepository<HasManyRepository>('rolesResources.actions', roleResource.get('id') as string)
-      .findOne({
-        filter: {
-          name: 'create',
-        },
-      });
-
-    expect(action.get('fields').includes('name')).toBeTruthy();
-
-    // remove field
-    await db.getRepository<HasManyRepository>('collections.fields', 'users').destroy({
-      filter: {
-        name: 'name',
-      },
-      context: {},
-    });
-
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users',
-        action: 'create',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users',
-      action: 'create',
-      params: {
-        whitelist: ['age'],
-      },
-    });
-  });
-
-  it('should allow association fields access', async () => {
-    const createResponse = await userAgent.resource('users').create({
-      values: {
-        orders: [
-          {
-            content: 'apple',
-          },
-        ],
-      },
-    });
-
-    expect(createResponse.statusCode).toEqual(200);
-
-    const user = await db.getRepository('users').findOne({
-      filterByTk: createResponse.body.data.id,
-    });
-    // @ts-ignore
-    expect(await user.countOrders()).toEqual(1);
-
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users.orders',
-        action: 'list',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users.orders',
-      action: 'list',
-    });
-
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'orders',
-        action: 'list',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'orders',
-      action: 'list',
-    });
-  });
-});

package/src/__tests__/configuration.test.ts

@@ -1,74 +0,0 @@
-import { Database } from '@nocobase/database';
-import UsersPlugin from '@nocobase/plugin-users';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-
-describe('configuration', () => {
-  let app: MockServer;
-  let db: Database;
-  let admin;
-  let adminAgent;
-  let user;
-  let userAgent;
-  let guestAgent;
-
-  afterEach(async () => {
-    await app.destroy();
-  });
-
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-
-    await db.getRepository('roles').create({
-      values: {
-        name: 'test1',
-        allowConfigure: true,
-      },
-    });
-
-    await db.getRepository('roles').create({
-      values: {
-        name: 'test2',
-      },
-    });
-
-    const UserRepo = db.getCollection('users').repository;
-    admin = await UserRepo.create({
-      values: {
-        roles: ['test1']
-      }
-    });
-    user = await UserRepo.create({
-      values: {
-        roles: ['test2']
-      }
-    });
-
-    const userPlugin = app.getPlugin('users') as UsersPlugin;
-    adminAgent = app.agent().auth(userPlugin.jwtService.sign({
-      userId: admin.get('id'),
-    }), { type: 'bearer' });
-
-    userAgent = app.agent().auth(userPlugin.jwtService.sign({
-      userId: user.get('id'),
-    }), { type: 'bearer' });
-
-    guestAgent = app.agent();
-  });
-
-  it('should list collections', async () => {
-    expect((await userAgent.resource('collections').create()).statusCode).toEqual(403);
-    expect((await userAgent.resource('collections').list()).statusCode).toEqual(200);
-  });
-
-  it('should not create/list collections', async () => {
-    expect((await guestAgent.resource('collections').create()).statusCode).toEqual(403);
-    expect((await guestAgent.resource('collections').list()).statusCode).toEqual(403);
-  });
-
-  it('should allow when role has allowConfigure with true value', async () => {
-    expect((await adminAgent.resource('collections').create()).statusCode).toEqual(200);
-    expect((await adminAgent.resource('collections').list()).statusCode).toEqual(200);
-  });
-});

package/src/__tests__/middleware.test.ts

@@ -1,228 +0,0 @@
-import { ACL } from '@nocobase/acl';
-import { Database, Model } from '@nocobase/database';
-import UsersPlugin from '@nocobase/plugin-users';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-
-describe('middleware', () => {
-  let app: MockServer;
-  let role: Model;
-  let db: Database;
-  let acl: ACL;
-  let admin;
-  let adminAgent;
-
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-    acl = app.acl;
-
-    role = await db.getRepository('roles').findOne({
-      filter: {
-        name: 'admin',
-      },
-    });
-
-    const UserRepo = db.getCollection('users').repository;
-    admin = await UserRepo.create({
-      values: {
-        roles: ['admin']
-      }
-    });
-
-    const userPlugin = app.getPlugin('users') as UsersPlugin;
-    adminAgent = app.agent().auth(userPlugin.jwtService.sign({
-      userId: admin.get('id'),
-    }), { type: 'bearer' });
-
-    await db.getRepository('collections').create({
-      values: {
-        name: 'posts',
-      },
-      context: {},
-    });
-
-    await db.getRepository('collections.fields', 'posts').create({
-      values: {
-        name: 'title',
-        type: 'string',
-      },
-      context: {},
-    });
-
-    await db.getRepository('collections.fields', 'posts').create({
-      values: {
-        name: 'description',
-        type: 'string',
-      },
-      context: {},
-    });
-
-    await db.getRepository('collections.fields', 'posts').create({
-      values: {
-        name: 'createdById',
-        type: 'integer',
-      },
-      context: {},
-    });
-  });
-
-  afterEach(async () => {
-    await app.destroy();
-  });
-
-  it('should throw 403 when no permission', async () => {
-    const response = await app.agent().resource('posts').create({
-      values: {},
-    });
-
-    expect(response.statusCode).toEqual(403);
-  });
-
-  it('should return 200 when role has permission', async () => {
-    await db.getRepository('roles').update({
-      filterByTk: 'admin',
-      values: {
-        strategy: {
-          actions: ['create:all'],
-        },
-      },
-    });
-
-    const response = await adminAgent.resource('posts').create({
-      values: {},
-    });
-
-    expect(response.statusCode).toEqual(200);
-  });
-
-  it('should limit fields on view actions', async () => {
-    await adminAgent
-      .resource('roles.resources', role.get('name'))
-      .create({
-        values: {
-          name: 'posts',
-          usingActionsConfig: true,
-          actions: [
-            {
-              name: 'create',
-              fields: ['title', 'description'],
-            },
-            {
-              name: 'view',
-              fields: ['title'],
-            },
-          ],
-        },
-      });
-
-    await adminAgent
-      .resource('posts')
-      .create({
-        values: {
-          title: 'post-title',
-          description: 'post-description',
-        },
-      });
-
-    const post = await db.getRepository('posts').findOne();
-    expect(post.get('title')).toEqual('post-title');
-    expect(post.get('description')).toEqual('post-description');
-
-    const response = await adminAgent.resource('posts').list({});
-    expect(response.statusCode).toEqual(200);
-
-    const [data] = response.body.data;
-
-    expect(data['id']).not.toBeUndefined();
-    expect(data['title']).toEqual('post-title');
-    expect(data['description']).toBeUndefined();
-  });
-
-  it('should parse template value on action params', async () => {
-    const res = await adminAgent
-      .resource('rolesResourcesScopes')
-      .create({
-        values: {
-          name: 'own',
-          scope: {
-            createdById: '{{ ctx.state.currentUser.id }}',
-          },
-        },
-      });
-
-    await adminAgent
-      .resource('roles.resources', role.get('name'))
-      .create({
-        values: {
-          name: 'posts',
-          usingActionsConfig: true,
-          actions: [
-            {
-              name: 'create',
-              fields: ['title', 'description', 'createdById'],
-            },
-            {
-              name: 'view',
-              fields: ['title'],
-              scope: res.body.data.id,
-            },
-          ],
-        },
-      });
-
-    await adminAgent
-      .resource('posts')
-      .create({
-        values: {
-          title: 't1',
-          description: 'd1',
-          createdById: 1,
-        },
-      });
-
-    await adminAgent
-      .resource('posts')
-      .create({
-        values: {
-          title: 't2',
-          description: 'p2',
-          createdById: 2,
-        },
-      });
-
-    const response = await adminAgent.resource('posts').list();
-    const data = response.body.data;
-    expect(data.length).toEqual(1);
-  });
-
-  it('should change fields params to whitelist in create action', async () => {
-    await adminAgent
-      .resource('roles.resources', role.get('name'))
-      .create({
-        values: {
-          name: 'posts',
-          usingActionsConfig: true,
-          actions: [
-            {
-              name: 'create',
-              fields: ['title'],
-            },
-          ],
-        },
-      });
-
-    await adminAgent
-      .resource('posts')
-      .create({
-        values: {
-          title: 'post-title',
-          description: 'post-description',
-        },
-      });
-
-    const post = await db.getRepository('posts').findOne();
-    expect(post.get('title')).toEqual('post-title');
-    expect(post.get('description')).toBeNull();
-  });
-});