@tellescope/sdk 1.242.9 → 1.242.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/cjs/tests/api_tests/custom_aggregation.test.d.ts.map +1 -1
- package/lib/cjs/tests/api_tests/custom_aggregation.test.js +109 -7
- package/lib/cjs/tests/api_tests/custom_aggregation.test.js.map +1 -1
- package/lib/cjs/tests/api_tests/no_access_permission_checks.test.d.ts +20 -0
- package/lib/cjs/tests/api_tests/no_access_permission_checks.test.d.ts.map +1 -0
- package/lib/cjs/tests/api_tests/no_access_permission_checks.test.js +481 -0
- package/lib/cjs/tests/api_tests/no_access_permission_checks.test.js.map +1 -0
- package/lib/cjs/tests/tests.d.ts.map +1 -1
- package/lib/cjs/tests/tests.js +116 -112
- package/lib/cjs/tests/tests.js.map +1 -1
- package/lib/esm/sdk.d.ts +2 -2
- package/lib/esm/session.d.ts +0 -1
- package/lib/esm/session.d.ts.map +1 -1
- package/lib/esm/tests/api_tests/custom_aggregation.test.d.ts.map +1 -1
- package/lib/esm/tests/api_tests/custom_aggregation.test.js +110 -8
- package/lib/esm/tests/api_tests/custom_aggregation.test.js.map +1 -1
- package/lib/esm/tests/api_tests/no_access_permission_checks.test.d.ts +20 -0
- package/lib/esm/tests/api_tests/no_access_permission_checks.test.d.ts.map +1 -0
- package/lib/esm/tests/api_tests/no_access_permission_checks.test.js +477 -0
- package/lib/esm/tests/api_tests/no_access_permission_checks.test.js.map +1 -0
- package/lib/esm/tests/tests.d.ts.map +1 -1
- package/lib/esm/tests/tests.js +116 -112
- package/lib/esm/tests/tests.js.map +1 -1
- package/lib/tsconfig.tsbuildinfo +1 -1
- package/package.json +10 -10
- package/src/tests/api_tests/custom_aggregation.test.ts +74 -0
- package/src/tests/api_tests/no_access_permission_checks.test.ts +365 -0
- package/src/tests/tests.ts +3 -1
- package/test_generated.pdf +0 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"custom_aggregation.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/api_tests/custom_aggregation.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;
|
|
1
|
+
{"version":3,"file":"custom_aggregation.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/api_tests/custom_aggregation.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAanC,eAAO,MAAM,wBAAwB;SAAwC,OAAO;iBAAe,OAAO;mBAgLzG,CAAA"}
|
|
@@ -1,4 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __assign = (this && this.__assign) || function () {
|
|
3
|
+
__assign = Object.assign || function(t) {
|
|
4
|
+
for (var s, i = 1, n = arguments.length; i < n; i++) {
|
|
5
|
+
s = arguments[i];
|
|
6
|
+
for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
|
|
7
|
+
t[p] = s[p];
|
|
8
|
+
}
|
|
9
|
+
return t;
|
|
10
|
+
};
|
|
11
|
+
return __assign.apply(this, arguments);
|
|
12
|
+
};
|
|
2
13
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
14
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
15
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
@@ -41,12 +52,14 @@ require('source-map-support').install();
|
|
|
41
52
|
var sdk_1 = require("../../sdk");
|
|
42
53
|
var testing_1 = require("@tellescope/testing");
|
|
43
54
|
var setup_1 = require("../setup");
|
|
55
|
+
var constants_1 = require("@tellescope/constants");
|
|
44
56
|
var host = process.env.API_URL || 'http://localhost:8080';
|
|
57
|
+
var _a = [process.env.NON_ADMIN_EMAIL, process.env.NON_ADMIN_PASSWORD], nonAdminEmail = _a[0], nonAdminPassword = _a[1];
|
|
45
58
|
// Main test function that can be called independently
|
|
46
59
|
var custom_aggregation_tests = function (_a) {
|
|
47
60
|
var sdk = _a.sdk, sdkNonAdmin = _a.sdkNonAdmin;
|
|
48
61
|
return __awaiter(void 0, void 0, void 0, function () {
|
|
49
|
-
var testEnduser;
|
|
62
|
+
var testEnduser, noEngagementAccessRole, rbap, originalRoles;
|
|
50
63
|
return __generator(this, function (_b) {
|
|
51
64
|
switch (_b.label) {
|
|
52
65
|
case 0:
|
|
@@ -70,7 +83,7 @@ var custom_aggregation_tests = function (_a) {
|
|
|
70
83
|
_b.sent();
|
|
71
84
|
_b.label = 3;
|
|
72
85
|
case 3:
|
|
73
|
-
_b.trys.push([3, ,
|
|
86
|
+
_b.trys.push([3, , 22, 24]);
|
|
74
87
|
// Test 1: Basic aggregation works
|
|
75
88
|
return [4 /*yield*/, (0, testing_1.async_test)("Custom aggregation - basic query works", function () { return sdk.api.analytics_frames.custom_aggregation({
|
|
76
89
|
modelName: 'endusers',
|
|
@@ -148,20 +161,109 @@ var custom_aggregation_tests = function (_a) {
|
|
|
148
161
|
var user = group.data[0];
|
|
149
162
|
// Even in grouped results, hashedPassword should not be present
|
|
150
163
|
return group.count === 1 && user.hashedPassword === undefined;
|
|
151
|
-
} })
|
|
164
|
+
} })
|
|
165
|
+
// ===== Role-Based Access Permission Tests =====
|
|
166
|
+
];
|
|
152
167
|
case 8:
|
|
153
168
|
// Test 5: Aggregation with grouping doesn't leak hashedPassword
|
|
154
169
|
_b.sent();
|
|
170
|
+
// ===== Role-Based Access Permission Tests =====
|
|
171
|
+
(0, testing_1.log_header)("Custom Aggregation - Role-Based Access Tests");
|
|
172
|
+
noEngagementAccessRole = 'no-engagement-access-test';
|
|
173
|
+
return [4 /*yield*/, sdk.api.role_based_access_permissions.createOne({
|
|
174
|
+
role: noEngagementAccessRole,
|
|
175
|
+
permissions: __assign(__assign({}, constants_1.PROVIDER_PERMISSIONS), {
|
|
176
|
+
// Override endusers to have full read access so we can test aggregation
|
|
177
|
+
endusers: {
|
|
178
|
+
create: 'All',
|
|
179
|
+
read: 'All',
|
|
180
|
+
update: 'All',
|
|
181
|
+
delete: 'All',
|
|
182
|
+
}, engagement_events: {
|
|
183
|
+
create: null,
|
|
184
|
+
read: null,
|
|
185
|
+
update: null,
|
|
186
|
+
delete: null,
|
|
187
|
+
} }),
|
|
188
|
+
})
|
|
189
|
+
// Save original role to restore later
|
|
190
|
+
];
|
|
191
|
+
case 9:
|
|
192
|
+
rbap = _b.sent();
|
|
193
|
+
originalRoles = sdkNonAdmin.userInfo.roles;
|
|
194
|
+
_b.label = 10;
|
|
195
|
+
case 10:
|
|
196
|
+
_b.trys.push([10, , 16, 21]);
|
|
197
|
+
// Assign the restricted role to non-admin user
|
|
198
|
+
return [4 /*yield*/, sdk.api.users.updateOne(sdkNonAdmin.userInfo.id, { roles: [noEngagementAccessRole] }, { replaceObjectFields: true })];
|
|
199
|
+
case 11:
|
|
200
|
+
// Assign the restricted role to non-admin user
|
|
201
|
+
_b.sent();
|
|
202
|
+
return [4 /*yield*/, (0, testing_1.wait)(undefined, 1500)]; // wait for role change to propagate
|
|
203
|
+
case 12:
|
|
204
|
+
_b.sent(); // wait for role change to propagate
|
|
205
|
+
return [4 /*yield*/, sdkNonAdmin.authenticate(nonAdminEmail, nonAdminPassword)
|
|
206
|
+
// Test 6: Non-admin can still aggregate models they have access to (endusers)
|
|
207
|
+
];
|
|
208
|
+
case 13:
|
|
209
|
+
_b.sent();
|
|
210
|
+
// Test 6: Non-admin can still aggregate models they have access to (endusers)
|
|
211
|
+
return [4 /*yield*/, (0, testing_1.async_test)("Custom aggregation - non-admin can access permitted models", function () { return sdkNonAdmin.api.analytics_frames.custom_aggregation({
|
|
212
|
+
modelName: 'endusers',
|
|
213
|
+
aggregation: [
|
|
214
|
+
{ $match: { fname: 'CustomAgg' } },
|
|
215
|
+
{ $count: 'total' }
|
|
216
|
+
]
|
|
217
|
+
}); }, { onResult: function (r) { var _a; return ((_a = r.result[0]) === null || _a === void 0 ? void 0 : _a.total) === 1; } })
|
|
218
|
+
// Test 7: Non-admin is blocked from aggregating models with No Access
|
|
219
|
+
];
|
|
220
|
+
case 14:
|
|
221
|
+
// Test 6: Non-admin can still aggregate models they have access to (endusers)
|
|
222
|
+
_b.sent();
|
|
223
|
+
// Test 7: Non-admin is blocked from aggregating models with No Access
|
|
224
|
+
return [4 /*yield*/, (0, testing_1.async_test)("Custom aggregation - non-admin blocked from No Access models", function () { return sdkNonAdmin.api.analytics_frames.custom_aggregation({
|
|
225
|
+
modelName: 'engagement_events',
|
|
226
|
+
aggregation: [
|
|
227
|
+
{ $match: {} },
|
|
228
|
+
{ $count: 'total' }
|
|
229
|
+
]
|
|
230
|
+
}); }, { shouldError: true, onError: function (e) { return e.message === "You do not have access to this resource"; } })];
|
|
231
|
+
case 15:
|
|
232
|
+
// Test 7: Non-admin is blocked from aggregating models with No Access
|
|
233
|
+
_b.sent();
|
|
234
|
+
console.log("✅ All custom aggregation role-based access tests passed");
|
|
235
|
+
return [3 /*break*/, 21];
|
|
236
|
+
case 16:
|
|
237
|
+
// Restore original role
|
|
238
|
+
return [4 /*yield*/, sdk.api.users.updateOne(sdkNonAdmin.userInfo.id, { roles: originalRoles }, { replaceObjectFields: true })];
|
|
239
|
+
case 17:
|
|
240
|
+
// Restore original role
|
|
241
|
+
_b.sent();
|
|
242
|
+
return [4 /*yield*/, (0, testing_1.wait)(undefined, 1000)];
|
|
243
|
+
case 18:
|
|
244
|
+
_b.sent();
|
|
245
|
+
return [4 /*yield*/, sdkNonAdmin.authenticate(nonAdminEmail, nonAdminPassword)
|
|
246
|
+
// Cleanup role
|
|
247
|
+
];
|
|
248
|
+
case 19:
|
|
249
|
+
_b.sent();
|
|
250
|
+
// Cleanup role
|
|
251
|
+
return [4 /*yield*/, sdk.api.role_based_access_permissions.deleteOne(rbap.id)];
|
|
252
|
+
case 20:
|
|
253
|
+
// Cleanup role
|
|
254
|
+
_b.sent();
|
|
255
|
+
return [7 /*endfinally*/];
|
|
256
|
+
case 21:
|
|
155
257
|
console.log("✅ All custom aggregation tests passed");
|
|
156
|
-
return [3 /*break*/,
|
|
157
|
-
case
|
|
258
|
+
return [3 /*break*/, 24];
|
|
259
|
+
case 22:
|
|
158
260
|
// Cleanup
|
|
159
261
|
return [4 /*yield*/, sdk.api.endusers.deleteOne(testEnduser.id)];
|
|
160
|
-
case
|
|
262
|
+
case 23:
|
|
161
263
|
// Cleanup
|
|
162
264
|
_b.sent();
|
|
163
265
|
return [7 /*endfinally*/];
|
|
164
|
-
case
|
|
266
|
+
case 24: return [2 /*return*/];
|
|
165
267
|
}
|
|
166
268
|
});
|
|
167
269
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"custom_aggregation.test.js","sourceRoot":"","sources":["../../../../src/tests/api_tests/custom_aggregation.test.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"custom_aggregation.test.js","sourceRoot":"","sources":["../../../../src/tests/api_tests/custom_aggregation.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;AAExC,iCAAmC;AACnC,+CAI4B;AAC5B,kCAAsC;AACtC,mDAA4D;AAE5D,IAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAgC,CAAA;AAC9D,IAAA,KAAoC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,EAAhG,aAAa,QAAA,EAAE,gBAAgB,QAAiE,CAAA;AAEvG,sDAAsD;AAC/C,IAAM,wBAAwB,GAAG,UAAO,EAA6D;QAA3D,GAAG,SAAA,EAAE,WAAW,iBAAA;;;;;;oBAC/D,IAAA,oBAAU,EAAC,0BAA0B,CAAC,CAAA;oBAGlB,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;4BACnD,KAAK,EAAE,WAAW;4BAClB,KAAK,EAAE,UAAU;4BACjB,KAAK,EAAE,6BAA6B;yBACrC,CAAC;wBAEF,sEAAsE;sBAFpE;;oBAJI,WAAW,GAAG,SAIlB;oBAEF,sEAAsE;oBACtE,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC;4BAClC,EAAE,EAAE,WAAW,CAAC,EAAE;4BAClB,QAAQ,EAAE,kBAAkB;yBAC7B,CAAC,EAAA;;oBAJF,sEAAsE;oBACtE,SAGE,CAAA;;;;oBAGA,kCAAkC;oBAClC,qBAAM,IAAA,oBAAU,EACd,wCAAwC,EACxC,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;4BAChD,SAAS,EAAE,UAAU;4BACrB,WAAW,EAAE;gCACX,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;gCAClC,EAAE,MAAM,EAAE,OAAO,EAAE;6BACpB;yBACF,CAAC,EANI,CAMJ,EACF,EAAE,QAAQ,EAAE,UAAA,CAAC,YAAI,OAAA,CAAA,MAAA,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,0CAAE,KAAK,MAAK,CAAC,CAAA,EAAA,EAAE,CAC5C;wBAED,2CAA2C;sBAF1C;;oBAXD,kCAAkC;oBAClC,SAUC,CAAA;oBAED,2CAA2C;oBAC3C,qBAAM,IAAA,oBAAU,EACd,6CAA6C,EAC7C,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;4BAChD,SAAS,EAAE,UAAU;4BACrB,WAAW,EAAE;gCACX,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;gCAClC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;6BAC/C;yBACF,CAAC,EANI,CAMJ,EACF,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;gCACxB,OAAO,IAAI,CAAC,KAAK,KAAK,WAAW;uCAC5B,IAAI,CAAC,KAAK,KAAK,UAAU;uCACzB,IAAI,CAAC,KAAK,KAAK,6BAA6B,CAAA;4BACnD,CAAC,EAAC,CACH;wBAED,kEAAkE;sBAFjE;;oBAhBD,2CAA2C;oBAC3C,SAeC,CAAA;oBAED,kEAAkE;oBAClE,qBAAM,IAAA,oBAAU,EACd,oEAAoE,EACpE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;4BAChD,SAAS,EAAE,UAAU;4BACrB,WAAW,EAAE;gCACX,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;gCAClC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC,8BAA8B;6BAC7E;yBACF,CAAC,EANI,CAMJ,EACF,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;gCACxB,2CAA2C;gCAC3C,OAAO,IAAI,CAAC,KAAK,KAAK,WAAW,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,CAAA;4BACxE,CAAC,EAAC,CACH;wBAED,mEAAmE;sBAFlE;;oBAfD,kEAAkE;oBAClE,SAcC,CAAA;oBAED,mEAAmE;oBACnE,qBAAM,IAAA,oBAAU,EACd,8DAA8D,EAC9D,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;4BAChD,SAAS,EAAE,UAAU;4BACrB,WAAW,EAAE;gCACX,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;gCAClC,EAAE,MAAM,EAAE,CAAC,EAAE;6BACd;yBACF,CAAC,EANI,CAMJ,EACF,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;gCACxB,iDAAiD;gCACjD,OAAO,IAAI,CAAC,KAAK,KAAK,WAAW,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,CAAA;4BACxE,CAAC,EAAC,CACH;wBAED,gEAAgE;sBAF/D;;oBAfD,mEAAmE;oBACnE,SAcC,CAAA;oBAED,gEAAgE;oBAChE,qBAAM,IAAA,oBAAU,EACd,iEAAiE,EACjE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;4BAChD,SAAS,EAAE,UAAU;4BACrB,WAAW,EAAE;gCACX,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;gCAClC,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE;6BAC7E;yBACF,CAAC,EANI,CAMJ,EACF,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;gCACzB,IAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gCAC1B,gEAAgE;gCAChE,OAAO,KAAK,CAAC,KAAK,KAAK,CAAC,IAAI,IAAI,CAAC,cAAc,KAAK,SAAS,CAAA;4BAC/D,CAAC,EAAC,CACH;wBAED,iDAAiD;sBAFhD;;oBAhBD,gEAAgE;oBAChE,SAeC,CAAA;oBAED,iDAAiD;oBACjD,IAAA,oBAAU,EAAC,8CAA8C,CAAC,CAAA;oBAGpD,sBAAsB,GAAG,2BAA2B,CAAA;oBAC7C,qBAAM,GAAG,CAAC,GAAG,CAAC,6BAA6B,CAAC,SAAS,CAAC;4BACjE,IAAI,EAAE,sBAAsB;4BAC5B,WAAW,wBACN,gCAAoB;gCACvB,wEAAwE;gCACxE,QAAQ,EAAE;oCACR,MAAM,EAAE,KAAK;oCACb,IAAI,EAAE,KAAK;oCACX,MAAM,EAAE,KAAK;oCACb,MAAM,EAAE,KAAK;iCACd,EACD,iBAAiB,EAAE;oCACjB,MAAM,EAAE,IAAI;oCACZ,IAAI,EAAE,IAAI;oCACV,MAAM,EAAE,IAAI;oCACZ,MAAM,EAAE,IAAI;iCACb,GACF;yBACF,CAAC;wBAEF,sCAAsC;sBAFpC;;oBAlBI,IAAI,GAAG,SAkBX;oBAGI,aAAa,GAAG,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAA;;;;oBAG9C,+CAA+C;oBAC/C,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,sBAAsB,CAAC,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAC,EAAA;;oBAD1H,+CAA+C;oBAC/C,SAA0H,CAAA;oBAC1H,qBAAM,IAAA,cAAI,EAAC,SAAS,EAAE,IAAI,CAAC,EAAA,CAAC,oCAAoC;;oBAAhE,SAA2B,CAAA,CAAC,oCAAoC;oBAChE,qBAAM,WAAW,CAAC,YAAY,CAAC,aAAc,EAAE,gBAAiB,CAAC;wBAEjE,8EAA8E;sBAFb;;oBAAjE,SAAiE,CAAA;oBAEjE,8EAA8E;oBAC9E,qBAAM,IAAA,oBAAU,EACd,4DAA4D,EAC5D,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;4BACxD,SAAS,EAAE,UAAU;4BACrB,WAAW,EAAE;gCACX,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE;gCAClC,EAAE,MAAM,EAAE,OAAO,EAAE;6BACpB;yBACF,CAAC,EANI,CAMJ,EACF,EAAE,QAAQ,EAAE,UAAA,CAAC,YAAI,OAAA,CAAA,MAAA,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,0CAAE,KAAK,MAAK,CAAC,CAAA,EAAA,EAAE,CAC5C;wBAED,sEAAsE;sBAFrE;;oBAXD,8EAA8E;oBAC9E,SAUC,CAAA;oBAED,sEAAsE;oBACtE,qBAAM,IAAA,oBAAU,EACd,8DAA8D,EAC9D,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,kBAAkB,CAAC;4BACxD,SAAS,EAAE,mBAAmB;4BAC9B,WAAW,EAAE;gCACX,EAAE,MAAM,EAAE,EAAE,EAAE;gCACd,EAAE,MAAM,EAAE,OAAO,EAAE;6BACpB;yBACF,CAAC,EANI,CAMJ,EACF,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,OAAO,KAAK,yCAAyC,EAAvD,CAAuD,EAAE,CACpG,EAAA;;oBAXD,sEAAsE;oBACtE,SAUC,CAAA;oBAED,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;;;gBAEtE,wBAAwB;gBACxB,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAC,EAAA;;oBAD/G,wBAAwB;oBACxB,SAA+G,CAAA;oBAC/G,qBAAM,IAAA,cAAI,EAAC,SAAS,EAAE,IAAI,CAAC,EAAA;;oBAA3B,SAA2B,CAAA;oBAC3B,qBAAM,WAAW,CAAC,YAAY,CAAC,aAAc,EAAE,gBAAiB,CAAC;wBAEjE,eAAe;sBAFkD;;oBAAjE,SAAiE,CAAA;oBAEjE,eAAe;oBACf,qBAAM,GAAG,CAAC,GAAG,CAAC,6BAA6B,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAA;;oBAD9D,eAAe;oBACf,SAA8D,CAAA;;;oBAGhE,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAA;;;gBAEpD,UAAU;gBACV,qBAAM,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,EAAA;;oBADhD,UAAU;oBACV,SAAgD,CAAA;;;;;;CAEnD,CAAA;AAhLY,QAAA,wBAAwB,4BAgLpC;AAED,6CAA6C;AAC7C,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE;IAC3B,OAAO,CAAC,GAAG,CAAC,sCAAqB,IAAI,CAAE,CAAC,CAAA;IACxC,IAAM,KAAG,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IACjC,IAAM,aAAW,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IAEzC,IAAM,QAAQ,GAAG;;;wBACf,qBAAM,IAAA,mBAAW,EAAC,KAAG,EAAE,aAAW,CAAC,EAAA;;oBAAnC,SAAmC,CAAA;oBACnC,qBAAM,IAAA,gCAAwB,EAAC,EAAE,GAAG,OAAA,EAAE,WAAW,eAAA,EAAE,CAAC,EAAA;;oBAApD,SAAoD,CAAA;;;;SACrD,CAAA;IAED,QAAQ,EAAE;SACP,IAAI,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAA;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC;SACD,KAAK,CAAC,UAAC,KAAK;QACX,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,KAAK,CAAC,CAAA;QAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;CACL"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { Session } from "../../sdk";
|
|
2
|
+
/**
|
|
3
|
+
* Security tests for endpoints with noAccessPermissions: true
|
|
4
|
+
*
|
|
5
|
+
* These tests verify that endpoints which bypass the standard middleware access check
|
|
6
|
+
* still properly enforce NO_ACCESS restrictions in their handlers.
|
|
7
|
+
*
|
|
8
|
+
* Test approach:
|
|
9
|
+
* 1. Create a role with NO_ACCESS (null) for a specific model
|
|
10
|
+
* 2. Assign that role to a non-admin user
|
|
11
|
+
* 3. Attempt to call the endpoint
|
|
12
|
+
* 4. Verify whether access is properly denied
|
|
13
|
+
*
|
|
14
|
+
* If a test shows data is returned when it shouldn't be, that endpoint needs a fix.
|
|
15
|
+
*/
|
|
16
|
+
export declare const no_access_permission_checks_tests: ({ sdk, sdkNonAdmin }: {
|
|
17
|
+
sdk: Session;
|
|
18
|
+
sdkNonAdmin: Session;
|
|
19
|
+
}) => Promise<void>;
|
|
20
|
+
//# sourceMappingURL=no_access_permission_checks.test.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"no_access_permission_checks.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/api_tests/no_access_permission_checks.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAYnC;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,iCAAiC;SAAwC,OAAO;iBAAe,OAAO;mBA0TlH,CAAA"}
|