cojson 0.0.21 → 0.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/dist/account.d.ts +1 -1
  2. package/dist/account.js +1 -1
  3. package/dist/account.js.map +1 -1
  4. package/dist/coValue.d.ts +3 -2
  5. package/dist/coValue.js +10 -9
  6. package/dist/coValue.js.map +1 -1
  7. package/dist/contentTypes/coMap.d.ts +2 -2
  8. package/dist/contentTypes/coMap.js +6 -6
  9. package/dist/contentTypes/coMap.js.map +1 -1
  10. package/dist/index.d.ts +5 -2
  11. package/dist/index.js +3 -1
  12. package/dist/index.js.map +1 -1
  13. package/dist/node.d.ts +2 -1
  14. package/dist/node.js +43 -3
  15. package/dist/node.js.map +1 -1
  16. package/dist/permissions.d.ts +4 -32
  17. package/dist/permissions.js +42 -106
  18. package/dist/permissions.js.map +1 -1
  19. package/dist/team.d.ts +35 -0
  20. package/dist/team.js +110 -0
  21. package/dist/team.js.map +1 -0
  22. package/dist/testUtils.d.ts +2 -2
  23. package/dist/testUtils.js +1 -1
  24. package/dist/testUtils.js.map +1 -1
  25. package/package.json +2 -2
  26. package/src/account.ts +1 -1
  27. package/src/coValue.ts +10 -11
  28. package/src/contentTypes/coMap.ts +8 -8
  29. package/src/crypto.test.ts +10 -9
  30. package/src/index.ts +5 -0
  31. package/src/node.ts +113 -11
  32. package/src/permissions.test.ts +503 -3
  33. package/src/permissions.ts +70 -206
  34. package/src/sync.test.ts +8 -8
  35. package/src/team.ts +225 -0
  36. package/src/testUtils.ts +1 -1
  37. package/tsconfig.json +1 -0
  38. package/dist/account.test.d.ts +0 -1
  39. package/dist/account.test.js +0 -40
  40. package/dist/account.test.js.map +0 -1
  41. package/dist/coValue.test.d.ts +0 -1
  42. package/dist/coValue.test.js +0 -78
  43. package/dist/coValue.test.js.map +0 -1
  44. package/dist/contentType.test.d.ts +0 -1
  45. package/dist/contentType.test.js +0 -145
  46. package/dist/contentType.test.js.map +0 -1
  47. package/dist/crypto.test.d.ts +0 -1
  48. package/dist/crypto.test.js +0 -111
  49. package/dist/crypto.test.js.map +0 -1
  50. package/dist/permissions.test.d.ts +0 -1
  51. package/dist/permissions.test.js +0 -711
  52. package/dist/permissions.test.js.map +0 -1
  53. package/dist/sync.test.d.ts +0 -1
  54. package/dist/sync.test.js +0 -827
  55. package/dist/sync.test.js.map +0 -1
package/dist/permissions.test.js DELETED
@@ -1,711 +0,0 @@
1
- import { newRandomSessionID } from "./coValue.js";
2
- import { expectMap } from "./contentType.js";
3
- import { expectTeamContent } from "./permissions.js";
4
- import { createdNowUnique, newRandomKeySecret, seal, encryptKeySecret, } from "./crypto.js";
5
- import { newTeam, newTeamHighLevel, teamWithTwoAdmins, teamWithTwoAdminsHighLevel, } from "./testUtils.js";
6
- test("Initial admin can add another admin to a team", () => {
7
- teamWithTwoAdmins();
8
- });
9
- test("Initial admin can add another admin to a team (high level)", () => {
10
- teamWithTwoAdminsHighLevel();
11
- });
12
- test("Added admin can add a third admin to a team", () => {
13
- const { team, otherAdmin, node } = teamWithTwoAdmins();
14
- const teamAsOtherAdmin = team.testWithDifferentAccount(otherAdmin, newRandomSessionID(otherAdmin.id));
15
- let otherContent = expectTeamContent(teamAsOtherAdmin.getCurrentContent());
16
- expect(otherContent.get(otherAdmin.id)).toEqual("admin");
17
- const thirdAdmin = node.createAccount("thirdAdmin");
18
- otherContent.edit((editable) => {
19
- editable.set(thirdAdmin.id, "admin", "trusting");
20
- expect(editable.get(thirdAdmin.id)).toEqual("admin");
21
- });
22
- otherContent = expectTeamContent(teamAsOtherAdmin.getCurrentContent());
23
- expect(otherContent.get(thirdAdmin.id)).toEqual("admin");
24
- });
25
- test("Added adming can add a third admin to a team (high level)", () => {
26
- const { team, otherAdmin, node } = teamWithTwoAdminsHighLevel();
27
- const teamAsOtherAdmin = team.testWithDifferentAccount(otherAdmin, newRandomSessionID(otherAdmin.id));
28
- const thirdAdmin = node.createAccount("thirdAdmin");
29
- teamAsOtherAdmin.addMember(thirdAdmin.id, "admin");
30
- expect(teamAsOtherAdmin.teamMap.get(thirdAdmin.id)).toEqual("admin");
31
- });
32
- test("Admins can't demote other admins in a team", () => {
33
- const { team, admin, otherAdmin } = teamWithTwoAdmins();
34
- let teamContent = expectTeamContent(team.getCurrentContent());
35
- teamContent.edit((editable) => {
36
- editable.set(otherAdmin.id, "writer", "trusting");
37
- expect(editable.get(otherAdmin.id)).toEqual("admin");
38
- });
39
- teamContent = expectTeamContent(team.getCurrentContent());
40
- expect(teamContent.get(otherAdmin.id)).toEqual("admin");
41
- const teamAsOtherAdmin = team.testWithDifferentAccount(otherAdmin, newRandomSessionID(otherAdmin.id));
42
- let teamContentAsOtherAdmin = expectTeamContent(teamAsOtherAdmin.getCurrentContent());
43
- teamContentAsOtherAdmin.edit((editable) => {
44
- editable.set(admin.id, "writer", "trusting");
45
- expect(editable.get(admin.id)).toEqual("admin");
46
- });
47
- teamContentAsOtherAdmin = expectTeamContent(teamAsOtherAdmin.getCurrentContent());
48
- expect(teamContentAsOtherAdmin.get(admin.id)).toEqual("admin");
49
- });
50
- test("Admins can't demote other admins in a team (high level)", () => {
51
- const { team, admin, otherAdmin } = teamWithTwoAdminsHighLevel();
52
- const teamAsOtherAdmin = team.testWithDifferentAccount(otherAdmin, newRandomSessionID(otherAdmin.id));
53
- expect(() => teamAsOtherAdmin.addMember(admin.id, "writer")).toThrow("Failed to set role");
54
- expect(teamAsOtherAdmin.teamMap.get(admin.id)).toEqual("admin");
55
- });
56
- test("Admins an add writers to a team, who can't add admins, writers, or readers", () => {
57
- const { team, node } = newTeam();
58
- const writer = node.createAccount("writer");
59
- let teamContent = expectTeamContent(team.getCurrentContent());
60
- teamContent.edit((editable) => {
61
- editable.set(writer.id, "writer", "trusting");
62
- expect(editable.get(writer.id)).toEqual("writer");
63
- });
64
- teamContent = expectTeamContent(team.getCurrentContent());
65
- expect(teamContent.get(writer.id)).toEqual("writer");
66
- const teamAsWriter = team.testWithDifferentAccount(writer, newRandomSessionID(writer.id));
67
- let teamContentAsWriter = expectTeamContent(teamAsWriter.getCurrentContent());
68
- expect(teamContentAsWriter.get(writer.id)).toEqual("writer");
69
- const otherAgent = node.createAccount("otherAgent");
70
- teamContentAsWriter.edit((editable) => {
71
- editable.set(otherAgent.id, "admin", "trusting");
72
- expect(editable.get(otherAgent.id)).toBeUndefined();
73
- editable.set(otherAgent.id, "writer", "trusting");
74
- expect(editable.get(otherAgent.id)).toBeUndefined();
75
- editable.set(otherAgent.id, "reader", "trusting");
76
- expect(editable.get(otherAgent.id)).toBeUndefined();
77
- });
78
- teamContentAsWriter = expectTeamContent(teamAsWriter.getCurrentContent());
79
- expect(teamContentAsWriter.get(otherAgent.id)).toBeUndefined();
80
- });
81
- test("Admins an add writers to a team, who can't add admins, writers, or readers (high level)", () => {
82
- const { team, node } = newTeamHighLevel();
83
- const writer = node.createAccount("writer");
84
- team.addMember(writer.id, "writer");
85
- expect(team.teamMap.get(writer.id)).toEqual("writer");
86
- const teamAsWriter = team.testWithDifferentAccount(writer, newRandomSessionID(writer.id));
87
- expect(teamAsWriter.teamMap.get(writer.id)).toEqual("writer");
88
- const otherAgent = node.createAccount("otherAgent");
89
- expect(() => teamAsWriter.addMember(otherAgent.id, "admin")).toThrow("Failed to set role");
90
- expect(() => teamAsWriter.addMember(otherAgent.id, "writer")).toThrow("Failed to set role");
91
- expect(() => teamAsWriter.addMember(otherAgent.id, "reader")).toThrow("Failed to set role");
92
- expect(teamAsWriter.teamMap.get(otherAgent.id)).toBeUndefined();
93
- });
94
- test("Admins can add readers to a team, who can't add admins, writers, or readers", () => {
95
- const { team, node } = newTeam();
96
- const reader = node.createAccount("reader");
97
- let teamContent = expectTeamContent(team.getCurrentContent());
98
- teamContent.edit((editable) => {
99
- editable.set(reader.id, "reader", "trusting");
100
- expect(editable.get(reader.id)).toEqual("reader");
101
- });
102
- teamContent = expectTeamContent(team.getCurrentContent());
103
- expect(teamContent.get(reader.id)).toEqual("reader");
104
- const teamAsReader = team.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
105
- let teamContentAsReader = expectTeamContent(teamAsReader.getCurrentContent());
106
- expect(teamContentAsReader.get(reader.id)).toEqual("reader");
107
- const otherAgent = node.createAccount("otherAgent");
108
- teamContentAsReader.edit((editable) => {
109
- editable.set(otherAgent.id, "admin", "trusting");
110
- expect(editable.get(otherAgent.id)).toBeUndefined();
111
- editable.set(otherAgent.id, "writer", "trusting");
112
- expect(editable.get(otherAgent.id)).toBeUndefined();
113
- editable.set(otherAgent.id, "reader", "trusting");
114
- expect(editable.get(otherAgent.id)).toBeUndefined();
115
- });
116
- teamContentAsReader = expectTeamContent(teamAsReader.getCurrentContent());
117
- expect(teamContentAsReader.get(otherAgent.id)).toBeUndefined();
118
- });
119
- test("Admins can add readers to a team, who can't add admins, writers, or readers (high level)", () => {
120
- const { team, node } = newTeamHighLevel();
121
- const reader = node.createAccount("reader");
122
- team.addMember(reader.id, "reader");
123
- expect(team.teamMap.get(reader.id)).toEqual("reader");
124
- const teamAsReader = team.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
125
- expect(teamAsReader.teamMap.get(reader.id)).toEqual("reader");
126
- const otherAgent = node.createAccount("otherAgent");
127
- expect(() => teamAsReader.addMember(otherAgent.id, "admin")).toThrow("Failed to set role");
128
- expect(() => teamAsReader.addMember(otherAgent.id, "writer")).toThrow("Failed to set role");
129
- expect(() => teamAsReader.addMember(otherAgent.id, "reader")).toThrow("Failed to set role");
130
- expect(teamAsReader.teamMap.get(otherAgent.id)).toBeUndefined();
131
- });
132
- test("Admins can write to an object that is owned by their team", () => {
133
- const { node, team } = newTeam();
134
- const childObject = node.createCoValue({
135
- type: "comap",
136
- ruleset: { type: "ownedByTeam", team: team.id },
137
- meta: null,
138
- ...createdNowUnique(),
139
- });
140
- let childContent = expectMap(childObject.getCurrentContent());
141
- childContent.edit((editable) => {
142
- editable.set("foo", "bar", "trusting");
143
- expect(editable.get("foo")).toEqual("bar");
144
- });
145
- childContent = expectMap(childObject.getCurrentContent());
146
- expect(childContent.get("foo")).toEqual("bar");
147
- });
148
- test("Admins can write to an object that is owned by their team (high level)", () => {
149
- const { node, team } = newTeamHighLevel();
150
- let childObject = team.createMap();
151
- childObject = childObject.edit((editable) => {
152
- editable.set("foo", "bar", "trusting");
153
- expect(editable.get("foo")).toEqual("bar");
154
- });
155
- expect(childObject.get("foo")).toEqual("bar");
156
- });
157
- test("Writers can write to an object that is owned by their team", () => {
158
- const { node, team } = newTeam();
159
- const writer = node.createAccount("writer");
160
- expectTeamContent(team.getCurrentContent()).edit((editable) => {
161
- editable.set(writer.id, "writer", "trusting");
162
- expect(editable.get(writer.id)).toEqual("writer");
163
- });
164
- const childObject = node.createCoValue({
165
- type: "comap",
166
- ruleset: { type: "ownedByTeam", team: team.id },
167
- meta: null,
168
- ...createdNowUnique(),
169
- });
170
- const childObjectAsWriter = childObject.testWithDifferentAccount(writer, newRandomSessionID(writer.id));
171
- let childContentAsWriter = expectMap(childObjectAsWriter.getCurrentContent());
172
- childContentAsWriter.edit((editable) => {
173
- editable.set("foo", "bar", "trusting");
174
- expect(editable.get("foo")).toEqual("bar");
175
- });
176
- childContentAsWriter = expectMap(childObjectAsWriter.getCurrentContent());
177
- expect(childContentAsWriter.get("foo")).toEqual("bar");
178
- });
179
- test("Writers can write to an object that is owned by their team (high level)", () => {
180
- const { node, team } = newTeamHighLevel();
181
- const writer = node.createAccount("writer");
182
- team.addMember(writer.id, "writer");
183
- const childObject = team.createMap();
184
- let childObjectAsWriter = expectMap(childObject.coValue
185
- .testWithDifferentAccount(writer, newRandomSessionID(writer.id))
186
- .getCurrentContent());
187
- childObjectAsWriter = childObjectAsWriter.edit((editable) => {
188
- editable.set("foo", "bar", "trusting");
189
- expect(editable.get("foo")).toEqual("bar");
190
- });
191
- expect(childObjectAsWriter.get("foo")).toEqual("bar");
192
- });
193
- test("Readers can not write to an object that is owned by their team", () => {
194
- const { node, team } = newTeam();
195
- const reader = node.createAccount("reader");
196
- expectTeamContent(team.getCurrentContent()).edit((editable) => {
197
- editable.set(reader.id, "reader", "trusting");
198
- expect(editable.get(reader.id)).toEqual("reader");
199
- });
200
- const childObject = node.createCoValue({
201
- type: "comap",
202
- ruleset: { type: "ownedByTeam", team: team.id },
203
- meta: null,
204
- ...createdNowUnique(),
205
- });
206
- const childObjectAsReader = childObject.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
207
- let childContentAsReader = expectMap(childObjectAsReader.getCurrentContent());
208
- childContentAsReader.edit((editable) => {
209
- editable.set("foo", "bar", "trusting");
210
- expect(editable.get("foo")).toBeUndefined();
211
- });
212
- childContentAsReader = expectMap(childObjectAsReader.getCurrentContent());
213
- expect(childContentAsReader.get("foo")).toBeUndefined();
214
- });
215
- test("Readers can not write to an object that is owned by their team (high level)", () => {
216
- const { node, team } = newTeamHighLevel();
217
- const reader = node.createAccount("reader");
218
- team.addMember(reader.id, "reader");
219
- const childObject = team.createMap();
220
- let childObjectAsReader = expectMap(childObject.coValue
221
- .testWithDifferentAccount(reader, newRandomSessionID(reader.id))
222
- .getCurrentContent());
223
- childObjectAsReader = childObjectAsReader.edit((editable) => {
224
- editable.set("foo", "bar", "trusting");
225
- expect(editable.get("foo")).toBeUndefined();
226
- });
227
- expect(childObjectAsReader.get("foo")).toBeUndefined();
228
- });
229
- test("Admins can set team read key and then use it to create and read private transactions in owned objects", () => {
230
- const { node, team, admin } = newTeam();
231
- const teamContent = expectTeamContent(team.getCurrentContent());
232
- teamContent.edit((editable) => {
233
- const { secret: readKey, id: readKeyID } = newRandomKeySecret();
234
- const revelation = seal(readKey, admin.currentSealerSecret(), admin.currentSealerID(), {
235
- in: team.id,
236
- tx: team.nextTransactionID(),
237
- });
238
- editable.set(`${readKeyID}_for_${admin.id}`, revelation, "trusting");
239
- expect(editable.get(`${readKeyID}_for_${admin.id}`)).toEqual(revelation);
240
- editable.set("readKey", readKeyID, "trusting");
241
- expect(editable.get("readKey")).toEqual(readKeyID);
242
- expect(team.getCurrentReadKey().secret).toEqual(readKey);
243
- });
244
- const childObject = node.createCoValue({
245
- type: "comap",
246
- ruleset: { type: "ownedByTeam", team: team.id },
247
- meta: null,
248
- ...createdNowUnique(),
249
- });
250
- let childContent = expectMap(childObject.getCurrentContent());
251
- childContent.edit((editable) => {
252
- editable.set("foo", "bar", "private");
253
- expect(editable.get("foo")).toEqual("bar");
254
- });
255
- childContent = expectMap(childObject.getCurrentContent());
256
- expect(childContent.get("foo")).toEqual("bar");
257
- });
258
- test("Admins can set team read key and then use it to create and read private transactions in owned objects (high level)", () => {
259
- const { node, team, admin } = newTeamHighLevel();
260
- let childObject = team.createMap();
261
- childObject = childObject.edit((editable) => {
262
- editable.set("foo", "bar", "private");
263
- expect(editable.get("foo")).toEqual("bar");
264
- });
265
- expect(childObject.get("foo")).toEqual("bar");
266
- });
267
- test("Admins can set team read key and then writers can use it to create and read private transactions in owned objects", () => {
268
- const { node, team, admin } = newTeam();
269
- const writer = node.createAccount("writer");
270
- const { secret: readKey, id: readKeyID } = newRandomKeySecret();
271
- const teamContent = expectTeamContent(team.getCurrentContent());
272
- teamContent.edit((editable) => {
273
- editable.set(writer.id, "writer", "trusting");
274
- expect(editable.get(writer.id)).toEqual("writer");
275
- const revelation1 = seal(readKey, admin.currentSealerSecret(), admin.currentSealerID(), {
276
- in: team.id,
277
- tx: team.nextTransactionID(),
278
- });
279
- editable.set(`${readKeyID}_for_${admin.id}`, revelation1, "trusting");
280
- const revelation2 = seal(readKey, admin.currentSealerSecret(), writer.currentSealerID(), {
281
- in: team.id,
282
- tx: team.nextTransactionID(),
283
- });
284
- editable.set(`${readKeyID}_for_${writer.id}`, revelation2, "trusting");
285
- editable.set("readKey", readKeyID, "trusting");
286
- });
287
- const childObject = node.createCoValue({
288
- type: "comap",
289
- ruleset: { type: "ownedByTeam", team: team.id },
290
- meta: null,
291
- ...createdNowUnique(),
292
- });
293
- const childObjectAsWriter = childObject.testWithDifferentAccount(writer, newRandomSessionID(writer.id));
294
- expect(childObject.getCurrentReadKey().secret).toEqual(readKey);
295
- let childContentAsWriter = expectMap(childObjectAsWriter.getCurrentContent());
296
- childContentAsWriter.edit((editable) => {
297
- editable.set("foo", "bar", "private");
298
- expect(editable.get("foo")).toEqual("bar");
299
- });
300
- childContentAsWriter = expectMap(childObjectAsWriter.getCurrentContent());
301
- expect(childContentAsWriter.get("foo")).toEqual("bar");
302
- });
303
- test("Admins can set team read key and then writers can use it to create and read private transactions in owned objects (high level)", () => {
304
- const { node, team, admin } = newTeamHighLevel();
305
- const writer = node.createAccount("writer");
306
- team.addMember(writer.id, "writer");
307
- const childObject = team.createMap();
308
- let childObjectAsWriter = expectMap(childObject.coValue
309
- .testWithDifferentAccount(writer, newRandomSessionID(writer.id))
310
- .getCurrentContent());
311
- childObjectAsWriter = childObjectAsWriter.edit((editable) => {
312
- editable.set("foo", "bar", "private");
313
- expect(editable.get("foo")).toEqual("bar");
314
- });
315
- expect(childObjectAsWriter.get("foo")).toEqual("bar");
316
- });
317
- test("Admins can set team read key and then use it to create private transactions in owned objects, which readers can read", () => {
318
- const { node, team, admin } = newTeam();
319
- const reader = node.createAccount("reader");
320
- const { secret: readKey, id: readKeyID } = newRandomKeySecret();
321
- const teamContent = expectTeamContent(team.getCurrentContent());
322
- teamContent.edit((editable) => {
323
- editable.set(reader.id, "reader", "trusting");
324
- expect(editable.get(reader.id)).toEqual("reader");
325
- const revelation1 = seal(readKey, admin.currentSealerSecret(), admin.currentSealerID(), {
326
- in: team.id,
327
- tx: team.nextTransactionID(),
328
- });
329
- editable.set(`${readKeyID}_for_${admin.id}`, revelation1, "trusting");
330
- const revelation2 = seal(readKey, admin.currentSealerSecret(), reader.currentSealerID(), {
331
- in: team.id,
332
- tx: team.nextTransactionID(),
333
- });
334
- editable.set(`${readKeyID}_for_${reader.id}`, revelation2, "trusting");
335
- editable.set("readKey", readKeyID, "trusting");
336
- });
337
- const childObject = node.createCoValue({
338
- type: "comap",
339
- ruleset: { type: "ownedByTeam", team: team.id },
340
- meta: null,
341
- ...createdNowUnique(),
342
- });
343
- expectMap(childObject.getCurrentContent()).edit((editable) => {
344
- editable.set("foo", "bar", "private");
345
- expect(editable.get("foo")).toEqual("bar");
346
- });
347
- const childObjectAsReader = childObject.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
348
- expect(childObjectAsReader.getCurrentReadKey().secret).toEqual(readKey);
349
- const childContentAsReader = expectMap(childObjectAsReader.getCurrentContent());
350
- expect(childContentAsReader.get("foo")).toEqual("bar");
351
- });
352
- test("Admins can set team read key and then use it to create private transactions in owned objects, which readers can read (high level)", () => {
353
- const { node, team, admin } = newTeamHighLevel();
354
- const reader = node.createAccount("reader");
355
- team.addMember(reader.id, "reader");
356
- let childObject = team.createMap();
357
- childObject = childObject.edit((editable) => {
358
- editable.set("foo", "bar", "private");
359
- expect(editable.get("foo")).toEqual("bar");
360
- });
361
- const childContentAsReader = expectMap(childObject.coValue
362
- .testWithDifferentAccount(reader, newRandomSessionID(reader.id))
363
- .getCurrentContent());
364
- expect(childContentAsReader.get("foo")).toEqual("bar");
365
- });
366
- test("Admins can set team read key and then use it to create private transactions in owned objects, which readers can read, even with a separate later revelation for the same read key", () => {
367
- const { node, team, admin } = newTeam();
368
- const reader1 = node.createAccount("reader1");
369
- const reader2 = node.createAccount("reader2");
370
- const { secret: readKey, id: readKeyID } = newRandomKeySecret();
371
- const teamContent = expectTeamContent(team.getCurrentContent());
372
- teamContent.edit((editable) => {
373
- editable.set(reader1.id, "reader", "trusting");
374
- expect(editable.get(reader1.id)).toEqual("reader");
375
- const revelation1 = seal(readKey, admin.currentSealerSecret(), admin.currentSealerID(), {
376
- in: team.id,
377
- tx: team.nextTransactionID(),
378
- });
379
- editable.set(`${readKeyID}_for_${admin.id}`, revelation1, "trusting");
380
- const revelation2 = seal(readKey, admin.currentSealerSecret(), reader1.currentSealerID(), {
381
- in: team.id,
382
- tx: team.nextTransactionID(),
383
- });
384
- editable.set(`${readKeyID}_for_${reader1.id}`, revelation2, "trusting");
385
- editable.set("readKey", readKeyID, "trusting");
386
- });
387
- const childObject = node.createCoValue({
388
- type: "comap",
389
- ruleset: { type: "ownedByTeam", team: team.id },
390
- meta: null,
391
- ...createdNowUnique(),
392
- });
393
- expectMap(childObject.getCurrentContent()).edit((editable) => {
394
- editable.set("foo", "bar", "private");
395
- expect(editable.get("foo")).toEqual("bar");
396
- });
397
- const childObjectAsReader1 = childObject.testWithDifferentAccount(reader1, newRandomSessionID(reader1.id));
398
- expect(childObjectAsReader1.getCurrentReadKey().secret).toEqual(readKey);
399
- const childContentAsReader1 = expectMap(childObjectAsReader1.getCurrentContent());
400
- expect(childContentAsReader1.get("foo")).toEqual("bar");
401
- teamContent.edit((editable) => {
402
- const revelation3 = seal(readKey, admin.currentSealerSecret(), reader2.currentSealerID(), {
403
- in: team.id,
404
- tx: team.nextTransactionID(),
405
- });
406
- editable.set(`${readKeyID}_for_${reader2.id}`, revelation3, "trusting");
407
- });
408
- const childObjectAsReader2 = childObject.testWithDifferentAccount(reader2, newRandomSessionID(reader2.id));
409
- expect(childObjectAsReader2.getCurrentReadKey().secret).toEqual(readKey);
410
- const childContentAsReader2 = expectMap(childObjectAsReader2.getCurrentContent());
411
- expect(childContentAsReader2.get("foo")).toEqual("bar");
412
- });
413
- test("Admins can set team read key and then use it to create private transactions in owned objects, which readers can read, even with a separate later revelation for the same read key (high level)", () => {
414
- const { node, team, admin } = newTeamHighLevel();
415
- const reader1 = node.createAccount("reader1");
416
- const reader2 = node.createAccount("reader2");
417
- team.addMember(reader1.id, "reader");
418
- let childObject = team.createMap();
419
- childObject = childObject.edit((editable) => {
420
- editable.set("foo", "bar", "private");
421
- expect(editable.get("foo")).toEqual("bar");
422
- });
423
- const childContentAsReader1 = expectMap(childObject.coValue
424
- .testWithDifferentAccount(reader1, newRandomSessionID(reader1.id))
425
- .getCurrentContent());
426
- expect(childContentAsReader1.get("foo")).toEqual("bar");
427
- team.addMember(reader2.id, "reader");
428
- const childContentAsReader2 = expectMap(childObject.coValue
429
- .testWithDifferentAccount(reader2, newRandomSessionID(reader2.id))
430
- .getCurrentContent());
431
- expect(childContentAsReader2.get("foo")).toEqual("bar");
432
- });
433
- test("Admins can set team read key, make a private transaction in an owned object, rotate the read key, make another private transaction, and both can be read by the admin", () => {
434
- const { node, team, admin } = newTeam();
435
- const teamContent = expectTeamContent(team.getCurrentContent());
436
- teamContent.edit((editable) => {
437
- const { secret: readKey, id: readKeyID } = newRandomKeySecret();
438
- const revelation = seal(readKey, admin.currentSealerSecret(), admin.currentSealerID(), {
439
- in: team.id,
440
- tx: team.nextTransactionID(),
441
- });
442
- editable.set(`${readKeyID}_for_${admin.id}`, revelation, "trusting");
443
- editable.set("readKey", readKeyID, "trusting");
444
- expect(editable.get("readKey")).toEqual(readKeyID);
445
- expect(team.getCurrentReadKey().secret).toEqual(readKey);
446
- });
447
- const childObject = node.createCoValue({
448
- type: "comap",
449
- ruleset: { type: "ownedByTeam", team: team.id },
450
- meta: null,
451
- ...createdNowUnique(),
452
- });
453
- let childContent = expectMap(childObject.getCurrentContent());
454
- childContent.edit((editable) => {
455
- editable.set("foo", "bar", "private");
456
- expect(editable.get("foo")).toEqual("bar");
457
- });
458
- childContent = expectMap(childObject.getCurrentContent());
459
- expect(childContent.get("foo")).toEqual("bar");
460
- teamContent.edit((editable) => {
461
- const { secret: readKey2, id: readKeyID2 } = newRandomKeySecret();
462
- const revelation = seal(readKey2, admin.currentSealerSecret(), admin.currentSealerID(), {
463
- in: team.id,
464
- tx: team.nextTransactionID(),
465
- });
466
- editable.set(`${readKeyID2}_for_${admin.id}`, revelation, "trusting");
467
- editable.set("readKey", readKeyID2, "trusting");
468
- expect(editable.get("readKey")).toEqual(readKeyID2);
469
- expect(team.getCurrentReadKey().secret).toEqual(readKey2);
470
- });
471
- childContent = expectMap(childObject.getCurrentContent());
472
- expect(childContent.get("foo")).toEqual("bar");
473
- childContent.edit((editable) => {
474
- editable.set("foo2", "bar2", "private");
475
- expect(editable.get("foo2")).toEqual("bar2");
476
- });
477
- childContent = expectMap(childObject.getCurrentContent());
478
- expect(childContent.get("foo")).toEqual("bar");
479
- expect(childContent.get("foo2")).toEqual("bar2");
480
- });
481
- test("Admins can set team read key, make a private transaction in an owned object, rotate the read key, make another private transaction, and both can be read by the admin (high level)", () => {
482
- const { team } = newTeamHighLevel();
483
- let childObject = team.createMap();
484
- const firstReadKey = childObject.coValue.getCurrentReadKey();
485
- childObject = childObject.edit((editable) => {
486
- editable.set("foo", "bar", "private");
487
- expect(editable.get("foo")).toEqual("bar");
488
- });
489
- expect(childObject.get("foo")).toEqual("bar");
490
- team.rotateReadKey();
491
- expect(childObject.coValue.getCurrentReadKey()).not.toEqual(firstReadKey);
492
- childObject = childObject.edit((editable) => {
493
- editable.set("foo2", "bar2", "private");
494
- expect(editable.get("foo2")).toEqual("bar2");
495
- });
496
- expect(childObject.get("foo")).toEqual("bar");
497
- expect(childObject.get("foo2")).toEqual("bar2");
498
- });
499
- test("Admins can set team read key, make a private transaction in an owned object, rotate the read key, add a reader, make another private transaction in the owned object, and both can be read by the reader", () => {
500
- const { node, team, admin } = newTeam();
501
- const childObject = node.createCoValue({
502
- type: "comap",
503
- ruleset: { type: "ownedByTeam", team: team.id },
504
- meta: null,
505
- ...createdNowUnique(),
506
- });
507
- const teamContent = expectTeamContent(team.getCurrentContent());
508
- const { secret: readKey, id: readKeyID } = newRandomKeySecret();
509
- teamContent.edit((editable) => {
510
- const revelation = seal(readKey, admin.currentSealerSecret(), admin.currentSealerID(), {
511
- in: team.id,
512
- tx: team.nextTransactionID(),
513
- });
514
- editable.set(`${readKeyID}_for_${admin.id}`, revelation, "trusting");
515
- editable.set("readKey", readKeyID, "trusting");
516
- expect(editable.get("readKey")).toEqual(readKeyID);
517
- expect(team.getCurrentReadKey().secret).toEqual(readKey);
518
- });
519
- let childContent = expectMap(childObject.getCurrentContent());
520
- childContent.edit((editable) => {
521
- editable.set("foo", "bar", "private");
522
- expect(editable.get("foo")).toEqual("bar");
523
- });
524
- childContent = expectMap(childObject.getCurrentContent());
525
- expect(childContent.get("foo")).toEqual("bar");
526
- const reader = node.createAccount("reader");
527
- const { secret: readKey2, id: readKeyID2 } = newRandomKeySecret();
528
- teamContent.edit((editable) => {
529
- const revelation2 = seal(readKey2, admin.currentSealerSecret(), admin.currentSealerID(), {
530
- in: team.id,
531
- tx: team.nextTransactionID(),
532
- });
533
- editable.set(`${readKeyID2}_for_${admin.id}`, revelation2, "trusting");
534
- const revelation3 = seal(readKey2, admin.currentSealerSecret(), reader.currentSealerID(), {
535
- in: team.id,
536
- tx: team.nextTransactionID(),
537
- });
538
- editable.set(`${readKeyID2}_for_${reader.id}`, revelation3, "trusting");
539
- editable.set(`${readKeyID}_for_${readKeyID2}`, encryptKeySecret({
540
- toEncrypt: { id: readKeyID, secret: readKey },
541
- encrypting: { id: readKeyID2, secret: readKey2 },
542
- }).encrypted, "trusting");
543
- editable.set("readKey", readKeyID2, "trusting");
544
- expect(editable.get("readKey")).toEqual(readKeyID2);
545
- expect(team.getCurrentReadKey().secret).toEqual(readKey2);
546
- editable.set(reader.id, "reader", "trusting");
547
- expect(editable.get(reader.id)).toEqual("reader");
548
- });
549
- childContent.edit((editable) => {
550
- editable.set("foo2", "bar2", "private");
551
- expect(editable.get("foo2")).toEqual("bar2");
552
- });
553
- const childObjectAsReader = childObject.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
554
- expect(childObjectAsReader.getCurrentReadKey().secret).toEqual(readKey2);
555
- const childContentAsReader = expectMap(childObjectAsReader.getCurrentContent());
556
- expect(childContentAsReader.get("foo")).toEqual("bar");
557
- expect(childContentAsReader.get("foo2")).toEqual("bar2");
558
- });
559
- test("Admins can set team read key, make a private transaction in an owned object, rotate the read key, add a reader, make another private transaction in the owned object, and both can be read by the reader (high level)", () => {
560
- const { node, team } = newTeamHighLevel();
561
- let childObject = team.createMap();
562
- const firstReadKey = childObject.coValue.getCurrentReadKey();
563
- childObject = childObject.edit((editable) => {
564
- editable.set("foo", "bar", "private");
565
- expect(editable.get("foo")).toEqual("bar");
566
- });
567
- expect(childObject.get("foo")).toEqual("bar");
568
- team.rotateReadKey();
569
- expect(childObject.coValue.getCurrentReadKey()).not.toEqual(firstReadKey);
570
- const reader = node.createAccount("reader");
571
- team.addMember(reader.id, "reader");
572
- childObject = childObject.edit((editable) => {
573
- editable.set("foo2", "bar2", "private");
574
- expect(editable.get("foo2")).toEqual("bar2");
575
- });
576
- const childContentAsReader = expectMap(childObject.coValue
577
- .testWithDifferentAccount(reader, newRandomSessionID(reader.id))
578
- .getCurrentContent());
579
- expect(childContentAsReader.get("foo")).toEqual("bar");
580
- expect(childContentAsReader.get("foo2")).toEqual("bar2");
581
- });
582
- test("Admins can set team read rey, make a private transaction in an owned object, rotate the read key, add two readers, rotate the read key again to kick out one reader, make another private transaction in the owned object, and only the remaining reader can read both transactions", () => {
583
- const { node, team, admin } = newTeam();
584
- const childObject = node.createCoValue({
585
- type: "comap",
586
- ruleset: { type: "ownedByTeam", team: team.id },
587
- meta: null,
588
- ...createdNowUnique(),
589
- });
590
- const teamContent = expectTeamContent(team.getCurrentContent());
591
- const { secret: readKey, id: readKeyID } = newRandomKeySecret();
592
- const reader = node.createAccount("reader");
593
- const reader2 = node.createAccount("reader2");
594
- teamContent.edit((editable) => {
595
- const revelation1 = seal(readKey, admin.currentSealerSecret(), admin.currentSealerID(), {
596
- in: team.id,
597
- tx: team.nextTransactionID(),
598
- });
599
- editable.set(`${readKeyID}_for_${admin.id}`, revelation1, "trusting");
600
- const revelation2 = seal(readKey, admin.currentSealerSecret(), reader.currentSealerID(), {
601
- in: team.id,
602
- tx: team.nextTransactionID(),
603
- });
604
- editable.set(`${readKeyID}_for_${reader.id}`, revelation2, "trusting");
605
- const revelation3 = seal(readKey, admin.currentSealerSecret(), reader2.currentSealerID(), {
606
- in: team.id,
607
- tx: team.nextTransactionID(),
608
- });
609
- editable.set(`${readKeyID}_for_${reader2.id}`, revelation3, "trusting");
610
- editable.set("readKey", readKeyID, "trusting");
611
- expect(editable.get("readKey")).toEqual(readKeyID);
612
- expect(team.getCurrentReadKey().secret).toEqual(readKey);
613
- editable.set(reader.id, "reader", "trusting");
614
- expect(editable.get(reader.id)).toEqual("reader");
615
- editable.set(reader2.id, "reader", "trusting");
616
- expect(editable.get(reader2.id)).toEqual("reader");
617
- });
618
- let childContent = expectMap(childObject.getCurrentContent());
619
- childContent.edit((editable) => {
620
- editable.set("foo", "bar", "private");
621
- expect(editable.get("foo")).toEqual("bar");
622
- });
623
- childContent = expectMap(childObject.getCurrentContent());
624
- expect(childContent.get("foo")).toEqual("bar");
625
- let childObjectAsReader = childObject.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
626
- expect(expectMap(childObjectAsReader.getCurrentContent()).get("foo")).toEqual("bar");
627
- let childObjectAsReader2 = childObject.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
628
- expect(expectMap(childObjectAsReader2.getCurrentContent()).get("foo")).toEqual("bar");
629
- const { secret: readKey2, id: readKeyID2 } = newRandomKeySecret();
630
- teamContent.edit((editable) => {
631
- const newRevelation1 = seal(readKey2, admin.currentSealerSecret(), admin.currentSealerID(), {
632
- in: team.id,
633
- tx: team.nextTransactionID(),
634
- });
635
- editable.set(`${readKeyID2}_for_${admin.id}`, newRevelation1, "trusting");
636
- const newRevelation2 = seal(readKey2, admin.currentSealerSecret(), reader2.currentSealerID(), {
637
- in: team.id,
638
- tx: team.nextTransactionID(),
639
- });
640
- editable.set(`${readKeyID2}_for_${reader2.id}`, newRevelation2, "trusting");
641
- editable.set("readKey", readKeyID2, "trusting");
642
- expect(editable.get("readKey")).toEqual(readKeyID2);
643
- expect(team.getCurrentReadKey().secret).toEqual(readKey2);
644
- editable.set(reader.id, "revoked", "trusting");
645
- // expect(editable.get(reader.id)).toEqual("revoked");
646
- });
647
- expect(childObject.getCurrentReadKey().secret).toEqual(readKey2);
648
- childContent = expectMap(childObject.getCurrentContent());
649
- childContent.edit((editable) => {
650
- editable.set("foo2", "bar2", "private");
651
- expect(editable.get("foo2")).toEqual("bar2");
652
- });
653
- // TODO: make sure these instances of coValues sync between each other so this isn't necessary?
654
- childObjectAsReader = childObject.testWithDifferentAccount(reader, newRandomSessionID(reader.id));
655
- childObjectAsReader2 = childObject.testWithDifferentAccount(reader2, newRandomSessionID(reader2.id));
656
- expect(expectMap(childObjectAsReader.getCurrentContent()).get("foo2")).toBeUndefined();
657
- expect(expectMap(childObjectAsReader2.getCurrentContent()).get("foo2")).toEqual("bar2");
658
- });
659
- test("Admins can set team read rey, make a private transaction in an owned object, rotate the read key, add two readers, rotate the read key again to kick out one reader, make another private transaction in the owned object, and only the remaining reader can read both transactions (high level)", () => {
660
- const { node, team } = newTeamHighLevel();
661
- let childObject = team.createMap();
662
- childObject = childObject.edit((editable) => {
663
- editable.set("foo", "bar", "private");
664
- expect(editable.get("foo")).toEqual("bar");
665
- });
666
- expect(childObject.get("foo")).toEqual("bar");
667
- team.rotateReadKey();
668
- const secondReadKey = childObject.coValue.getCurrentReadKey();
669
- const reader = node.createAccount("reader");
670
- const reader2 = node.createAccount("reader2");
671
- team.addMember(reader.id, "reader");
672
- team.addMember(reader2.id, "reader");
673
- childObject = childObject.edit((editable) => {
674
- editable.set("foo2", "bar2", "private");
675
- expect(editable.get("foo2")).toEqual("bar2");
676
- });
677
- expect(childObject.get("foo")).toEqual("bar");
678
- expect(childObject.get("foo2")).toEqual("bar2");
679
- team.removeMember(reader.id);
680
- expect(childObject.coValue.getCurrentReadKey()).not.toEqual(secondReadKey);
681
- childObject = childObject.edit((editable) => {
682
- editable.set("foo3", "bar3", "private");
683
- expect(editable.get("foo3")).toEqual("bar3");
684
- });
685
- const childContentAsReader2 = expectMap(childObject.coValue
686
- .testWithDifferentAccount(reader2, newRandomSessionID(reader2.id))
687
- .getCurrentContent());
688
- expect(childContentAsReader2.get("foo")).toEqual("bar");
689
- expect(childContentAsReader2.get("foo2")).toEqual("bar2");
690
- expect(childContentAsReader2.get("foo3")).toEqual("bar3");
691
- expect(expectMap(childObject.coValue
692
- .testWithDifferentAccount(reader, newRandomSessionID(reader.id))
693
- .getCurrentContent()).get("foo3")).toBeUndefined();
694
- });
695
- test("Can create two owned objects in the same team and they will have different ids", () => {
696
- const { node, team } = newTeam();
697
- const childObject1 = node.createCoValue({
698
- type: "comap",
699
- ruleset: { type: "ownedByTeam", team: team.id },
700
- meta: null,
701
- ...createdNowUnique(),
702
- });
703
- const childObject2 = node.createCoValue({
704
- type: "comap",
705
- ruleset: { type: "ownedByTeam", team: team.id },
706
- meta: null,
707
- ...createdNowUnique(),
708
- });
709
- expect(childObject1.id).not.toEqual(childObject2.id);
710
- });
711
- //# sourceMappingURL=permissions.test.js.map