src/test/accesscontrol-test.js

/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */

'use strict';

var accesscontrol = require('../accesscontrol.js'),
    expect = require('expect.js');

describe('access control', function () {
    describe('canonicalScope', function () {
        it('only * scope', function () {
            expect(accesscontrol.canonicalScope('*')).to.be(accesscontrol.VALID_SCOPES.join(','));
        });

        it('* in the middle', function () {
            expect(accesscontrol.canonicalScope('foo,bar,*')).to.be('foo,bar,' + accesscontrol.VALID_SCOPES.join(','));
        });
    });

    describe('intersectScope', function () { // args: allowed, wanted
        it('both are same', function () {
            expect(accesscontrol.intersectScope('apps,clients', 'clients,apps')).to.be('apps,clients');
        });

        it('some are different', function () {
            expect(accesscontrol.intersectScope('apps', 'clients,apps')).to.be('apps');
            expect(accesscontrol.intersectScope('clients,domains,mail', 'mail')).to.be('mail');
        });

        it('* in allowed', function () {
            expect(accesscontrol.intersectScope('*', 'clients,apps')).to.be('clients,apps');
            expect(accesscontrol.intersectScope('foo,*,bar', 'mail')).to.be('mail');
        });

        it('* in wanted', function () {
            expect(accesscontrol.intersectScope('clients,apps', '*')).to.be('clients,apps');
            expect(accesscontrol.intersectScope('mail', 'bar,*,foo')).to.be('mail');
            expect(accesscontrol.intersectScope('*', '*')).to.be(accesscontrol.VALID_SCOPES.join(','));
        });

        it('everything is different', function () {
            expect(accesscontrol.intersectScope('cloudron,domains', 'clients,apps')).to.be('');
        });
    });

    describe('validateScope', function () {
        it('allows valid scopes', function () {
            expect(accesscontrol.validateScope('apps')).to.be(null);
            expect(accesscontrol.validateScope('apps,mail')).to.be(null);
            expect(accesscontrol.validateScope('apps:read,mail')).to.be(null);
            expect(accesscontrol.validateScope('apps,mail:write')).to.be(null);
        });

        it('disallows invalid scopes', function () {
            expect(accesscontrol.validateScope('apps, mail')).to.be.an(Error);
            expect(accesscontrol.validateScope('random')).to.be.an(Error);
            expect(accesscontrol.validateScope('')).to.be.an(Error);
        });
    });

    describe('hasScopes', function () {
        it('succeeds if it contains the scope', function () {
            expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps' ])).to.be(null);
            expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'mail' ])).to.be(null);
            expect(accesscontrol.hasScopes([ 'clients', '*', 'apps', 'mail' ], [ 'mail' ])).to.be(null);

            // subscope
            expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps:read' ])).to.be(null);
            expect(accesscontrol.hasScopes([ 'apps:read' ], [ 'apps:read' ])).to.be(null);
            expect(accesscontrol.hasScopes([ 'apps' , 'mail' ], [ 'apps:*' ])).to.be(null);
            expect(accesscontrol.hasScopes([ '*' ], [ 'apps:read' ])).to.be(null);
        });

        it('fails if it does not contain the scope', function () {
            expect(accesscontrol.hasScopes([ 'apps' ], [ 'mail' ])).to.be.an(Error);
            expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'clients' ])).to.be.an(Error);

            // subscope
            expect(accesscontrol.hasScopes([ 'apps:write' ], [ 'apps:read' ])).to.be.an(Error);
        });
    });

    describe('validateRoles', function () {
        it('succeeds for valid roles', function () {
            expect(accesscontrol.validateRoles([ accesscontrol.ROLE_OWNER ])).to.be(null);
        });

        it('fails for invalid roles', function () {
            expect(accesscontrol.validateRoles([ 'janitor' ])).to.be.an(Error);
        });
    });
});
Add accesscontrol.canonicalScope tests 2018-06-14 20:17:54 -07:00			`/* jslint node:true */`
			`/* global it:false */`
			`/* global describe:false */`
			`/* global before:false */`
			`/* global after:false */`

			`'use strict';`

			`var accesscontrol = require('../accesscontrol.js'),`
			`expect = require('expect.js');`

			`describe('access control', function () {`
			`describe('canonicalScope', function () {`
			`it('only * scope', function () {`
Add an appstore scope for subscription settings 2018-06-17 18:09:13 -07:00			`expect(accesscontrol.canonicalScope('*')).to.be(accesscontrol.VALID_SCOPES.join(','));`
Add accesscontrol.canonicalScope tests 2018-06-14 20:17:54 -07:00			`});`

			`it('* in the middle', function () {`
Add an appstore scope for subscription settings 2018-06-17 18:09:13 -07:00			`expect(accesscontrol.canonicalScope('foo,bar,*')).to.be('foo,bar,' + accesscontrol.VALID_SCOPES.join(','));`
Add accesscontrol.canonicalScope tests 2018-06-14 20:17:54 -07:00			`});`
			`});`
normalizeScope -> intersectScope 2018-06-14 16:28:09 -07:00
			`describe('intersectScope', function () { // args: allowed, wanted`
			`it('both are same', function () {`
			`expect(accesscontrol.intersectScope('apps,clients', 'clients,apps')).to.be('apps,clients');`
			`});`

			`it('some are different', function () {`
			`expect(accesscontrol.intersectScope('apps', 'clients,apps')).to.be('apps');`
			`expect(accesscontrol.intersectScope('clients,domains,mail', 'mail')).to.be('mail');`
			`});`

			`it('* in allowed', function () {`
			`expect(accesscontrol.intersectScope('*', 'clients,apps')).to.be('clients,apps');`
			`expect(accesscontrol.intersectScope('foo,*,bar', 'mail')).to.be('mail');`
			`});`

			`it('* in wanted', function () {`
			`expect(accesscontrol.intersectScope('clients,apps', '*')).to.be('clients,apps');`
			`expect(accesscontrol.intersectScope('mail', 'bar,*,foo')).to.be('mail');`
Add an appstore scope for subscription settings 2018-06-17 18:09:13 -07:00			`expect(accesscontrol.intersectScope('', '')).to.be(accesscontrol.VALID_SCOPES.join(','));`
normalizeScope -> intersectScope 2018-06-14 16:28:09 -07:00			`});`

			`it('everything is different', function () {`
			`expect(accesscontrol.intersectScope('cloudron,domains', 'clients,apps')).to.be('');`
			`});`
validateRequestedScopes -> hasScopes 2018-06-14 16:32:24 -07:00			`});`

Add test for accesscontrol.validateScope 2018-06-14 20:51:15 -07:00			`describe('validateScope', function () {`
			`it('allows valid scopes', function () {`
			`expect(accesscontrol.validateScope('apps')).to.be(null);`
			`expect(accesscontrol.validateScope('apps,mail')).to.be(null);`
Allow subscopes We can now have scopes as apps:read, apps:write etc 2018-06-14 16:37:38 -07:00			`expect(accesscontrol.validateScope('apps:read,mail')).to.be(null);`
			`expect(accesscontrol.validateScope('apps,mail:write')).to.be(null);`
Add test for accesscontrol.validateScope 2018-06-14 20:51:15 -07:00			`});`

			`it('disallows invalid scopes', function () {`
			`expect(accesscontrol.validateScope('apps, mail')).to.be.an(Error);`
			`expect(accesscontrol.validateScope('random')).to.be.an(Error);`
			`expect(accesscontrol.validateScope('')).to.be.an(Error);`
			`});`
			`});`

validateRequestedScopes -> hasScopes 2018-06-14 16:32:24 -07:00			`describe('hasScopes', function () {`
			`it('succeeds if it contains the scope', function () {`
Make hasScopes take an array 2018-06-17 19:54:05 -07:00			`expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps' ])).to.be(null);`
			`expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'mail' ])).to.be(null);`
			`expect(accesscontrol.hasScopes([ 'clients', '*', 'apps', 'mail' ], [ 'mail' ])).to.be(null);`
Allow subscopes We can now have scopes as apps:read, apps:write etc 2018-06-14 16:37:38 -07:00
			`// subscope`
Make hasScopes take an array 2018-06-17 19:54:05 -07:00			`expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps:read' ])).to.be(null);`
			`expect(accesscontrol.hasScopes([ 'apps:read' ], [ 'apps:read' ])).to.be(null);`
			`expect(accesscontrol.hasScopes([ 'apps' , 'mail' ], [ 'apps:*' ])).to.be(null);`
			`expect(accesscontrol.hasScopes([ '*' ], [ 'apps:read' ])).to.be(null);`
validateRequestedScopes -> hasScopes 2018-06-14 16:32:24 -07:00			`});`
normalizeScope -> intersectScope 2018-06-14 16:28:09 -07:00
validateRequestedScopes -> hasScopes 2018-06-14 16:32:24 -07:00			`it('fails if it does not contain the scope', function () {`
Make hasScopes take an array 2018-06-17 19:54:05 -07:00			`expect(accesscontrol.hasScopes([ 'apps' ], [ 'mail' ])).to.be.an(Error);`
			`expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'clients' ])).to.be.an(Error);`
Allow subscopes We can now have scopes as apps:read, apps:write etc 2018-06-14 16:37:38 -07:00
			`// subscope`
Make hasScopes take an array 2018-06-17 19:54:05 -07:00			`expect(accesscontrol.hasScopes([ 'apps:write' ], [ 'apps:read' ])).to.be.an(Error);`
validateRequestedScopes -> hasScopes 2018-06-14 16:32:24 -07:00			`});`
normalizeScope -> intersectScope 2018-06-14 16:28:09 -07:00			`});`
Add API to add and update the group roles 2018-06-14 22:42:40 -07:00
			`describe('validateRoles', function () {`
			`it('succeeds for valid roles', function () {`
			`expect(accesscontrol.validateRoles([ accesscontrol.ROLE_OWNER ])).to.be(null);`
			`});`

			`it('fails for invalid roles', function () {`
			`expect(accesscontrol.validateRoles([ 'janitor' ])).to.be.an(Error);`
			`});`
			`});`
Add accesscontrol.canonicalScope tests 2018-06-14 20:17:54 -07:00			`});`