jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
8bc7dc97243dc92ec0ba7db8f790cde49eeb4675
cloudron-box/src/test/accesscontrol-test.js
Girish Ramakrishnan b4d5def56d Revert role support
2018-07-26 13:23:06 -07:00

81 lines
3.6 KiB
JavaScript
Raw Blame History

/* jslint node:true */
/* global it:false */
/* global describe:false */
/* global before:false */
/* global after:false */
'use strict';
var accesscontrol = require('../accesscontrol.js'),
expect = require('expect.js');
describe('access control', function () {
describe('canonicalScopeString', function () {
it('only * scope', function () {
expect(accesscontrol.canonicalScopeString('*')).to.be(accesscontrol.VALID_SCOPES.join(','));
});
it('identity for non-*', function () {
expect(accesscontrol.canonicalScopeString('foo,bar')).to.be('bar,foo'); // becomes sorted
});
});
describe('intersectScopes', function () { // args: allowed, wanted
it('both are same', function () {
expect(accesscontrol.intersectScopes([ 'apps', 'clients' ], [ 'apps', 'clients' ])).to.eql([ 'apps', 'clients' ]);
});
it('some are different', function () {
expect(accesscontrol.intersectScopes([ 'apps' ], [ 'apps', 'clients' ])).to.eql(['apps']);
expect(accesscontrol.intersectScopes([ 'clients', 'domains', 'mail' ], [ 'mail' ])).to.eql(['mail']);
});
it('everything is different', function () {
expect(accesscontrol.intersectScopes(['cloudron', 'domains' ], ['apps','clients'])).to.eql([]);
});
it('subscopes', function () {
expect(accesscontrol.intersectScopes(['apps:read' ], ['apps'])).to.eql(['apps:read']);
expect(accesscontrol.intersectScopes(['apps:read','domains','profile'], ['apps','domains:manage','profile'])).to.eql(['apps:read','domains:manage','profile']);
expect(accesscontrol.intersectScopes(['apps:read','domains','profile'], ['apps','apps:read'])).to.eql(['apps:read']);
});
});
describe('validateScopeString', function () {
it('allows valid scopes', function () {
expect(accesscontrol.validateScopeString('apps')).to.be(null);
expect(accesscontrol.validateScopeString('apps,mail')).to.be(null);
expect(accesscontrol.validateScopeString('apps:read,mail')).to.be(null);
expect(accesscontrol.validateScopeString('apps,mail:write')).to.be(null);
});
it('disallows invalid scopes', function () {
expect(accesscontrol.validateScopeString('apps, mail')).to.be.an(Error);
expect(accesscontrol.validateScopeString('random')).to.be.an(Error);
expect(accesscontrol.validateScopeString('')).to.be.an(Error);
});
});
describe('hasScopes', function () {
it('succeeds if it contains the scope', function () {
expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps' ])).to.be(null);
expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'mail' ])).to.be(null);
expect(accesscontrol.hasScopes([ 'clients', '*', 'apps', 'mail' ], [ 'mail' ])).to.be(null);
// subscope
expect(accesscontrol.hasScopes([ 'apps' ], [ 'apps:read' ])).to.be(null);
expect(accesscontrol.hasScopes([ 'apps:read' ], [ 'apps:read' ])).to.be(null);
expect(accesscontrol.hasScopes([ 'apps' , 'mail' ], [ 'apps:*' ])).to.be(null);
expect(accesscontrol.hasScopes([ '*' ], [ 'apps:read' ])).to.be(null);
});
it('fails if it does not contain the scope', function () {
expect(accesscontrol.hasScopes([ 'apps' ], [ 'mail' ])).to.be.an(Error);
expect(accesscontrol.hasScopes([ 'apps', 'mail' ], [ 'clients' ])).to.be.an(Error);
// subscope
expect(accesscontrol.hasScopes([ 'apps:write' ], [ 'apps:read' ])).to.be.an(Error);
});
});
});
Reference in New Issue View Git Blame Copy Permalink