Permissions authorization middleware.

2026-02-17 21:30:31 +00:00 · 2019-09-16 01:08:19 +02:00
parent ed4d37c8fb
commit de905d7e7c
23 changed files with 318 additions and 51 deletions
--- a/server/tests/models/User.test.js
+++ b/server/tests/models/User.test.js
@@ -3,13 +3,44 @@ import User from '@/models/User';
 import '@/models/Role';

 describe('Model: User', () => {
-  it('User model may has many associated roles.', async () => {
-    const userHasRole = await create('user_has_role');
-    await create('user_has_role', { user_id: userHasRole.user_id });
+  describe('relations', () => {
+    it('User model may has many associated roles.', async () => {
+      const userHasRole = await create('user_has_role');
+      await create('user_has_role', { user_id: userHasRole.user_id });

-    const userModel = await User.where('id', userHasRole.user_id).fetch();
-    const userRoles = await userModel.roles().fetch();
+      const userModel = await User.where('id', userHasRole.user_id).fetch();
+      const userRoles = await userModel.roles().fetch();

-    expect(userRoles).to.have.lengthOf(2);
+      expect(userRoles).to.have.lengthOf(2);
+    });
+  });
+
+  describe('hasPermissions', () => {
+    it('Should return true in case user has the given permissions.', async () => {
+      const resource = await create('resource');
+      const permission = await create('permission');
+      const roleHasPerms = await create('role_has_permission', {
+        resource_id: resource.id,
+        permission_id: permission.id,
+      });
+      const userHasRole = await create('user_has_role', { role_id: roleHasPerms.role_id });
+      await create('user_has_role', { user_id: userHasRole.user_id });
+
+      const userModel = await User.where('id', userHasRole.user_id).fetch();
+      const hasPermission = await userModel.hasPermissions(resource.name, [permission.name]);
+
+      expect(hasPermission).to.equals(true);
+    });
+
+    it('Should return false in case user has no the given permissions.', async () => {
+      const roleHasPerms = await create('role_has_permission');
+      const userHasRole = await create('user_has_role', { role_id: roleHasPerms.role_id });
+      await create('user_has_role', { user_id: userHasRole.user_id });
+
+      const userModel = await User.where('id', userHasRole.user_id).fetch();
+      const hasPermission = await userModel.hasPermissions('resource', ['permission']);
+
+      expect(hasPermission).to.equals(false);
+    });
  });
 });
--- a/server/tests/routes/accountOpeningBalance.test.js
+++ b/server/tests/routes/accountOpeningBalance.test.js
@@ -1,4 +1,4 @@
-import { request, expect } from '~/testInit';
+import { request, expect, create } from '~/testInit';

 describe('routes: `/accountOpeningBalance`', () => {
  describe('POST `/accountOpeningBalance`', () => {
@@ -40,5 +40,16 @@ describe('routes: `/accountOpeningBalance`', () => {
        type: 'NOT_FOUND_ACCOUNT', code: 100, ids: [100],
      });
    });
+
+    it('Should store the given credit and debit to the account balance in the storage.', async () => {
+      const account = await create('account');
+      const res = await request().post('/api/accountOpeningBalance').send({
+        accounts: [
+          { id: account.id, credit: 100, debit: 2 },
+        ],
+      });
+
+      console.log(res.status);
+    });
  });
 });
--- a/server/tests/routes/auth.test.js
+++ b/server/tests/routes/auth.test.js
@@ -85,14 +85,14 @@ describe('routes: /auth/', () => {
    });

    it('Should autheticate success with correct phone number and password.', async () => {
-      const password = hashPassword('admin');
+      const password = await hashPassword('admin');
      const user = await create('user', {
        phone_number: '0920000000',
        password,
      });
      const res = await request().post('/api/auth/login').send({
-        crediential: user.phone_number,
-        password,
+        crediential: user.email,
+        password: 'admin',
      });

      expect(res.status).equals(200);
--- a/server/tests/routes/authorization.test.js
+++ b/server/tests/routes/authorization.test.js
@@ -0,0 +1,10 @@
+
+describe('Authorization', () => {
+  it('Should response unauthorized in case use has no role has permissions to the given resource.', () => {
+
+  });
+
+  it('Should response authorized in case user has role has all permissions.', () => {
+
+  });
+});
--- a/server/tests/routes/items.test.js
+++ b/server/tests/routes/items.test.js
@@ -1,10 +1,26 @@
-import { request, expect, create } from '~/testInit';
+import {
+  request,
+  expect,
+  create,
+  login,
+} from '~/testInit';
 import knex from '@/database/knex';

-describe('routes: `/items`', () => {
-  describe('POST: `/items`', () => {
+describe.only('routes: `/items`', () => {
+  describe.only('POST: `/items`', () => {
    it('Should not create a new item if the user was not authorized.', async () => {
+      const res = await request().post('/api/items').send();

+      expect(res.status).equals(401);
+      expect(res.body.message).equals('unauthorized');
+    });
+
+    it('Should user have create permission to create a new item.', async () => {
+      const loginRes = await login();
+      const res = await request().post('/api/items')
+        .set('x-access-token', loginRes.body.token).send();
+
+      expect(res.status).equals(401);
    });

    it('Should `name` be required.', async () => {
--- a/server/tests/routes/views.test.js
+++ b/server/tests/routes/views.test.js
@@ -154,7 +154,7 @@ describe('routes: `/views`', () => {
    });
  });

-  describe.only('POST: `/views/:view_id`', () => {
+  describe('POST: `/views/:view_id`', () => {
    it('Should `label` be required.', async () => {
      const view = await create('view');
      const res = await request().post(`/api/views/${view.id}`);
@@ -251,7 +251,7 @@ describe('routes: `/views`', () => {
      expect(res.status).equals(404);
    });

-    it.only('Should response the roles fields not exist in case role field was not exist.', async () => {
+    it('Should response the roles fields not exist in case role field was not exist.', async () => {
      const view = await create('view');
      await create('resource_field', {
        resource_id: view.resource_id,
--- a/server/tests/testInit.js
+++ b/server/tests/testInit.js
@@ -4,7 +4,7 @@ import chaiThings from 'chai-things';
 import app from '@/app';
 import knex from '@/database/knex';
 import factory from '@/database/factories';
-import { hashPassword } from '@/utils';
+// import { hashPassword } from '@/utils';

 const request = () => chai.request(app);
 const { expect } = chai;
@@ -22,13 +22,13 @@ chai.use(chaiHttp);
 chai.use(chaiThings);

 const login = async (givenUser) => {
-  const user = givenUser === null ? await factory.create('user') : givenUser;
+  const user = !givenUser ? await factory.create('user') : givenUser;

  const response = await request()
    .post('/api/auth/login')
    .send({
      crediential: user.email,
-      password: hashPassword('secret'),
+      password: 'admin',
    });

  return response;