diff --git a/src/client/permission-resolvers.js b/src/client/permission-resolvers.js index 08dacd1..b4169ec 100644 --- a/src/client/permission-resolvers.js +++ b/src/client/permission-resolvers.js @@ -5,7 +5,9 @@ import { getGroupConfigs } from '../services/group-config'; import { permissionCache } from '../helpers/cache'; export async function resolvePermission(args, admin) { - const cacheKey = permissionCache.permissionKey(admin._id, args.domain, args.parent, args.actions, args.router); + const cacheKey = permissionCache.permissionKey(admin._id, args.domain, args.parent, + args.actions, args.router, args.environment); + if (permissionCache.has(cacheKey)) { return permissionCache.get(cacheKey); } @@ -22,7 +24,7 @@ export async function resolvePermission(args, admin) { for (const action_perm of args.actions) { try { - await verifyOwnership(admin, element, args.domain, action_perm, args.router); + await verifyOwnership(admin, element, args.domain, action_perm, args.router, false, args.environment); result[result.length - 1].permissions.push({ action: action_perm.toString(), result: 'ok' }); } catch (e) { result[result.length - 1].permissions.push({ action: action_perm.toString(), result: 'nok' }); diff --git a/src/client/schema.js b/src/client/schema.js index d96dccd..270f810 100644 --- a/src/client/schema.js +++ b/src/client/schema.js @@ -101,6 +101,9 @@ const queryType = new GraphQLObjectType({ }, router: { type: GraphQLString + }, + environment: { + type: GraphQLString } }, resolve: async (_source, args, context) => { diff --git a/tests/client-api.test.js b/tests/client-api.test.js index b14e1a6..a483c48 100644 --- a/tests/client-api.test.js +++ b/tests/client-api.test.js @@ -928,36 +928,6 @@ describe('Testing domain [Adm-GraphQL] ', () => { expect(JSON.parse(req.text)).toMatchObject(JSON.parse(graphqlUtils.expected111)); }); - test('CLIENT_SUITE - Should NOT return domain structure for an excluded team member', async () => { - //given - const admin = await Admin.findById(adminAccountId).exec(); - admin.teams = []; - await admin.save(); - - const req = await request(app) - .post('/adm-graphql') - .set('Authorization', `Bearer ${adminAccountToken}`) - .send(graphqlUtils.domainQuery([['_id', domainId], ['environment', EnvType.DEFAULT]])); - - const expected = '{"data":{"domain":null}}'; - expect(req.statusCode).toBe(200); - expect(JSON.parse(req.text)).toMatchObject(JSON.parse(expected)); - }); - - test('CLIENT_SUITE - Should NOT return domain Flat-structure for am excluded team member', async () => { - const req = await request(app) - .post('/adm-graphql') - .set('Authorization', `Bearer ${adminAccountToken}`) - .send(graphqlUtils.configurationQuery([ - ['domain', domainId], - ['key', keyConfig], - ['environment', EnvType.DEFAULT]])); - - const expected = '{"data":{"configuration":{"domain":null,"group":null,"config":null,"strategies":null}}}'; - expect(req.statusCode).toBe(200); - expect(JSON.parse(req.text)).toMatchObject(JSON.parse(expected)); - }); - test('CLIENT_SUITE - Should return list of Groups permissions', async () => { const req = await request(app) .post('/adm-graphql') @@ -995,6 +965,19 @@ describe('Testing domain [Adm-GraphQL] ', () => { expect(JSON.parse(req.text).data.permission[0].permissions).toMatchObject(JSON.parse(exptected)); }); + test('CLIENT_SUITE - Should return list of Groups permissions - by environment', async () => { + const req = await request(app) + .post('/adm-graphql') + .set('Authorization', `Bearer ${adminAccountToken}`) + .send(graphqlUtils.permissionsQuery(domainId, undefined, `"CREATE"`, RouterTypes.GROUP, EnvType.DEFAULT)); + + const exptected = '[{"action":"CREATE","result":"ok"}]'; + expect(req.statusCode).toBe(200); + expect(JSON.parse(req.text)).not.toBe(null); + expect(JSON.parse(req.text).data.permission[0].name).toBe("Group Test"); + expect(JSON.parse(req.text).data.permission[0].permissions).toMatchObject(JSON.parse(exptected)); + }); + test('CLIENT_SUITE - Should return list of Groups permissions - Unauthorized access', async () => { const req = await request(app) .post('/adm-graphql') @@ -1048,4 +1031,40 @@ describe('Testing domain [Adm-GraphQL] ', () => { expect(JSON.parse(req.text)).not.toBe(null); expect(JSON.parse(req.text).data.permission).toStrictEqual([]); }); +}); + +describe('Testing domain/configuration [Adm-GraphQL] - Excluded team member ', () => { + + afterAll(setupDatabase); + + test('CLIENT_SUITE - Should NOT return domain structure for an excluded team member', async () => { + //given + const admin = await Admin.findById(adminAccountId).exec(); + admin.teams = []; + await admin.save(); + + const req = await request(app) + .post('/adm-graphql') + .set('Authorization', `Bearer ${adminAccountToken}`) + .send(graphqlUtils.domainQuery([['_id', domainId], ['environment', EnvType.DEFAULT]])); + + const expected = '{"data":{"domain":null}}'; + expect(req.statusCode).toBe(200); + expect(JSON.parse(req.text)).toMatchObject(JSON.parse(expected)); + }); + + test('CLIENT_SUITE - Should NOT return domain Flat-structure for am excluded team member', async () => { + const req = await request(app) + .post('/adm-graphql') + .set('Authorization', `Bearer ${adminAccountToken}`) + .send(graphqlUtils.configurationQuery([ + ['domain', domainId], + ['key', keyConfig], + ['environment', EnvType.DEFAULT]])); + + const expected = '{"data":{"configuration":{"domain":null,"group":null,"config":null,"strategies":null}}}'; + expect(req.statusCode).toBe(200); + expect(JSON.parse(req.text)).toMatchObject(JSON.parse(expected)); + }); + }); \ No newline at end of file diff --git a/tests/fixtures/db_client.js b/tests/fixtures/db_client.js index 4c8ee0e..1f7607c 100644 --- a/tests/fixtures/db_client.js +++ b/tests/fixtures/db_client.js @@ -37,7 +37,7 @@ export const adminAccount = { active: true }; -export let apiKey = undefined; +export let apiKey; export const domainId = new mongoose.Types.ObjectId(); export const domainDocument = { _id: domainId, @@ -172,13 +172,22 @@ export const permissionConfigs = { router: RouterTypes.CONFIG }; +export const permissionConfigs2Id = new mongoose.Types.ObjectId(); +export const permissionConfigs2 = { + _id: permissionConfigs2Id, + action: ActionTypes.CREATE, + active: true, + router: RouterTypes.GROUP, + environments: [EnvType.DEFAULT] +}; + export const teamId = new mongoose.Types.ObjectId(); export const team = { _id: teamId, domain: domainId, name: 'Team Dev', active: true, - permissions: [permissionConfigsId] + permissions: [permissionConfigsId, permissionConfigs2Id] }; export const slack = { @@ -218,6 +227,7 @@ export const setupDatabase = async () => { await new Slack(slack).save(); await new Team(team).save(); await new Permission(permissionConfigs).save(); + await new Permission(permissionConfigs2).save(); await new GroupConfig(groupConfigDocument).save(); await new Config(configDocument).save(); diff --git a/tests/graphql-utils/index.js b/tests/graphql-utils/index.js index b2c63eb..c3f6d9b 100644 --- a/tests/graphql-utils/index.js +++ b/tests/graphql-utils/index.js @@ -63,7 +63,7 @@ export const buildEntries = (entries) => { return `${entries.map(createStrategyInput)}`; }; -export const permissionsQuery = (domainId, parentId, actions, router) => { +export const permissionsQuery = (domainId, parentId, actions, router, environment) => { return { query: ` { @@ -71,7 +71,8 @@ export const permissionsQuery = (domainId, parentId, actions, router) => { domain: "${domainId}", parent: "${parentId}", actions: [${actions}], - router: "${router}" + router: "${router}", + environment: "${environment}" ) { id, name,