loopback/test/acl.test.js

125 lines
4.4 KiB
JavaScript
Raw Normal View History

2013-11-10 06:22:16 +00:00
var assert = require('assert');
var loopback = require('../index');
var acl = require('../lib/models/acl');
2013-11-12 06:16:51 +00:00
var Scope = acl.Scope;
var ACL = acl.ACL;
var ScopeACL = acl.ScopeACL;
2013-11-10 06:22:16 +00:00
var User = loopback.User;
2013-11-12 18:10:32 +00:00
function checkResult(err, result) {
// console.log(err, result);
assert(!err);
}
2013-11-10 06:22:16 +00:00
describe('security scopes', function () {
2013-11-12 06:16:51 +00:00
it("should allow access to models for the given scope by wildcard", function () {
2013-11-15 17:41:26 +00:00
Scope.create({name: 'userScope', description: 'access user information'}, function (err, scope) {
ACL.create({principalType: ACL.SCOPE, principalId: scope.id, model: 'User', property: ACL.ALL,
2013-11-13 18:02:59 +00:00
accessType: ACL.ALL, permission: ACL.ALLOW},
2013-11-12 18:10:32 +00:00
function (err, resource) {
2013-11-15 17:41:26 +00:00
Scope.checkPermission('userScope', 'User', ACL.ALL, ACL.ALL, checkResult);
Scope.checkPermission('userScope', 'User', 'name', ACL.ALL, checkResult);
Scope.checkPermission('userScope', 'User', 'name', ACL.READ, checkResult);
2013-11-10 06:22:16 +00:00
});
});
});
2013-11-12 06:16:51 +00:00
it("should allow access to models for the given scope", function () {
var ds = loopback.createDataSource({connector: loopback.Memory});
2013-11-15 17:41:26 +00:00
Scope.create({name: 'userScope', description: 'access user information'}, function (err, scope) {
2013-11-13 18:02:59 +00:00
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
2013-11-15 17:41:26 +00:00
model: 'User', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
2013-11-12 18:10:32 +00:00
function (err, resource) {
2013-11-14 01:07:43 +00:00
ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
2013-11-15 17:41:26 +00:00
model: 'User', property: 'name', accessType: ACL.WRITE, permission: ACL.DENY},
2013-11-14 01:07:43 +00:00
function (err, resource) {
// console.log(resource);
2013-11-15 17:41:26 +00:00
Scope.checkPermission('userScope', 'User', ACL.ALL, ACL.ALL, function (err, perm) {
2013-11-14 01:24:42 +00:00
assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
2013-11-14 01:07:43 +00:00
});
2013-11-15 17:41:26 +00:00
Scope.checkPermission('userScope', 'User', 'name', ACL.ALL, function (err, perm) {
2013-11-14 01:24:42 +00:00
assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
2013-11-14 01:07:43 +00:00
});
2013-11-15 17:41:26 +00:00
Scope.checkPermission('userScope', 'User', 'name', ACL.READ, function (err, perm) {
2013-11-14 01:07:43 +00:00
assert(perm.permission === ACL.ALLOW);
});
2013-11-15 17:41:26 +00:00
Scope.checkPermission('userScope', 'User', 'name', ACL.WRITE, function (err, perm) {
2013-11-14 01:07:43 +00:00
assert(perm.permission === ACL.DENY);
});
});
});
2013-11-12 06:16:51 +00:00
});
});
});
describe('security ACLs', function () {
it("should allow access to models for the given principal by wildcard", function () {
var ds = loopback.createDataSource({connector: loopback.Memory});
2013-11-15 17:41:26 +00:00
ACL.create({principalType: ACL.USER, principalId: 'u001', model: 'User', property: ACL.ALL,
2013-11-12 18:10:32 +00:00
accessType: ACL.ALL, permission: ACL.ALLOW}, function (err, acl) {
2013-11-12 06:16:51 +00:00
2013-11-15 17:41:26 +00:00
ACL.create({principalType: ACL.USER, principalId: 'u001', model: 'User', property: ACL.ALL,
2013-11-14 01:24:42 +00:00
accessType: ACL.READ, permission: ACL.DENY}, function (err, acl) {
2013-11-15 17:41:26 +00:00
ACL.checkPermission(ACL.USER, 'u001', 'User', 'name', ACL.READ, function (err, perm) {
2013-11-14 01:24:42 +00:00
assert(perm.permission === ACL.DENY);
});
2013-11-15 17:41:26 +00:00
ACL.checkPermission(ACL.USER, 'u001', 'User', 'name', ACL.ALL, function (err, perm) {
2013-11-14 01:24:42 +00:00
assert(perm.permission === ACL.DENY);
});
});
2013-11-12 06:16:51 +00:00
});
});
2013-11-15 17:41:26 +00:00
it("should honor static ACLs from the model", function () {
var ds = loopback.createDataSource({connector: loopback.Memory});
var Customer = ds.createModel('Customer', {
name: {
type: String,
acls: [
{principalType: ACL.USER, principalId: 'u001', accessType: ACL.WRITE, permission: ACL.DENY},
{principalType: ACL.USER, principalId: 'u001', accessType: ACL.ALL, permission: ACL.ALLOW}
]
}
}, {
acls: [
{principalType: ACL.USER, principalId: 'u001', accessType: ACL.ALL, permission: ACL.ALLOW}
]
});
/*
Customer.settings.acls = [
{principalType: ACL.USER, principalId: 'u001', accessType: ACL.ALL, permission: ACL.ALLOW}
];
*/
ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.WRITE, function (err, perm) {
assert(perm.permission === ACL.DENY);
});
ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.READ, function (err, perm) {
assert(perm.permission === ACL.ALLOW);
});
ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.ALL, function (err, perm) {
assert(perm.permission === ACL.DENY);
});
});
2013-11-10 06:22:16 +00:00
});