2016-05-03 22:50:21 +00:00
|
|
|
// Copyright IBM Corp. 2013,2016. All Rights Reserved.
|
|
|
|
// Node module: loopback
|
|
|
|
// This file is licensed under the MIT License.
|
|
|
|
// License text available at https://opensource.org/licenses/MIT
|
|
|
|
|
2013-11-10 06:22:16 +00:00
|
|
|
var assert = require('assert');
|
2015-03-13 15:50:30 +00:00
|
|
|
var sinon = require('sinon');
|
2013-11-10 06:22:16 +00:00
|
|
|
var loopback = require('../index');
|
2015-08-13 15:58:41 +00:00
|
|
|
var async = require('async');
|
|
|
|
var expect = require('chai').expect;
|
2016-04-26 04:35:54 +00:00
|
|
|
var Promise = require('bluebird');
|
2013-11-10 06:22:16 +00:00
|
|
|
|
2013-11-12 18:10:32 +00:00
|
|
|
function checkResult(err, result) {
|
|
|
|
assert(!err);
|
|
|
|
}
|
|
|
|
|
2014-11-21 02:35:36 +00:00
|
|
|
describe('role model', function() {
|
2016-08-03 13:55:29 +00:00
|
|
|
var app, Role, RoleMapping, User, Application, ACL;
|
2014-01-23 22:26:45 +00:00
|
|
|
|
|
|
|
beforeEach(function() {
|
2016-08-03 13:55:29 +00:00
|
|
|
// Use local app registry to ensure models are isolated to avoid
|
2014-02-14 18:31:30 +00:00
|
|
|
// pollutions from other tests
|
2016-08-03 13:55:29 +00:00
|
|
|
app = loopback({ localRegistry: true, loadBuiltinModels: true });
|
|
|
|
app.dataSource('db', { connector: 'memory' });
|
|
|
|
|
|
|
|
ACL = app.registry.getModel('ACL');
|
|
|
|
app.model(ACL, { dataSource: 'db' });
|
|
|
|
|
|
|
|
User = app.registry.getModel('User');
|
|
|
|
app.model(User, { dataSource: 'db' });
|
|
|
|
|
|
|
|
Role = app.registry.getModel('Role');
|
|
|
|
app.model(Role, { dataSource: 'db' });
|
|
|
|
|
|
|
|
RoleMapping = app.registry.getModel('RoleMapping');
|
|
|
|
app.model(RoleMapping, { dataSource: 'db' });
|
|
|
|
|
|
|
|
Application = app.registry.getModel('Application');
|
|
|
|
app.model(Application, { dataSource: 'db' });
|
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
ACL.roleModel = Role;
|
|
|
|
ACL.roleMappingModel = RoleMapping;
|
|
|
|
ACL.userModel = User;
|
|
|
|
ACL.applicationModel = Application;
|
|
|
|
Role.roleMappingModel = RoleMapping;
|
|
|
|
Role.userModel = User;
|
|
|
|
Role.applicationModel = Application;
|
2014-01-23 22:26:45 +00:00
|
|
|
});
|
2013-11-12 18:10:32 +00:00
|
|
|
|
2016-08-03 13:55:29 +00:00
|
|
|
it('should define role/role relations', function(done) {
|
2016-04-01 09:14:26 +00:00
|
|
|
Role.create({ name: 'user' }, function(err, userRole) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
Role.create({ name: 'admin' }, function(err, adminRole) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
|
|
|
userRole.principals.create(
|
|
|
|
{ principalType: RoleMapping.ROLE, principalId: adminRole.id },
|
|
|
|
function(err, mapping) {
|
|
|
|
if (err) return done(err);
|
|
|
|
|
|
|
|
async.parallel([
|
|
|
|
function(next) {
|
|
|
|
Role.find(function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(roles.length, 2);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
RoleMapping.find(function(err, mappings) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(mappings.length, 1);
|
|
|
|
assert.equal(mappings[0].principalType, RoleMapping.ROLE);
|
|
|
|
assert.equal(mappings[0].principalId, adminRole.id);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
userRole.principals(function(err, principals) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(principals.length, 1);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
userRole.roles(function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(roles.length, 1);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
], done);
|
2013-11-12 06:16:51 +00:00
|
|
|
});
|
2013-11-10 06:22:16 +00:00
|
|
|
});
|
|
|
|
});
|
2013-11-12 18:10:32 +00:00
|
|
|
});
|
|
|
|
|
2016-08-03 13:55:29 +00:00
|
|
|
it('should define role/user relations', function(done) {
|
2016-04-01 09:14:26 +00:00
|
|
|
User.create({ name: 'Raymond', email: 'x@y.com', password: 'foobar' }, function(err, user) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
Role.create({ name: 'userRole' }, function(err, role) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
role.principals.create({ principalType: RoleMapping.USER, principalId: user.id },
|
|
|
|
function(err, p) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
|
|
|
async.parallel([
|
|
|
|
function(next) {
|
|
|
|
Role.find(function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(roles.length, 1);
|
|
|
|
assert.equal(roles[0].name, 'userRole');
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
role.principals(function(err, principals) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(principals.length, 1);
|
|
|
|
assert.equal(principals[0].principalType, RoleMapping.USER);
|
|
|
|
assert.equal(principals[0].principalId, user.id);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
role.users(function(err, users) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(users.length, 1);
|
|
|
|
assert.equal(users[0].id, user.id);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
], done);
|
2013-11-10 06:22:16 +00:00
|
|
|
});
|
|
|
|
});
|
2014-06-10 23:39:32 +00:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2016-04-29 08:50:11 +00:00
|
|
|
it('should not allow duplicate role name', function(done) {
|
|
|
|
Role.create({ name: 'userRole' }, function(err, role) {
|
|
|
|
if (err) return done(err);
|
|
|
|
|
|
|
|
Role.create({ name: 'userRole' }, function(err, role) {
|
|
|
|
expect(err).to.exist;
|
|
|
|
expect(err).to.have.property('name', 'ValidationError');
|
|
|
|
expect(err).to.have.deep.property('details.codes.name');
|
|
|
|
expect(err.details.codes.name).to.contain('uniqueness');
|
|
|
|
expect(err).to.have.property('statusCode', 422);
|
|
|
|
|
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2016-08-03 13:55:29 +00:00
|
|
|
it('should automatically generate role id', function(done) {
|
2016-04-01 09:14:26 +00:00
|
|
|
User.create({ name: 'Raymond', email: 'x@y.com', password: 'foobar' }, function(err, user) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
Role.create({ name: 'userRole' }, function(err, role) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2014-06-10 23:39:32 +00:00
|
|
|
assert(role.id);
|
2016-04-01 09:14:26 +00:00
|
|
|
role.principals.create({ principalType: RoleMapping.USER, principalId: user.id },
|
|
|
|
function(err, p) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2014-06-10 23:39:32 +00:00
|
|
|
assert(p.id);
|
|
|
|
assert.equal(p.roleId, role.id);
|
2016-08-03 13:55:29 +00:00
|
|
|
async.parallel([
|
|
|
|
function(next) {
|
|
|
|
Role.find(function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(roles.length, 1);
|
|
|
|
assert.equal(roles[0].name, 'userRole');
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
role.principals(function(err, principals) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(principals.length, 1);
|
|
|
|
assert.equal(principals[0].principalType, RoleMapping.USER);
|
|
|
|
assert.equal(principals[0].principalId, user.id);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
role.users(function(err, users) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert.equal(users.length, 1);
|
|
|
|
assert.equal(users[0].id, user.id);
|
|
|
|
});
|
|
|
|
next();
|
|
|
|
},
|
|
|
|
], done);
|
2014-06-10 23:39:32 +00:00
|
|
|
});
|
|
|
|
});
|
2013-11-10 06:22:16 +00:00
|
|
|
});
|
|
|
|
});
|
2013-11-12 18:10:32 +00:00
|
|
|
|
2016-08-03 13:55:29 +00:00
|
|
|
it('should support getRoles() and isInRole()', function(done) {
|
2016-04-01 09:14:26 +00:00
|
|
|
User.create({ name: 'Raymond', email: 'x@y.com', password: 'foobar' }, function(err, user) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
Role.create({ name: 'userRole' }, function(err, role) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
role.principals.create({ principalType: RoleMapping.USER, principalId: user.id },
|
|
|
|
function(err, p) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
|
|
|
async.series([
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
'userRole',
|
|
|
|
{ principalType: RoleMapping.USER, principalId: user.id },
|
|
|
|
function(err, inRole) {
|
|
|
|
if (err) return next(err);
|
|
|
|
// NOTE(bajtos) Apparently isRole is not a boolean,
|
|
|
|
// but the matchin role object instead
|
|
|
|
assert(!!inRole);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
'userRole',
|
|
|
|
{ principalType: RoleMapping.APP, principalId: user.id },
|
|
|
|
function(err, inRole) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(!inRole);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
'userRole',
|
|
|
|
{ principalType: RoleMapping.USER, principalId: 100 },
|
|
|
|
function(err, inRole) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(!inRole);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.getRoles(
|
|
|
|
{ principalType: RoleMapping.USER, principalId: user.id },
|
|
|
|
function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
expect(roles).to.eql([
|
|
|
|
Role.AUTHENTICATED,
|
|
|
|
Role.EVERYONE,
|
|
|
|
role.id,
|
|
|
|
]);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.getRoles(
|
|
|
|
{ principalType: RoleMapping.APP, principalId: user.id },
|
|
|
|
function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
expect(roles).to.eql([
|
|
|
|
Role.AUTHENTICATED,
|
|
|
|
Role.EVERYONE,
|
|
|
|
]);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.getRoles(
|
|
|
|
{ principalType: RoleMapping.USER, principalId: 100 },
|
|
|
|
function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
expect(roles).to.eql([
|
|
|
|
Role.AUTHENTICATED,
|
|
|
|
Role.EVERYONE,
|
|
|
|
]);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.getRoles(
|
|
|
|
{ principalType: RoleMapping.USER, principalId: null },
|
|
|
|
function(err, roles) {
|
|
|
|
if (err) return next(err);
|
|
|
|
expect(roles).to.eql([
|
|
|
|
Role.UNAUTHENTICATED,
|
|
|
|
Role.EVERYONE,
|
|
|
|
]);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
], done);
|
2013-11-12 18:47:59 +00:00
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2016-08-03 13:55:29 +00:00
|
|
|
it('should support owner role resolver', function(done) {
|
2016-04-26 04:35:54 +00:00
|
|
|
Role.registerResolver('returnPromise', function(role, context) {
|
|
|
|
return new Promise(function(resolve) {
|
|
|
|
process.nextTick(function() {
|
|
|
|
resolve(true);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2016-08-03 13:55:29 +00:00
|
|
|
var Album = app.registry.createModel('Album', {
|
2013-11-19 19:58:30 +00:00
|
|
|
name: String,
|
2016-04-01 09:14:26 +00:00
|
|
|
userId: Number,
|
2013-11-19 19:58:30 +00:00
|
|
|
}, {
|
|
|
|
relations: {
|
|
|
|
user: {
|
|
|
|
type: 'belongsTo',
|
|
|
|
model: 'User',
|
2016-04-01 09:14:26 +00:00
|
|
|
foreignKey: 'userId',
|
|
|
|
},
|
|
|
|
},
|
2013-11-19 19:58:30 +00:00
|
|
|
});
|
2016-08-03 13:55:29 +00:00
|
|
|
app.model(Album, { dataSource: 'db' });
|
2013-11-19 19:58:30 +00:00
|
|
|
|
2016-04-01 09:14:26 +00:00
|
|
|
User.create({ name: 'Raymond', email: 'x@y.com', password: 'foobar' }, function(err, user) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
|
|
|
async.parallel([
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
'returnPromise',
|
|
|
|
{ principalType: ACL.USER, principalId: user.id },
|
|
|
|
function(err, yes) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
Role.AUTHENTICATED,
|
|
|
|
{ principalType: ACL.USER, principalId: user.id },
|
|
|
|
function(err, yes) {
|
|
|
|
if (err) next(err);
|
|
|
|
assert(yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
Role.AUTHENTICATED,
|
|
|
|
{ principalType: ACL.USER, principalId: null },
|
|
|
|
function(err, yes) {
|
|
|
|
if (err) next(err);
|
|
|
|
assert(!yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
Role.UNAUTHENTICATED,
|
|
|
|
{ principalType: ACL.USER, principalId: user.id },
|
|
|
|
function(err, yes) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(!yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
Role.UNAUTHENTICATED,
|
|
|
|
{ principalType: ACL.USER, principalId: null },
|
|
|
|
function(err, yes) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
Role.EVERYONE,
|
|
|
|
{ principalType: ACL.USER, principalId: user.id },
|
|
|
|
function(err, yes) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Role.isInRole(
|
|
|
|
Role.EVERYONE,
|
|
|
|
{ principalType: ACL.USER, principalId: null },
|
|
|
|
function(err, yes) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
},
|
|
|
|
function(next) {
|
|
|
|
Album.create({ name: 'Album 1', userId: user.id }, function(err, album1) {
|
|
|
|
if (err) return done(err);
|
|
|
|
var role = {
|
|
|
|
principalType: ACL.USER, principalId: user.id,
|
|
|
|
model: Album, id: album1.id,
|
|
|
|
};
|
|
|
|
Role.isInRole(Role.OWNER, role, function(err, yes) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(yes);
|
|
|
|
|
|
|
|
Album.create({ name: 'Album 2' }, function(err, album2) {
|
|
|
|
if (err) return next(err);
|
|
|
|
role = {
|
|
|
|
principalType: ACL.USER, principalId: user.id,
|
|
|
|
model: Album, id: album2.id,
|
|
|
|
};
|
|
|
|
Role.isInRole(Role.OWNER, role, function(err, yes) {
|
|
|
|
if (err) return next(err);
|
|
|
|
assert(!yes);
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2013-11-19 19:58:30 +00:00
|
|
|
});
|
2016-08-03 13:55:29 +00:00
|
|
|
},
|
|
|
|
], done);
|
2013-11-19 19:58:30 +00:00
|
|
|
});
|
2015-08-13 15:58:41 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
describe('isMappedToRole', function() {
|
|
|
|
var user, app, role;
|
|
|
|
|
|
|
|
beforeEach(function(done) {
|
2016-08-04 11:32:47 +00:00
|
|
|
this.timeout(5000);
|
2015-08-13 15:58:41 +00:00
|
|
|
User.create({
|
|
|
|
username: 'john',
|
|
|
|
email: 'john@gmail.com',
|
2016-04-01 09:14:26 +00:00
|
|
|
password: 'jpass',
|
2015-08-13 15:58:41 +00:00
|
|
|
}, function(err, u) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
user = u;
|
|
|
|
User.create({
|
|
|
|
username: 'mary',
|
|
|
|
email: 'mary@gmail.com',
|
2016-04-01 09:14:26 +00:00
|
|
|
password: 'mpass',
|
2015-08-13 15:58:41 +00:00
|
|
|
}, function(err, u) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
Application.create({
|
2016-04-01 09:14:26 +00:00
|
|
|
name: 'demo',
|
2015-08-13 15:58:41 +00:00
|
|
|
}, function(err, a) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
app = a;
|
|
|
|
Role.create({
|
2016-04-01 09:14:26 +00:00
|
|
|
name: 'admin',
|
2015-08-13 15:58:41 +00:00
|
|
|
}, function(err, r) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
role = r;
|
|
|
|
var principals = [
|
|
|
|
{
|
|
|
|
principalType: ACL.USER,
|
2016-04-01 09:14:26 +00:00
|
|
|
principalId: user.id,
|
2015-08-13 15:58:41 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
principalType: ACL.APP,
|
2016-04-01 09:14:26 +00:00
|
|
|
principalId: app.id,
|
|
|
|
},
|
2015-08-13 15:58:41 +00:00
|
|
|
];
|
|
|
|
async.each(principals, function(p, done) {
|
|
|
|
role.principals.create(p, done);
|
|
|
|
}, done);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should resolve user by id', function(done) {
|
|
|
|
ACL.resolvePrincipal(ACL.USER, user.id, function(err, u) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(u.id).to.eql(user.id);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should resolve user by username', function(done) {
|
|
|
|
ACL.resolvePrincipal(ACL.USER, user.username, function(err, u) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(u.username).to.eql(user.username);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should resolve user by email', function(done) {
|
|
|
|
ACL.resolvePrincipal(ACL.USER, user.email, function(err, u) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(u.email).to.eql(user.email);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should resolve app by id', function(done) {
|
|
|
|
ACL.resolvePrincipal(ACL.APP, app.id, function(err, a) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(a.id).to.eql(app.id);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should resolve app by name', function(done) {
|
|
|
|
ACL.resolvePrincipal(ACL.APP, app.name, function(err, a) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(a.name).to.eql(app.name);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should report isMappedToRole by user.username', function(done) {
|
|
|
|
ACL.isMappedToRole(ACL.USER, user.username, 'admin', function(err, flag) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(flag).to.eql(true);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should report isMappedToRole by user.email', function(done) {
|
|
|
|
ACL.isMappedToRole(ACL.USER, user.email, 'admin', function(err, flag) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(flag).to.eql(true);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should report isMappedToRole by user.username for mismatch',
|
|
|
|
function(done) {
|
|
|
|
ACL.isMappedToRole(ACL.USER, 'mary', 'admin', function(err, flag) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(flag).to.eql(false);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should report isMappedToRole by app.name', function(done) {
|
|
|
|
ACL.isMappedToRole(ACL.APP, app.name, 'admin', function(err, flag) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(flag).to.eql(true);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should report isMappedToRole by app.name', function(done) {
|
|
|
|
ACL.isMappedToRole(ACL.APP, app.name, 'admin', function(err, flag) {
|
|
|
|
if (err) return done(err);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
expect(flag).to.eql(true);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-08-13 15:58:41 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
2013-11-19 19:58:30 +00:00
|
|
|
});
|
|
|
|
|
2015-03-13 22:30:53 +00:00
|
|
|
describe('listByPrincipalType', function() {
|
2015-03-13 15:50:30 +00:00
|
|
|
var sandbox;
|
|
|
|
|
2015-03-13 22:30:53 +00:00
|
|
|
beforeEach(function() {
|
2015-03-13 15:50:30 +00:00
|
|
|
sandbox = sinon.sandbox.create();
|
2015-03-12 18:55:39 +00:00
|
|
|
});
|
|
|
|
|
2015-03-13 22:30:53 +00:00
|
|
|
afterEach(function() {
|
2015-03-13 15:50:30 +00:00
|
|
|
sandbox.restore();
|
|
|
|
});
|
|
|
|
|
|
|
|
it('should fetch all models assigned to the role', function(done) {
|
|
|
|
var principalTypesToModels = {};
|
|
|
|
var runs = 0;
|
|
|
|
var mappings;
|
|
|
|
|
|
|
|
principalTypesToModels[RoleMapping.USER] = User;
|
|
|
|
principalTypesToModels[RoleMapping.APPLICATION] = Application;
|
|
|
|
principalTypesToModels[RoleMapping.ROLE] = Role;
|
|
|
|
|
|
|
|
mappings = Object.keys(principalTypesToModels);
|
|
|
|
|
2015-03-13 22:30:53 +00:00
|
|
|
mappings.forEach(function(principalType) {
|
2015-03-13 15:50:30 +00:00
|
|
|
var Model = principalTypesToModels[principalType];
|
2016-04-01 09:14:26 +00:00
|
|
|
Model.create({ name: 'test', email: 'x@y.com', password: 'foobar' }, function(err, model) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
|
|
|
var uniqueRoleName = 'testRoleFor' + principalType;
|
|
|
|
Role.create({ name: uniqueRoleName }, function(err, role) {
|
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
role.principals.create({ principalType: principalType, principalId: model.id },
|
|
|
|
function(err, p) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2015-03-13 15:50:30 +00:00
|
|
|
var pluralName = Model.pluralModelName.toLowerCase();
|
2015-03-13 22:30:53 +00:00
|
|
|
role[pluralName](function(err, models) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2015-03-13 15:50:30 +00:00
|
|
|
assert.equal(models.length, 1);
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-03-13 15:50:30 +00:00
|
|
|
if (++runs === mappings.length) {
|
|
|
|
done();
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
2015-03-13 22:30:53 +00:00
|
|
|
});
|
|
|
|
});
|
2015-03-12 18:55:39 +00:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2015-03-13 15:50:30 +00:00
|
|
|
it('should apply query', function(done) {
|
2016-04-01 09:14:26 +00:00
|
|
|
User.create({ name: 'Raymond', email: 'x@y.com', password: 'foobar' }, function(err, user) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
Role.create({ name: 'userRole' }, function(err, role) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
role.principals.create({ principalType: RoleMapping.USER, principalId: user.id },
|
|
|
|
function(err, p) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2016-04-01 09:14:26 +00:00
|
|
|
var query = { fields: ['id', 'name'] };
|
2015-03-13 15:50:30 +00:00
|
|
|
sandbox.spy(User, 'find');
|
|
|
|
role.users(query, function(err, users) {
|
2016-08-03 13:55:29 +00:00
|
|
|
if (err) return done(err);
|
2015-03-13 15:50:30 +00:00
|
|
|
assert.equal(users.length, 1);
|
|
|
|
assert.equal(users[0].id, user.id);
|
|
|
|
assert(User.find.calledWith(query));
|
2016-04-29 08:50:11 +00:00
|
|
|
|
2015-03-13 15:50:30 +00:00
|
|
|
done();
|
|
|
|
});
|
2015-03-12 18:55:39 +00:00
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2015-03-13 22:30:53 +00:00
|
|
|
});
|
2016-05-02 12:30:11 +00:00
|
|
|
|
|
|
|
describe('isOwner', function() {
|
|
|
|
it('supports app-local model registry', function(done) {
|
|
|
|
var app = loopback({ localRegistry: true, loadBuiltinModels: true });
|
|
|
|
app.dataSource('db', { connector: 'memory' });
|
|
|
|
// attach all auth-related models to 'db' datasource
|
|
|
|
app.enableAuth({ dataSource: 'db' });
|
|
|
|
|
|
|
|
var Role = app.models.Role;
|
|
|
|
var User = app.models.User;
|
|
|
|
|
|
|
|
var u = app.registry.findModel('User');
|
|
|
|
var credentials = { email: 'test@example.com', password: 'pass' };
|
|
|
|
User.create(credentials, function(err, user) {
|
|
|
|
if (err) return done(err);
|
|
|
|
|
|
|
|
Role.isOwner(User, user.id, user.id, function(err, result) {
|
|
|
|
if (err) return done(err);
|
2016-05-05 04:09:06 +00:00
|
|
|
|
2016-05-02 12:30:11 +00:00
|
|
|
expect(result, 'isOwner result').to.equal(true);
|
2016-05-05 04:09:06 +00:00
|
|
|
|
2016-05-02 12:30:11 +00:00
|
|
|
done();
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|
2013-11-10 06:22:16 +00:00
|
|
|
});
|