loopback/test/acl.test.js

var assert = require('assert');
var loopback = require('../index');
var acl = require('../lib/models/acl');
var Scope = acl.Scope;
var ACL = acl.ACL;
var ScopeACL = acl.ScopeACL;
var User = loopback.User;

function checkResult(err, result) {
  // console.log(err, result);
  assert(!err);
}

describe('security scopes', function () {

  it("should allow access to models for the given scope by wildcard", function () {
    var ds = loopback.createDataSource({connector: loopback.Memory});
    Scope.attachTo(ds);
    ACL.attachTo(ds);

    // console.log(Scope.relations);

    Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
      // console.log(scope);
      ACL.create({principalType: ACL.SCOPE, principalId: scope.id, model: 'user', property: ACL.ALL,
          accessType: ACL.ALL, permission: ACL.ALLOW},
        function (err, resource) {
        // console.log(resource);
        Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);
        Scope.checkPermission('user', 'user', 'name', ACL.ALL, checkResult);
        Scope.checkPermission('user', 'user', 'name', ACL.READ, checkResult);
      });
    });

  });

  it("should allow access to models for the given scope", function () {
    var ds = loopback.createDataSource({connector: loopback.Memory});
    Scope.attachTo(ds);
    ACL.attachTo(ds);

    // console.log(Scope.relations);

    Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {
      // console.log(scope);
      ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
          model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},
        function (err, resource) {
          ACL.create({principalType: ACL.SCOPE, principalId: scope.id,
              model: 'user', property: 'name', accessType: ACL.WRITE, permission: ACL.DENY},
            function (err, resource) {
              // console.log(resource);
              Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, function (err, perm) {
                assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
              });
              Scope.checkPermission('user', 'user', 'name', ACL.ALL, function (err, perm) {
                assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
              });
              Scope.checkPermission('user', 'user', 'name', ACL.READ, function (err, perm) {
                assert(perm.permission === ACL.ALLOW);
              });
              Scope.checkPermission('user', 'user', 'name', ACL.WRITE, function (err, perm) {
                assert(perm.permission === ACL.DENY);
              });
            });
        });
    });

  });

});

describe('security ACLs', function () {

  it("should allow access to models for the given principal by wildcard", function () {
    var ds = loopback.createDataSource({connector: loopback.Memory});
    ACL.attachTo(ds);

    ACL.create({principalType: 'user', principalId: 'u001', model: 'user', property: ACL.ALL,
      accessType: ACL.ALL, permission: ACL.ALLOW}, function (err, acl) {

      ACL.create({principalType: 'user', principalId: 'u001', model: 'user', property: ACL.ALL,
        accessType: ACL.READ, permission: ACL.DENY}, function (err, acl) {

        ACL.checkPermission('user', 'u001', 'user', 'name', ACL.READ, function (err, perm) {
          assert(perm.permission === ACL.DENY);
        });

        ACL.checkPermission('user', 'u001', 'user', 'name', ACL.ALL, function (err, perm) {
          assert(perm.permission === ACL.DENY);
        });

      });

    });

  });

});
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`var assert = require('assert');`
			`var loopback = require('../index');`
			`var acl = require('../lib/models/acl');`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`var Scope = acl.Scope;`
			`var ACL = acl.ACL;`
			`var ScopeACL = acl.ScopeACL;`
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`var User = loopback.User;`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`function checkResult(err, result) {`
			`// console.log(err, result);`
			`assert(!err);`
			`}`

Start to build the ACL models 2013-11-10 06:22:16 +00:00			`describe('security scopes', function () {`

Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`it("should allow access to models for the given scope by wildcard", function () {`
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`var ds = loopback.createDataSource({connector: loopback.Memory});`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`Scope.attachTo(ds);`
Merge ScopeACL into ACL 2013-11-13 18:02:59 +00:00			`ACL.attachTo(ds);`
Start to build the ACL models 2013-11-10 06:22:16 +00:00
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`// console.log(Scope.relations);`
Start to build the ACL models 2013-11-10 06:22:16 +00:00
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {`
			`// console.log(scope);`
Merge ScopeACL into ACL 2013-11-13 18:02:59 +00:00			`ACL.create({principalType: ACL.SCOPE, principalId: scope.id, model: 'user', property: ACL.ALL,`
			`accessType: ACL.ALL, permission: ACL.ALLOW},`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`function (err, resource) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`// console.log(resource);`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, checkResult);`
			`Scope.checkPermission('user', 'user', 'name', ACL.ALL, checkResult);`
			`Scope.checkPermission('user', 'user', 'name', ACL.READ, checkResult);`
Start to build the ACL models 2013-11-10 06:22:16 +00:00			`});`
			`});`

			`});`

Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`it("should allow access to models for the given scope", function () {`
			`var ds = loopback.createDataSource({connector: loopback.Memory});`
			`Scope.attachTo(ds);`
Merge ScopeACL into ACL 2013-11-13 18:02:59 +00:00			`ACL.attachTo(ds);`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00
			`// console.log(Scope.relations);`

			`Scope.create({name: 'user', description: 'access user information'}, function (err, scope) {`
			`// console.log(scope);`
Merge ScopeACL into ACL 2013-11-13 18:02:59 +00:00			`ACL.create({principalType: ACL.SCOPE, principalId: scope.id,`
			`model: 'user', property: 'name', accessType: ACL.READ, permission: ACL.ALLOW},`
Add constants and more tests 2013-11-12 18:10:32 +00:00			`function (err, resource) {`
Fix the permission check 2013-11-14 01:07:43 +00:00			`ACL.create({principalType: ACL.SCOPE, principalId: scope.id,`
			`model: 'user', property: 'name', accessType: ACL.WRITE, permission: ACL.DENY},`
			`function (err, resource) {`
			`// console.log(resource);`
			`Scope.checkPermission('user', 'user', ACL.ALL, ACL.ALL, function (err, perm) {`
Fix the permission resolution 2013-11-14 01:24:42 +00:00			`assert(perm.permission === ACL.DENY); // because name.WRITE == DENY`
Fix the permission check 2013-11-14 01:07:43 +00:00			`});`
			`Scope.checkPermission('user', 'user', 'name', ACL.ALL, function (err, perm) {`
Fix the permission resolution 2013-11-14 01:24:42 +00:00			`assert(perm.permission === ACL.DENY); // because name.WRITE == DENY`
Fix the permission check 2013-11-14 01:07:43 +00:00			`});`
			`Scope.checkPermission('user', 'user', 'name', ACL.READ, function (err, perm) {`
			`assert(perm.permission === ACL.ALLOW);`
			`});`
			`Scope.checkPermission('user', 'user', 'name', ACL.WRITE, function (err, perm) {`
			`assert(perm.permission === ACL.DENY);`
			`});`
			`});`
			`});`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00			`});`

			`});`

			`});`

			`describe('security ACLs', function () {`

			`it("should allow access to models for the given principal by wildcard", function () {`
			`var ds = loopback.createDataSource({connector: loopback.Memory});`
			`ACL.attachTo(ds);`

Add constants and more tests 2013-11-12 18:10:32 +00:00			`ACL.create({principalType: 'user', principalId: 'u001', model: 'user', property: ACL.ALL,`
			`accessType: ACL.ALL, permission: ACL.ALLOW}, function (err, acl) {`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00
Fix the permission resolution 2013-11-14 01:24:42 +00:00			`ACL.create({principalType: 'user', principalId: 'u001', model: 'user', property: ACL.ALL,`
			`accessType: ACL.READ, permission: ACL.DENY}, function (err, acl) {`

			`ACL.checkPermission('user', 'u001', 'user', 'name', ACL.READ, function (err, perm) {`
			`assert(perm.permission === ACL.DENY);`
			`});`

			`ACL.checkPermission('user', 'u001', 'user', 'name', ACL.ALL, function (err, perm) {`
			`assert(perm.permission === ACL.DENY);`
			`});`

			`});`
Define the models/relations for ACL 2013-11-12 06:16:51 +00:00
			`});`

			`});`

Start to build the ACL models 2013-11-10 06:22:16 +00:00			`});`