feat: refs #8239 Added tests

2024-12-18 09:02:31 +01:00 · 2024-12-18 09:02:31 +01:00 · 62b7e3b3e2
parent 94549f1fed
commit 62b7e3b3e2
1 changed files with 74 additions and 0 deletions
--- a/loopback/common/methods/application/spec/checkColumnPermission.spec.js
+++ b/loopback/common/methods/application/spec/checkColumnPermission.spec.js
@ -0,0 +1,74 @@
+const {models} = require('vn-loopback/server/server');
+const UserError = require('vn-loopback/util/user-error');
+
+describe('Application checkColumnPermission()', () => {
+    let tx;
+    let options;
+    beforeEach(async() => {
+        tx = await models.Application.beginTransaction({});
+        options = {transaction: tx};
+
+        await models.Application.rawSql(`
+            CREATE TABLE vn.testTable (
+                testColumn VARCHAR(255)
+            ) ENGINE=InnoDB;
+        `, null, options);
+
+        const user = await models.VnUser.findById(1, null, options);
+        await user.updateAttributes({
+            roleFk: 1,
+        }, options);
+
+        await models.Application.rawSql(`
+            GRANT UPDATE (testColumn) ON vn.testTable TO employee;
+        `, null, options);
+    });
+
+    afterEach(async() => {
+        await models.Application.rawSql(`
+            DROP TABLE vn.testTable;
+        `); // Non-transactional DDL operations
+        await tx.rollback();
+    });
+
+    it('should pass if the user has the required permission', async() => {
+        const response = await models.Application.checkColumnPermission(
+            'vn',
+            'testTable',
+            'testColumn',
+            'UPDATE',
+            1
+        );
+
+        expect(response).toBeUndefined();
+    });
+
+    it('should throw an error if the user lacks permission', async() => {
+        try {
+            const result = await models.Application.checkColumnPermission(
+                'vn',
+                'testTable',
+                'testColumn',
+                'INSERT',
+                1
+            );
+
+            expect(result).toBeUndefined();
+        } catch (err) {
+            expect(err).toBeInstanceOf(UserError);
+            expect(err.message).toBeDefined();
+        }
+    });
+
+    it('should not throw an error if the user does not exist', async() => {
+        const response = await models.Application.checkColumnPermission(
+            'vn',
+            'testTable',
+            'testColumn',
+            'UPDATE',
+            999999 // Non-existent user
+        );
+
+        expect(response).toBeUndefined();
+    });
+});