diff --git a/loopback/common/methods/application/spec/checkColumnPermission.spec.js b/loopback/common/methods/application/spec/checkColumnPermission.spec.js new file mode 100644 index 000000000..2987d059b --- /dev/null +++ b/loopback/common/methods/application/spec/checkColumnPermission.spec.js @@ -0,0 +1,74 @@ +const {models} = require('vn-loopback/server/server'); +const UserError = require('vn-loopback/util/user-error'); + +describe('Application checkColumnPermission()', () => { + let tx; + let options; + beforeEach(async() => { + tx = await models.Application.beginTransaction({}); + options = {transaction: tx}; + + await models.Application.rawSql(` + CREATE TABLE vn.testTable ( + testColumn VARCHAR(255) + ) ENGINE=InnoDB; + `, null, options); + + const user = await models.VnUser.findById(1, null, options); + await user.updateAttributes({ + roleFk: 1, + }, options); + + await models.Application.rawSql(` + GRANT UPDATE (testColumn) ON vn.testTable TO employee; + `, null, options); + }); + + afterEach(async() => { + await models.Application.rawSql(` + DROP TABLE vn.testTable; + `); // Non-transactional DDL operations + await tx.rollback(); + }); + + it('should pass if the user has the required permission', async() => { + const response = await models.Application.checkColumnPermission( + 'vn', + 'testTable', + 'testColumn', + 'UPDATE', + 1 + ); + + expect(response).toBeUndefined(); + }); + + it('should throw an error if the user lacks permission', async() => { + try { + const result = await models.Application.checkColumnPermission( + 'vn', + 'testTable', + 'testColumn', + 'INSERT', + 1 + ); + + expect(result).toBeUndefined(); + } catch (err) { + expect(err).toBeInstanceOf(UserError); + expect(err.message).toBeDefined(); + } + }); + + it('should not throw an error if the user does not exist', async() => { + const response = await models.Application.checkColumnPermission( + 'vn', + 'testTable', + 'testColumn', + 'UPDATE', + 999999 // Non-existent user + ); + + expect(response).toBeUndefined(); + }); +});