2016-03-04 18:53:37 -05:00
|
|
|
|
"use strict";
|
2016-01-28 10:58:12 -08:00
|
|
|
|
|
|
|
|
|
|
// Roles are not accessible without the master key, so they are not intended
|
|
|
|
|
|
// for use by clients. We can manually test them using the master key.
|
2016-02-26 13:35:56 -05:00
|
|
|
|
var Auth = require("../src/Auth").Auth;
|
|
|
|
|
|
var Config = require("../src/Config");
|
2016-01-28 10:58:12 -08:00
|
|
|
|
|
|
|
|
|
|
describe('Parse Role testing', () => {
|
|
|
|
|
|
|
|
|
|
|
|
it('Do a bunch of basic role testing', (done) => {
|
|
|
|
|
|
|
|
|
|
|
|
var user;
|
|
|
|
|
|
var role;
|
|
|
|
|
|
|
|
|
|
|
|
createTestUser().then((x) => {
|
|
|
|
|
|
user = x;
|
|
|
|
|
|
role = new Parse.Object('_Role');
|
|
|
|
|
|
role.set('name', 'Foos');
|
|
|
|
|
|
var users = role.relation('users');
|
|
|
|
|
|
users.add(user);
|
|
|
|
|
|
return role.save({}, { useMasterKey: true });
|
|
|
|
|
|
}).then((x) => {
|
|
|
|
|
|
var query = new Parse.Query('_Role');
|
|
|
|
|
|
return query.find({ useMasterKey: true });
|
|
|
|
|
|
}).then((x) => {
|
|
|
|
|
|
expect(x.length).toEqual(1);
|
|
|
|
|
|
var relation = x[0].relation('users').query();
|
|
|
|
|
|
return relation.first({ useMasterKey: true });
|
|
|
|
|
|
}).then((x) => {
|
|
|
|
|
|
expect(x.id).toEqual(user.id);
|
|
|
|
|
|
// Here we've got a valid role and a user assigned.
|
|
|
|
|
|
// Lets create an object only the role can read/write and test
|
|
|
|
|
|
// the different scenarios.
|
|
|
|
|
|
var obj = new Parse.Object('TestObject');
|
|
|
|
|
|
var acl = new Parse.ACL();
|
|
|
|
|
|
acl.setPublicReadAccess(false);
|
|
|
|
|
|
acl.setPublicWriteAccess(false);
|
|
|
|
|
|
acl.setRoleReadAccess('Foos', true);
|
|
|
|
|
|
acl.setRoleWriteAccess('Foos', true);
|
|
|
|
|
|
obj.setACL(acl);
|
|
|
|
|
|
return obj.save();
|
|
|
|
|
|
}).then((x) => {
|
|
|
|
|
|
var query = new Parse.Query('TestObject');
|
|
|
|
|
|
return query.find({ sessionToken: user.getSessionToken() });
|
|
|
|
|
|
}).then((x) => {
|
|
|
|
|
|
expect(x.length).toEqual(1);
|
|
|
|
|
|
var objAgain = x[0];
|
|
|
|
|
|
objAgain.set('foo', 'bar');
|
|
|
|
|
|
// This should succeed:
|
|
|
|
|
|
return objAgain.save({}, {sessionToken: user.getSessionToken()});
|
|
|
|
|
|
}).then((x) => {
|
|
|
|
|
|
x.set('foo', 'baz');
|
|
|
|
|
|
// This should fail:
|
2016-02-13 08:18:43 -05:00
|
|
|
|
return x.save({},{sessionToken: ""});
|
2016-01-28 10:58:12 -08:00
|
|
|
|
}).then((x) => {
|
|
|
|
|
|
fail('Should not have been able to save.');
|
|
|
|
|
|
}, (e) => {
|
|
|
|
|
|
done();
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
});
|
2016-03-02 11:13:24 +08:00
|
|
|
|
|
2016-02-26 13:35:56 -05:00
|
|
|
|
it("should recursively load roles", (done) => {
|
2016-03-02 11:13:24 +08:00
|
|
|
|
|
2016-02-26 13:35:56 -05:00
|
|
|
|
var rolesNames = ["FooRole", "BarRole", "BazRole"];
|
2016-03-02 11:13:24 +08:00
|
|
|
|
|
2016-03-04 18:53:37 -05:00
|
|
|
|
var createRole = function(name, sibling, user) {
|
2016-03-02 16:08:39 +08:00
|
|
|
|
var role = new Parse.Role(name, new Parse.ACL());
|
2016-02-26 13:35:56 -05:00
|
|
|
|
if (user) {
|
|
|
|
|
|
var users = role.relation('users');
|
2016-03-02 11:13:24 +08:00
|
|
|
|
users.add(user);
|
2016-02-26 13:35:56 -05:00
|
|
|
|
}
|
2016-03-04 18:53:37 -05:00
|
|
|
|
if (sibling) {
|
|
|
|
|
|
role.relation('roles').add(sibling);
|
2016-02-26 13:35:56 -05:00
|
|
|
|
}
|
|
|
|
|
|
return role.save({}, { useMasterKey: true });
|
|
|
|
|
|
}
|
|
|
|
|
|
var roleIds = {};
|
|
|
|
|
|
createTestUser().then( (user) => {
|
2016-03-04 18:53:37 -05:00
|
|
|
|
// Put the user on the 1st role
|
|
|
|
|
|
return createRole(rolesNames[0], null, user).then( (aRole) => {
|
2016-02-26 13:35:56 -05:00
|
|
|
|
roleIds[aRole.get("name")] = aRole.id;
|
2016-03-04 18:53:37 -05:00
|
|
|
|
// set the 1st role as a sibling of the second
|
|
|
|
|
|
// user will should have 2 role now
|
2016-02-26 13:35:56 -05:00
|
|
|
|
return createRole(rolesNames[1], aRole, null);
|
|
|
|
|
|
}).then( (anotherRole) => {
|
|
|
|
|
|
roleIds[anotherRole.get("name")] = anotherRole.id;
|
2016-03-04 18:53:37 -05:00
|
|
|
|
// set this role as a sibling of the last
|
|
|
|
|
|
// the user should now have 3 roles
|
|
|
|
|
|
return createRole(rolesNames[2], anotherRole, null);
|
2016-02-26 13:35:56 -05:00
|
|
|
|
}).then( (lastRole) => {
|
|
|
|
|
|
roleIds[lastRole.get("name")] = lastRole.id;
|
2016-03-02 20:59:25 -08:00
|
|
|
|
var auth = new Auth({ config: new Config("test"), isMaster: true, user: user });
|
2016-02-26 13:35:56 -05:00
|
|
|
|
return auth._loadRoles();
|
|
|
|
|
|
})
|
|
|
|
|
|
}).then( (roles) => {
|
|
|
|
|
|
expect(roles.length).toEqual(3);
|
|
|
|
|
|
rolesNames.forEach( (name) => {
|
|
|
|
|
|
expect(roles.indexOf('role:'+name)).not.toBe(-1);
|
|
|
|
|
|
})
|
|
|
|
|
|
done();
|
|
|
|
|
|
}, function(err){
|
|
|
|
|
|
fail("should succeed")
|
|
|
|
|
|
done();
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
2016-01-28 10:58:12 -08:00
|
|
|
|
|
2016-03-02 11:13:24 +08:00
|
|
|
|
it("_Role object should not save without name.", (done) => {
|
|
|
|
|
|
var role = new Parse.Role();
|
|
|
|
|
|
role.save(null,{useMasterKey:true})
|
|
|
|
|
|
.then((r) => {
|
|
|
|
|
|
fail("_Role object should not save without name.");
|
|
|
|
|
|
}, (error) => {
|
2016-03-02 12:21:18 +08:00
|
|
|
|
expect(error.code).toEqual(111);
|
2016-03-02 16:08:39 +08:00
|
|
|
|
role.set('name','testRole');
|
|
|
|
|
|
role.save(null,{useMasterKey:true})
|
|
|
|
|
|
.then((r2)=>{
|
|
|
|
|
|
fail("_Role object should not save without ACL.");
|
|
|
|
|
|
}, (error2) =>{
|
|
|
|
|
|
expect(error2.code).toEqual(111);
|
|
|
|
|
|
done();
|
|
|
|
|
|
});
|
2016-03-02 11:13:24 +08:00
|
|
|
|
});
|
|
|
|
|
|
});
|
2016-03-04 18:53:37 -05:00
|
|
|
|
|
|
|
|
|
|
it("Should properly resolve roles", (done) => {
|
|
|
|
|
|
let admin = new Parse.Role("Admin", new Parse.ACL());
|
|
|
|
|
|
let moderator = new Parse.Role("Moderator", new Parse.ACL());
|
2016-03-04 19:40:22 -05:00
|
|
|
|
let superModerator = new Parse.Role("SuperModerator", new Parse.ACL());
|
|
|
|
|
|
let contentManager = new Parse.Role('ContentManager', new Parse.ACL());
|
|
|
|
|
|
let superContentManager = new Parse.Role('SuperContentManager', new Parse.ACL());
|
|
|
|
|
|
Parse.Object.saveAll([admin, moderator, contentManager, superModerator, superContentManager], {useMasterKey: true}).then(() => {
|
|
|
|
|
|
contentManager.getRoles().add([moderator, superContentManager]);
|
|
|
|
|
|
moderator.getRoles().add([admin, superModerator]);
|
|
|
|
|
|
superContentManager.getRoles().add(superModerator);
|
|
|
|
|
|
return Parse.Object.saveAll([admin, moderator, contentManager, superModerator, superContentManager], {useMasterKey: true});
|
2016-03-04 18:53:37 -05:00
|
|
|
|
}).then(() => {
|
|
|
|
|
|
var auth = new Auth({ config: new Config("test"), isMaster: true });
|
|
|
|
|
|
// For each role, fetch their sibling, what they inherit
|
|
|
|
|
|
// return with result and roleId for later comparison
|
2016-03-04 19:40:22 -05:00
|
|
|
|
let promises = [admin, moderator, contentManager, superModerator].map((role) => {
|
2016-03-04 18:53:37 -05:00
|
|
|
|
return auth._getAllRoleNamesForId(role.id).then((result) => {
|
|
|
|
|
|
return Parse.Promise.as({
|
|
|
|
|
|
id: role.id,
|
2016-03-04 19:40:22 -05:00
|
|
|
|
name: role.get('name'),
|
2016-03-04 18:53:37 -05:00
|
|
|
|
roleIds: result
|
|
|
|
|
|
});
|
|
|
|
|
|
})
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
return Parse.Promise.when(promises);
|
|
|
|
|
|
}).then((results) => {
|
|
|
|
|
|
results.forEach((result) => {
|
|
|
|
|
|
let id = result.id;
|
|
|
|
|
|
let roleIds = result.roleIds;
|
|
|
|
|
|
if (id == admin.id) {
|
|
|
|
|
|
expect(roleIds.length).toBe(2);
|
|
|
|
|
|
expect(roleIds.indexOf(moderator.id)).not.toBe(-1);
|
2016-03-04 19:40:22 -05:00
|
|
|
|
expect(roleIds.indexOf(contentManager.id)).not.toBe(-1);
|
2016-03-04 18:53:37 -05:00
|
|
|
|
} else if (id == moderator.id) {
|
|
|
|
|
|
expect(roleIds.length).toBe(1);
|
2016-03-04 19:40:22 -05:00
|
|
|
|
expect(roleIds.indexOf(contentManager.id)).toBe(0);
|
|
|
|
|
|
} else if (id == contentManager.id) {
|
2016-03-04 18:53:37 -05:00
|
|
|
|
expect(roleIds.length).toBe(0);
|
2016-03-04 19:40:22 -05:00
|
|
|
|
} else if (id == superModerator.id) {
|
|
|
|
|
|
expect(roleIds.length).toBe(3);
|
|
|
|
|
|
expect(roleIds.indexOf(moderator.id)).not.toBe(-1);
|
|
|
|
|
|
expect(roleIds.indexOf(contentManager.id)).not.toBe(-1);
|
|
|
|
|
|
expect(roleIds.indexOf(superContentManager.id)).not.toBe(-1);
|
2016-03-04 18:53:37 -05:00
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
done();
|
|
|
|
|
|
}).fail((err) => {
|
|
|
|
|
|
console.error(err);
|
|
|
|
|
|
done();
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
});
|
2016-03-02 11:13:24 +08:00
|
|
|
|
|
2016-03-06 00:34:44 -08:00
|
|
|
|
it('can create role and query empty users', (done)=> {
|
|
|
|
|
|
var roleACL = new Parse.ACL();
|
|
|
|
|
|
roleACL.setPublicReadAccess(true);
|
|
|
|
|
|
var role = new Parse.Role('subscribers', roleACL);
|
|
|
|
|
|
role.save({}, {useMasterKey : true})
|
|
|
|
|
|
.then((x)=>{
|
|
|
|
|
|
var query = role.relation('users').query();
|
|
|
|
|
|
query.find({useMasterKey : true})
|
|
|
|
|
|
.then((users)=>{
|
|
|
|
|
|
done();
|
|
|
|
|
|
}, (e)=>{
|
|
|
|
|
|
fail('should not have errors');
|
|
|
|
|
|
done();
|
|
|
|
|
|
});
|
|
|
|
|
|
}, (e) => {
|
|
|
|
|
|
console.log(e);
|
|
|
|
|
|
fail('should not have errored');
|
|
|
|
|
|
});
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2016-01-28 10:58:12 -08:00
|
|
|
|
});
|
|
|
|
|
|
|
