Merge pull request #2692 from overleaf/ta-authorization-helper

Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6
2026-05-25 18:20:09 +02:00 · 2020-04-01 10:08:14 -05:00
parent 1d7b454c96
commit 35ef98781f
2 changed files with 79 additions and 0 deletions
--- a/services/web/app/src/Features/Helpers/AuthorizationHelper.js
+++ b/services/web/app/src/Features/Helpers/AuthorizationHelper.js
@@ -0,0 +1,19 @@
+const { UserSchema } = require('../../models/User')
+
+module.exports = {
+  hasAnyStaffAccess
+}
+
+function hasAnyStaffAccess(user) {
+  if (user.isAdmin) {
+    return true
+  }
+  if (!user.staffAccess) {
+    return false
+  }
+
+  for (const key of Object.keys(UserSchema.obj.staffAccess)) {
+    if (user.staffAccess[key]) return true
+  }
+  return false
+}
--- a/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js
+++ b/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js
@@ -0,0 +1,60 @@
+const chai = require('chai')
+const SandboxedModule = require('sandboxed-module')
+const { expect } = chai
+const modulePath = '../../../../app/src/Features/Helpers/AuthorizationHelper'
+
+describe('AuthorizationHelper', function() {
+  beforeEach(function() {
+    this.AuthorizationHelper = SandboxedModule.require(modulePath, {
+      globals: {
+        console: console
+      },
+      requires: {
+        '../../models/User': {
+          UserSchema: {
+            obj: {
+              staffAccess: {
+                publisherMetrics: {},
+                publisherManagement: {},
+                institutionMetrics: {},
+                institutionManagement: {},
+                groupMetrics: {},
+                groupManagement: {},
+                adminMetrics: {}
+              }
+            }
+          }
+        }
+      }
+    })
+  })
+
+  describe('hasAnyStaffAccess', function() {
+    it('with empty user', function() {
+      const user = {}
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
+    })
+
+    it('with no access user', function() {
+      const user = { isAdmin: false, staffAccess: { adminMetrics: false } }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
+    })
+
+    it('with admin user', function() {
+      const user = { isAdmin: true }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
+    })
+
+    it('with staff user', function() {
+      const user = { staffAccess: { adminMetrics: true, somethingElse: false } }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
+    })
+
+    it('with non-staff user with extra attributes', function() {
+      // make sure that staffAccess attributes not declared on the model don't
+      // give user access
+      const user = { staffAccess: { adminMetrics: false, somethingElse: true } }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
+    })
+  })
+})