Merge pull request #2692 from overleaf/ta-authorization-helper

Add Authorizationhelper GitOrigin-RevId: 35fa8d8fc005c9eb171621c872010e6c831ba8f6
2026-06-01 13:21:37 +02:00 · 2020-04-01 10:08:14 -05:00
parent 1d7b454c96
commit 35ef98781f
2 changed files with 79 additions and 0 deletions
--- a/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js
+++ b/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js
@@ -0,0 +1,60 @@
+const chai = require('chai')
+const SandboxedModule = require('sandboxed-module')
+const { expect } = chai
+const modulePath = '../../../../app/src/Features/Helpers/AuthorizationHelper'
+
+describe('AuthorizationHelper', function() {
+  beforeEach(function() {
+    this.AuthorizationHelper = SandboxedModule.require(modulePath, {
+      globals: {
+        console: console
+      },
+      requires: {
+        '../../models/User': {
+          UserSchema: {
+            obj: {
+              staffAccess: {
+                publisherMetrics: {},
+                publisherManagement: {},
+                institutionMetrics: {},
+                institutionManagement: {},
+                groupMetrics: {},
+                groupManagement: {},
+                adminMetrics: {}
+              }
+            }
+          }
+        }
+      }
+    })
+  })
+
+  describe('hasAnyStaffAccess', function() {
+    it('with empty user', function() {
+      const user = {}
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
+    })
+
+    it('with no access user', function() {
+      const user = { isAdmin: false, staffAccess: { adminMetrics: false } }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
+    })
+
+    it('with admin user', function() {
+      const user = { isAdmin: true }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
+    })
+
+    it('with staff user', function() {
+      const user = { staffAccess: { adminMetrics: true, somethingElse: false } }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
+    })
+
+    it('with non-staff user with extra attributes', function() {
+      // make sure that staffAccess attributes not declared on the model don't
+      // give user access
+      const user = { staffAccess: { adminMetrics: false, somethingElse: true } }
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
+    })
+  })
+})