agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-02 21:59:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2c44d657852aa67e415953a5efecb2693a843e17
overleaf-cep/services/web/test/unit/src/HelperFiles/AdminAuthorizationHelperTests.js
T
Antoine Clausse 2c44d65785 [web] Add requireAdminRoles param to hasAdminCapability (#28006) 
* Add `requireAdminRoles` param to `hasAdminCapability`

https://github.com/overleaf/internal/pull/27965#discussion_r2284808889

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>

* Update test

---------

Co-authored-by: Andrew Rumble <andrew.rumble@overleaf.com>
GitOrigin-RevId: 83f8af84debc70c7a2e294638747369c786be22f
2025-08-20 08:05:52 +00:00

480 lines
16 KiB
JavaScript
Raw Blame History

const { expect } = require('chai')
const SandboxedModule = require('sandboxed-module')
const sinon = require('sinon')
const MockRequest = require('../helpers/MockRequest')
const MockResponse = require('../helpers/MockResponse')
const modulePath =
'../../../../app/src/Features/Helpers/AdminAuthorizationHelper'
describe('AdminAuthorizationHelper', function () {
beforeEach(function () {
this.fireHook = sinon.stub().resolves([])
this.settings = {
adminPrivilegeAvailable: true,
adminUrl: 'https://admin.overleaf.com',
adminRolesEnabled: true,
}
this.AdminAuthorizationHelper = SandboxedModule.require(modulePath, {
requires: {
'@overleaf/settings': this.settings,
'../../infrastructure/Modules': {
promises: {
hooks: {
fire: this.fireHook,
},
},
},
},
})
})
describe('getAdminCapabilities', function () {
describe('when modules return capabilities', function () {
let result
const module1Capabilities = ['capability1', 'capability2']
const module2Capabilities = ['capability2', 'capability3']
beforeEach(async function () {
this.fireHook.resolves([module1Capabilities, module2Capabilities])
result = await this.AdminAuthorizationHelper.getAdminCapabilities({})
})
it('returns true for adminCapabilitiesAvailable', async function () {
expect(result.adminCapabilitiesAvailable).to.be.true
})
it('returns a flattened array of the returned capabilities', function () {
expect(result.adminCapabilities)
.to.be.an('array')
.that.includes(...module1Capabilities, ...module2Capabilities)
})
})
describe('when no module returns capabilities', function () {
let result
beforeEach(async function () {
result = await this.AdminAuthorizationHelper.getAdminCapabilities({})
})
it('returns false for adminCapabilitiesAvailable', function () {
expect(result.adminCapabilitiesAvailable).to.be.false
})
it('returns an empty adminCapabilities array', function () {
expect(result.adminCapabilities).to.be.an('array').that.is.empty
})
})
})
describe('useAdminCapabilities', function () {
describe('when admin capabilities are not available', function () {
describe('user is null', function () {
beforeEach(async function () {
this.req = new MockRequest()
this.res = new MockResponse()
this.next = sinon.stub()
this.req.session = {
user: null,
}
await this.AdminAuthorizationHelper.useAdminCapabilities(
this.req,
this.res,
this.next
)
})
it('does not define adminCapabilitiesAvailable on req', function () {
expect(this.req).not.to.have.property('adminCapabilitiesAvailable')
})
it('defines adminCapabilities as an empty array on req', function () {
expect(this.req).to.have.property('adminCapabilities')
expect(this.req.adminCapabilities).to.be.an('array')
expect(this.req.adminCapabilities).to.be.empty
})
})
describe('user is not an admin', function () {
beforeEach(async function () {
this.req = new MockRequest()
this.res = new MockResponse()
this.next = sinon.stub()
this.user = {
isAdmin: false,
}
this.req.session = {
user: this.user,
}
await this.AdminAuthorizationHelper.useAdminCapabilities(
this.req,
this.res,
this.next
)
})
it('does not define adminCapabilitiesAvailable on req', function () {
expect(this.req).not.to.have.property('adminCapabilitiesAvailable')
})
it('defines adminCapabilities as an empty array on req', function () {
expect(this.req).to.have.property('adminCapabilities')
expect(this.req.adminCapabilities).to.be.an('array')
expect(this.req.adminCapabilities).to.be.empty
})
})
describe('user is an admin', function () {
beforeEach(async function () {
this.req = new MockRequest()
this.res = new MockResponse()
this.next = sinon.stub()
this.user = {
isAdmin: true,
}
this.req.session = {
user: this.user,
}
await this.AdminAuthorizationHelper.useAdminCapabilities(
this.req,
this.res,
this.next
)
})
it('defines adminCapabilitiesAvailable as false on req', function () {
expect(this.req).to.have.property('adminCapabilitiesAvailable', false)
})
it('defines adminCapabilities as an empty array', function () {
expect(this.req).to.have.property('adminCapabilities')
expect(this.req.adminCapabilities).to.be.an('array')
expect(this.req.adminCapabilities).to.be.empty
})
})
})
describe('when admin capabilities are available', function () {
beforeEach(function () {
this.fireHook.resolves(['capability1', 'capability2'])
})
describe('user is not an admin', function () {
beforeEach(async function () {
this.req = new MockRequest()
this.res = new MockResponse()
this.next = sinon.stub()
this.user = {
isAdmin: false,
}
this.req.session = {
user: this.user,
}
await this.AdminAuthorizationHelper.useAdminCapabilities(
this.req,
this.res,
this.next
)
})
it('does not define adminCapabilitiesAvailable on req', function () {
expect(this.req).not.to.have.property('adminCapabilitiesAvailable')
})
it('defines adminCapabilities as an empty array on req', function () {
expect(this.req).to.have.property('adminCapabilities')
expect(this.req.adminCapabilities).to.be.an('array')
expect(this.req.adminCapabilities).to.be.empty
})
})
describe('user is an admin', function () {
beforeEach(async function () {
this.req = new MockRequest()
this.res = new MockResponse()
this.next = sinon.stub()
this.user = {
isAdmin: true,
}
this.req.session = {
user: this.user,
}
await this.AdminAuthorizationHelper.useAdminCapabilities(
this.req,
this.res,
this.next
)
})
it('defines adminCapabilitiesAvailable as true on req', function () {
expect(this.req).to.have.property('adminCapabilitiesAvailable', true)
})
it('defines adminCapabilities with the capabilities returned from modules', function () {
expect(this.req).to.have.property('adminCapabilities')
expect(this.req.adminCapabilities).to.be.an('array')
expect(this.req.adminCapabilities).to.include('capability1')
expect(this.req.adminCapabilities).to.include('capability2')
})
})
})
describe('when getting capabilities from modules throws an error', function () {
beforeEach(async function () {
this.fireHook.rejects(new Error('Module error'))
this.req = new MockRequest()
this.res = new MockResponse()
this.next = sinon.stub()
this.user = {
isAdmin: true,
}
this.req.logger = {
warn: sinon.stub(),
}
this.req.session = {
user: this.user,
}
await this.AdminAuthorizationHelper.useAdminCapabilities(
this.req,
this.res,
this.next
)
})
it('logs the error', function () {
expect(this.logger.warn).to.have.been.calledWith(
sinon.match.has('err', sinon.match.instanceOf(Error))
)
})
it('defines adminCapabilitiesAvailable as true on req', function () {
expect(this.req).to.have.property('adminCapabilitiesAvailable', true)
})
it('defines adminCapabilities as an empty array', function () {
expect(this.req).to.have.property('adminCapabilities')
expect(this.req.adminCapabilities).to.be.an('array')
expect(this.req.adminCapabilities).to.be.empty
})
})
})
describe('useHasAdminCapability', function () {
it('adds hasAdminCapability to res.locals', function () {
const req = new MockRequest()
const res = new MockResponse()
const next = sinon.stub()
this.AdminAuthorizationHelper.useHasAdminCapability(req, res, next)
expect(res.locals).to.have.property('hasAdminCapability')
expect(res.locals.hasAdminCapability).to.be.a('function')
})
describe('when the user is not an admin', function () {
describe('when req.adminCapabilitiesAvailable is true', function () {
it('returns false for any capability', function () {
const req = new MockRequest()
const res = new MockResponse()
const next = sinon.stub()
req.adminCapabilitiesAvailable = true
req.adminCapabilities = []
req.session.user = { isAdmin: false }
this.AdminAuthorizationHelper.useHasAdminCapability(req, res, next)
expect(res.locals.hasAdminCapability('capability1')).to.be.false
})
})
describe('when req.adminCapabilitiesAvailable is false', function () {
it('returns false for any capability', function () {
const req = new MockRequest()
const res = new MockResponse()
const next = sinon.stub()
req.adminCapabilitiesAvailable = false
req.adminCapabilities = []
req.session.user = { isAdmin: false }
this.AdminAuthorizationHelper.useHasAdminCapability(req, res, next)
expect(res.locals.hasAdminCapability('capability1')).to.be.false
})
})
describe('when req.adminCapabilitiesAvailable is undefined', function () {
it('returns false for any capability', function () {
const req = new MockRequest()
const res = new MockResponse()
const next = sinon.stub()
req.session.user = { isAdmin: false }
this.AdminAuthorizationHelper.useHasAdminCapability(req, res, next)
expect(res.locals.hasAdminCapability('capability1')).to.be.false
})
})
})
describe('user is an admin', function () {
describe('when req.adminCapabilitiesAvailable is false', function () {
it('returns true for any capability', function () {
const req = new MockRequest()
const res = new MockResponse()
const next = sinon.stub()
req.session.user = { isAdmin: true }
req.adminCapabilitiesAvailable = false
this.AdminAuthorizationHelper.useHasAdminCapability(req, res, next)
expect(res.locals.hasAdminCapability('capability1')).to.be.true
})
})
describe('when req.adminCapabilitiesAvailable is undefined', function () {
it('returns true for any capability', function () {
const req = new MockRequest()
const res = new MockResponse()
const next = sinon.stub()
req.session.user = { isAdmin: true }
this.AdminAuthorizationHelper.useHasAdminCapability(req, res, next)
expect(res.locals.hasAdminCapability('capability1')).to.be.true
})
})
describe('when req.adminCapabilitiesAvailable is true', function () {
let req, res, next
beforeEach(function () {
req = new MockRequest()
res = new MockResponse()
next = sinon.stub()
req.session.user = { isAdmin: true }
req.adminCapabilitiesAvailable = true
req.adminCapabilities = ['capability1', 'capability2']
this.AdminAuthorizationHelper.useHasAdminCapability(req, res, next)
})
it('returns true for a capability the user has', function () {
expect(res.locals.hasAdminCapability('capability1')).to.be.true
})
it('returns false for a capability the user does not have', function () {
expect(res.locals.hasAdminCapability('capability3')).to.be.false
})
})
})
})
describe('hasAdminCapability', function () {
describe('when user is not an admin', function () {
it('returns false', function () {
const req = {
session: {
user: { isAdmin: false },
},
}
expect(
this.AdminAuthorizationHelper.hasAdminCapability('capability')(req)
).to.be.false
})
})
describe('when user is an admin', function () {
describe('when adminCapabilitiesAvailable is falsey', function () {
it('returns true', function () {
const req = {
session: {
user: { isAdmin: true },
},
adminCapabilitiesAvailable: false,
}
expect(
this.AdminAuthorizationHelper.hasAdminCapability('capability')(req)
).to.be.true
})
it('ignores the "requireAdminRoles" argument', function () {
const req = {
session: { user: { isAdmin: true } },
adminCapabilitiesAvailable: false,
}
expect(
this.AdminAuthorizationHelper.hasAdminCapability(
'capability',
true
)(req)
).to.be.true
expect(
this.AdminAuthorizationHelper.hasAdminCapability(
'capability',
false
)(req)
).to.be.true
})
})
describe('when adminCapabilitiesAvailable is true', function () {
describe('when user has the requested capability', function () {
it('returns true', function () {
const req = {
session: { user: { isAdmin: true } },
adminCapabilitiesAvailable: true,
adminCapabilities: ['capability'],
}
expect(
this.AdminAuthorizationHelper.hasAdminCapability('capability')(
req
)
).to.be.true
})
})
describe('when user does not have the requested capability', function () {
it('returns false', function () {
const req = {
session: { user: { isAdmin: true } },
adminCapabilitiesAvailable: true,
adminCapabilities: ['other-capability'],
}
expect(
this.AdminAuthorizationHelper.hasAdminCapability('capability')(
req
)
).to.be.false
})
})
})
})
describe('when admin roles are not enabled', function () {
beforeEach(function () {
this.settings.adminRolesEnabled = false
})
it('returns false even for admins', function () {
const req = { session: { user: { isAdmin: true } } }
expect(
this.AdminAuthorizationHelper.hasAdminCapability('capability')(req)
).to.be.false
expect(
this.AdminAuthorizationHelper.hasAdminCapability(
'capability',
true
)(req)
).to.be.false
})
it('returns true when requireAdminRoles=false', function () {
const req = { session: { user: { isAdmin: true } } }
expect(
this.AdminAuthorizationHelper.hasAdminCapability(
'capability',
false
)(req)
).to.be.true
})
})
})
})
Reference in New Issue View Git Blame Copy Permalink