mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-24 17:51:51 +02:00
2dfcfd1804
[web] Add view-only version of institution managers page GitOrigin-RevId: 65d19e42220932fe268d595ea13d0ba0b18c4398
261 lines
7.7 KiB
JavaScript
261 lines
7.7 KiB
JavaScript
import { expect } from 'chai'
|
|
import async from 'async'
|
|
import User from './helpers/User.mjs'
|
|
import Institution from './helpers/Institution.mjs'
|
|
import Subscription from './helpers/Subscription.mjs'
|
|
import Publisher from './helpers/Publisher.mjs'
|
|
import sinon from 'sinon'
|
|
import RecurlyClient from '../../../app/src/Features/Subscription/RecurlyClient.mjs'
|
|
import Settings from '@overleaf/settings'
|
|
import Features from '../../../app/src/infrastructure/Features.mjs'
|
|
|
|
describe('UserMembershipAuthorization', function () {
|
|
beforeEach(function (done) {
|
|
if (!Features.hasFeature('saas')) {
|
|
this.skip()
|
|
}
|
|
|
|
this.user = new User()
|
|
sinon.stub(RecurlyClient.promises, 'getSubscription').resolves({})
|
|
|
|
this.adminRolesEnabledStub = sinon.stub(Settings, 'adminRolesEnabled')
|
|
this.adminRolesEnabledStub.value(true)
|
|
|
|
this.adminPrivilegeAvailableStub = sinon.stub(
|
|
Settings,
|
|
'adminPrivilegeAvailable'
|
|
)
|
|
this.adminPrivilegeAvailableStub.value(true)
|
|
|
|
async.series([this.user.ensureUserExists.bind(this.user)], done)
|
|
})
|
|
|
|
afterEach(function () {
|
|
if (!Features.hasFeature('saas')) {
|
|
return
|
|
}
|
|
|
|
RecurlyClient.promises.getSubscription.restore()
|
|
this.adminRolesEnabledStub.restore()
|
|
this.adminPrivilegeAvailableStub.restore()
|
|
})
|
|
|
|
describe('group', function () {
|
|
beforeEach(function (done) {
|
|
this.subscription = new Subscription({
|
|
groupPlan: true,
|
|
})
|
|
async.series(
|
|
[
|
|
this.subscription.ensureExists.bind(this.subscription),
|
|
cb => this.user.login(cb),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
|
|
describe('users management', function () {
|
|
it('should allow managers only', function (done) {
|
|
const url = `/manage/groups/${this.subscription._id}/members`
|
|
async.series(
|
|
[
|
|
expectAccess(this.user, url, 403),
|
|
cb => this.subscription.setManagerIds([this.user._id], cb),
|
|
expectAccess(this.user, url, 200),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
})
|
|
|
|
describe('managers management', function () {
|
|
it('should allow managers only', function (done) {
|
|
const url = `/manage/groups/${this.subscription._id}/managers`
|
|
async.series(
|
|
[
|
|
expectAccess(this.user, url, 403),
|
|
cb => this.subscription.setManagerIds([this.user._id], cb),
|
|
expectAccess(this.user, url, 200),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('institution', function () {
|
|
beforeEach(async function () {
|
|
this.institution = new Institution()
|
|
await this.institution.ensureExists(this.institution)
|
|
})
|
|
|
|
describe('users management', function () {
|
|
it('should allow managers', function (done) {
|
|
const url = `/manage/institutions/${this.institution.v1Id}/managers`
|
|
async.series(
|
|
[
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 403),
|
|
cb => this.institution.setManagerIds([this.user._id], cb),
|
|
expectAccess(this.user, url, 200),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
|
|
it('should allow admin users', function (done) {
|
|
const url = `/manage/institutions/${this.institution.v1Id}/managers`
|
|
async.series(
|
|
[
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 403),
|
|
cb => this.user.ensureAdmin(cb),
|
|
cb => this.user.ensureAdminRole('sales', cb),
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 200),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
|
|
it('should not allow "sales" admin to add managers', function (done) {
|
|
const url = `/manage/institutions/${this.institution.v1Id}/managers`
|
|
async.series(
|
|
[
|
|
this.user.login.bind(this.user),
|
|
expectPost(this.user, url, { email: this.user.email }, 403),
|
|
cb => this.user.ensureAdmin(cb),
|
|
cb => this.user.ensureAdminRole('sales', cb),
|
|
this.user.login.bind(this.user),
|
|
expectPost(this.user, url, { email: this.user.email }, 403),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
|
|
it('should allow "engineering" admin to add managers', function (done) {
|
|
const user = new User()
|
|
const url = `/manage/institutions/${this.institution.v1Id}/managers`
|
|
async.series(
|
|
[
|
|
user.ensureUserExists.bind(user),
|
|
this.user.login.bind(this.user),
|
|
expectPost(this.user, url, { email: user.email }, 403),
|
|
cb => this.user.ensureAdmin(cb),
|
|
cb => this.user.ensureAdminRole('engineering', cb),
|
|
this.user.login.bind(this.user),
|
|
expectPost(this.user, url, { email: user.email }, 200),
|
|
cb => this.institution.setManagerIds([], cb),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
})
|
|
|
|
describe('creation', function () {
|
|
it('should allow admin only', function (done) {
|
|
const url = `/entities/institution/create/foo`
|
|
async.series(
|
|
[
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 403),
|
|
cb => this.user.ensureAdmin(cb),
|
|
cb => this.user.ensureAdminRole('engineering', cb),
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 200),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('publisher', function () {
|
|
beforeEach(function (done) {
|
|
this.publisher = new Publisher({})
|
|
async.series(
|
|
[
|
|
this.publisher.ensureExists.bind(this.publisher),
|
|
cb => this.user.login(cb),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
|
|
describe('managers management', function () {
|
|
it('should allow managers only', function (done) {
|
|
const url = `/manage/publishers/${this.publisher.slug}/managers`
|
|
async.series(
|
|
[
|
|
expectAccess(this.user, url, 403),
|
|
cb => this.publisher.setManagerIds([this.user._id], cb),
|
|
expectAccess(this.user, url, 200),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
})
|
|
|
|
describe('creation', function () {
|
|
it('should redirect admin only', function (done) {
|
|
const url = `/manage/publishers/foo/managers`
|
|
async.series(
|
|
[
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 404),
|
|
cb => this.user.ensureAdmin(cb),
|
|
cb => this.user.ensureAdminRole('engineering', cb),
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 302, /\/create/),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
|
|
it('should allow admin only', function (done) {
|
|
const url = `/entities/publisher/create/foo`
|
|
async.series(
|
|
[
|
|
expectAccess(this.user, url, 403),
|
|
cb => this.user.ensureAdmin(cb),
|
|
cb => this.user.ensureAdminRole('engineering', cb),
|
|
this.user.login.bind(this.user),
|
|
expectAccess(this.user, url, 200),
|
|
],
|
|
done
|
|
)
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
function expectAccess(user, url, status, pattern) {
|
|
return callback => {
|
|
user.request.get({ url }, (error, response, body) => {
|
|
if (error) {
|
|
return callback(error)
|
|
}
|
|
expect(response.statusCode).to.equal(status)
|
|
if (pattern) {
|
|
expect(body).to.match(pattern)
|
|
}
|
|
callback()
|
|
})
|
|
}
|
|
}
|
|
|
|
function expectPost(user, url, body, status, pattern) {
|
|
return callback => {
|
|
user.request.post({ url, json: body }, (error, response, body) => {
|
|
if (error) {
|
|
return callback(error)
|
|
}
|
|
expect(response.statusCode).to.equal(status)
|
|
if (pattern) {
|
|
expect(body).to.match(pattern)
|
|
}
|
|
callback()
|
|
})
|
|
}
|
|
}
|