mirror of
https://github.com/yu-i-i/overleaf-cep.git
synced 2026-05-27 02:51:57 +02:00
3073c94522
[real-time] convert real time to esm GitOrigin-RevId: 7cc530cc977549d3274be42585735e1fd72cad5f
480 lines
14 KiB
JavaScript
480 lines
14 KiB
JavaScript
import { beforeEach, describe, chai, expect, it } from 'vitest'
|
|
import sinon from 'sinon'
|
|
|
|
chai.should()
|
|
|
|
const modulePath = '../../../app/js/AuthorizationManager'
|
|
|
|
describe('AuthorizationManager', () => {
|
|
beforeEach(async ctx => {
|
|
ctx.client = { ol_context: {} }
|
|
|
|
ctx.AuthorizationManager = (await import(modulePath)).default
|
|
})
|
|
|
|
describe('assertClientCanViewProject', () => {
|
|
it('should allow the readOnly privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'readOnly'
|
|
ctx.AuthorizationManager.assertClientCanViewProject(
|
|
ctx.client,
|
|
error => {
|
|
expect(error).to.be.null
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow the readAndWrite privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'readAndWrite'
|
|
ctx.AuthorizationManager.assertClientCanViewProject(
|
|
ctx.client,
|
|
error => {
|
|
expect(error).to.be.null
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow the review privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'review'
|
|
ctx.AuthorizationManager.assertClientCanViewProject(
|
|
ctx.client,
|
|
error => {
|
|
expect(error).to.be.null
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow the owner privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'owner'
|
|
ctx.AuthorizationManager.assertClientCanViewProject(
|
|
ctx.client,
|
|
error => {
|
|
expect(error).to.be.null
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should return an error with any other privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'unknown'
|
|
ctx.AuthorizationManager.assertClientCanViewProject(
|
|
ctx.client,
|
|
error => {
|
|
error.message.should.equal('not authorized')
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('assertClientCanEditProject', () => {
|
|
it('should not allow the readOnly privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'readOnly'
|
|
ctx.AuthorizationManager.assertClientCanEditProject(
|
|
ctx.client,
|
|
error => {
|
|
error.message.should.equal('not authorized')
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow the readAndWrite privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'readAndWrite'
|
|
ctx.AuthorizationManager.assertClientCanEditProject(
|
|
ctx.client,
|
|
error => {
|
|
expect(error).to.be.null
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow the owner privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'owner'
|
|
ctx.AuthorizationManager.assertClientCanEditProject(
|
|
ctx.client,
|
|
error => {
|
|
expect(error).to.be.null
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should return an error with any other privilegeLevel', async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.client.ol_context.privilege_level = 'unknown'
|
|
ctx.AuthorizationManager.assertClientCanEditProject(
|
|
ctx.client,
|
|
error => {
|
|
error.message.should.equal('not authorized')
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
})
|
|
|
|
// check doc access for project
|
|
|
|
describe('assertClientCanViewProjectAndDoc', () => {
|
|
beforeEach(ctx => {
|
|
ctx.doc_id = '12345'
|
|
ctx.callback = sinon.stub()
|
|
ctx.client.ol_context = {}
|
|
})
|
|
|
|
describe('when not authorised at the project level', () => {
|
|
beforeEach(ctx => {
|
|
ctx.client.ol_context.privilege_level = 'unknown'
|
|
})
|
|
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanViewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
|
|
describe('even when authorised at the doc level', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanViewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('when authorised at the project level', () => {
|
|
beforeEach(ctx => {
|
|
ctx.client.ol_context.privilege_level = 'readOnly'
|
|
})
|
|
|
|
describe('and not authorised at the document level', () => {
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanViewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
|
|
describe('and authorised at the document level', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanViewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
ctx.callback
|
|
)
|
|
ctx.callback.calledWith(null).should.equal(true)
|
|
})
|
|
})
|
|
|
|
describe('when document authorisation is added and then removed', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
() => {
|
|
ctx.AuthorizationManager.removeAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should deny access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanViewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('assertClientCanEditProjectAndDoc', () => {
|
|
beforeEach(ctx => {
|
|
ctx.doc_id = '12345'
|
|
ctx.callback = sinon.stub()
|
|
ctx.client.ol_context = {}
|
|
})
|
|
|
|
describe('when not authorised at the project level', () => {
|
|
beforeEach(ctx => {
|
|
ctx.client.ol_context.privilege_level = 'readOnly'
|
|
})
|
|
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanEditProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
|
|
describe('even when authorised at the doc level', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanEditProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('when authorised at the project level', () => {
|
|
beforeEach(ctx => {
|
|
ctx.client.ol_context.privilege_level = 'readAndWrite'
|
|
})
|
|
|
|
describe('and not authorised at the document level', () => {
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanEditProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
|
|
describe('and authorised at the document level', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanEditProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
ctx.callback
|
|
)
|
|
ctx.callback.calledWith(null).should.equal(true)
|
|
})
|
|
})
|
|
|
|
describe('when document authorisation is added and then removed', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
() => {
|
|
ctx.AuthorizationManager.removeAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should deny access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanEditProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('assertClientCanReviewProjectAndDoc', () => {
|
|
beforeEach(ctx => {
|
|
ctx.doc_id = '12345'
|
|
ctx.callback = sinon.stub()
|
|
ctx.client.ol_context = {}
|
|
})
|
|
|
|
describe('when not authorised at the project level', () => {
|
|
beforeEach(ctx => {
|
|
ctx.client.ol_context.privilege_level = 'readOnly'
|
|
})
|
|
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanReviewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
|
|
describe('even when authorised at the doc level', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanReviewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
})
|
|
|
|
describe('when authorised at the project level', () => {
|
|
beforeEach(ctx => {
|
|
ctx.client.ol_context.privilege_level = 'review'
|
|
})
|
|
|
|
describe('and not authorised at the document level', () => {
|
|
it('should not allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanReviewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
|
|
describe('and authorised at the document level', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should allow access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanReviewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
ctx.callback
|
|
)
|
|
ctx.callback.calledWith(null).should.equal(true)
|
|
})
|
|
})
|
|
|
|
describe('when document authorisation is added and then removed', () => {
|
|
beforeEach(async ctx => {
|
|
await new Promise((resolve, reject) => {
|
|
ctx.AuthorizationManager.addAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
() => {
|
|
ctx.AuthorizationManager.removeAccessToDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => {
|
|
if (err) return reject(err)
|
|
resolve()
|
|
}
|
|
)
|
|
}
|
|
)
|
|
})
|
|
})
|
|
|
|
it('should deny access', ctx => {
|
|
ctx.AuthorizationManager.assertClientCanReviewProjectAndDoc(
|
|
ctx.client,
|
|
ctx.doc_id,
|
|
err => err.message.should.equal('not authorized')
|
|
)
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|