mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-20 02:05:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move permission update functions to permissions controller

Browse source 
Signed-off-by: Yannick Bungers <git@innay.de>
This commit is contained in:
Yannick Bungers 2022-02-06 23:37:38 +01:00 committed by Yannick Bungers
parent e1e3138561
commit 70d7ca5475
6 changed files with 888 additions and 865 deletions
Download patch file Download diff file Expand all files Collapse all files

538
src/notes/notes.service.spec.ts
View file

@ -16,7 +16,6 @@ import {
AlreadyInDBError,
ForbiddenIdError,
NotInDBError,
PermissionsUpdateInconsistentError,
} from '../errors/errors';
import { Group } from '../groups/group.entity';
import { GroupsModule } from '../groups/groups.module';
@ -32,10 +31,6 @@ import { User } from '../users/user.entity';
import { UsersModule } from '../users/users.module';
import { Alias } from './alias.entity';
import { AliasService } from './alias.service';
import {
NoteGroupPermissionUpdateDto,
NoteUserPermissionUpdateDto,
} from './note-permissions.dto';
import { Note } from './note.entity';
import { NotesService } from './notes.service';
import { Tag } from './tag.entity';
@ -45,7 +40,6 @@ describe('NotesService', () => {
let noteRepo: Repository<Note>;
let revisionRepo: Repository<Revision>;
let userRepo: Repository<User>;
let groupRepo: Repository<Group>;
let forbiddenNoteId: string;
beforeEach(async () => {
@ -122,8 +116,6 @@ describe('NotesService', () => {
revisionRepo = module.get<Repository<Revision>>(
getRepositoryToken(Revision),
);
userRepo = module.get<Repository<User>>(getRepositoryToken(User));
groupRepo = module.get<Repository<Group>>(getRepositoryToken(Group));
});
it('should be defined', () => {
@ -357,536 +349,6 @@ describe('NotesService', () => {
});
});
describe('updateNotePermissions', () => {
const userPermissionUpdate = new NoteUserPermissionUpdateDto();
userPermissionUpdate.username = 'hardcoded';
userPermissionUpdate.canEdit = true;
const groupPermissionUpate = new NoteGroupPermissionUpdateDto();
groupPermissionUpate.groupName = 'testGroup';
groupPermissionUpate.canEdit = false;
const user = User.create(userPermissionUpdate.username, 'Testy') as User;
const group = Group.create(
groupPermissionUpate.groupName,
groupPermissionUpate.groupName,
false,
) as Group;
const note = Note.create(user) as Note;
describe('works', () => {
it('with empty GroupPermissions and with empty UserPermissions', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const savedNote = await service.updateNotePermissions(note, {
sharedToUsers: [],
sharedToGroups: [],
});
expect(await savedNote.userPermissions).toHaveLength(0);
expect(await savedNote.groupPermissions).toHaveLength(0);
});
it('with empty GroupPermissions and with new UserPermissions', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce(user);
const savedNote = await service.updateNotePermissions(note, {
sharedToUsers: [userPermissionUpdate],
sharedToGroups: [],
});
expect(await savedNote.userPermissions).toHaveLength(1);
expect((await savedNote.userPermissions)[0].user.username).toEqual(
userPermissionUpdate.username,
);
expect((await savedNote.userPermissions)[0].canEdit).toEqual(
userPermissionUpdate.canEdit,
);
expect(await savedNote.groupPermissions).toHaveLength(0);
});
it('with empty GroupPermissions and with existing UserPermissions', async () => {
const noteWithPreexistingPermissions: Note = { ...note };
noteWithPreexistingPermissions.userPermissions = Promise.resolve([
{
note: noteWithPreexistingPermissions,
user: user,
canEdit: !userPermissionUpdate.canEdit,
},
]);
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce(user);
const savedNote = await service.updateNotePermissions(note, {
sharedToUsers: [userPermissionUpdate],
sharedToGroups: [],
});
expect(await savedNote.userPermissions).toHaveLength(1);
expect((await savedNote.userPermissions)[0].user.username).toEqual(
userPermissionUpdate.username,
);
expect((await savedNote.userPermissions)[0].canEdit).toEqual(
userPermissionUpdate.canEdit,
);
expect(await savedNote.groupPermissions).toHaveLength(0);
});
it('with new GroupPermissions and with empty UserPermissions', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
jest.spyOn(groupRepo, 'findOne').mockResolvedValueOnce(group);
const savedNote = await service.updateNotePermissions(note, {
sharedToUsers: [],
sharedToGroups: [groupPermissionUpate],
});
expect(await savedNote.userPermissions).toHaveLength(0);
expect((await savedNote.groupPermissions)[0].group.name).toEqual(
groupPermissionUpate.groupName,
);
expect((await savedNote.groupPermissions)[0].canEdit).toEqual(
groupPermissionUpate.canEdit,
);
});
it('with new GroupPermissions and with new UserPermissions', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce(user);
jest.spyOn(groupRepo, 'findOne').mockResolvedValueOnce(group);
const savedNote = await service.updateNotePermissions(note, {
sharedToUsers: [userPermissionUpdate],
sharedToGroups: [groupPermissionUpate],
});
expect((await savedNote.userPermissions)[0].user.username).toEqual(
userPermissionUpdate.username,
);
expect((await savedNote.userPermissions)[0].canEdit).toEqual(
userPermissionUpdate.canEdit,
);
expect((await savedNote.groupPermissions)[0].group.name).toEqual(
groupPermissionUpate.groupName,
);
expect((await savedNote.groupPermissions)[0].canEdit).toEqual(
groupPermissionUpate.canEdit,
);
});
it('with new GroupPermissions and with existing UserPermissions', async () => {
const noteWithUserPermission: Note = { ...note };
noteWithUserPermission.userPermissions = Promise.resolve([
{
note: noteWithUserPermission,
user: user,
canEdit: !userPermissionUpdate.canEdit,
},
]);
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce(user);
jest.spyOn(groupRepo, 'findOne').mockResolvedValueOnce(group);
const savedNote = await service.updateNotePermissions(
noteWithUserPermission,
{
sharedToUsers: [userPermissionUpdate],
sharedToGroups: [groupPermissionUpate],
},
);
expect((await savedNote.userPermissions)[0].user.username).toEqual(
userPermissionUpdate.username,
);
expect((await savedNote.userPermissions)[0].canEdit).toEqual(
userPermissionUpdate.canEdit,
);
expect((await savedNote.groupPermissions)[0].group.name).toEqual(
groupPermissionUpate.groupName,
);
expect((await savedNote.groupPermissions)[0].canEdit).toEqual(
groupPermissionUpate.canEdit,
);
});
it('with existing GroupPermissions and with empty UserPermissions', async () => {
const noteWithPreexistingPermissions: Note = { ...note };
noteWithPreexistingPermissions.groupPermissions = Promise.resolve([
{
note: noteWithPreexistingPermissions,
group: group,
canEdit: !groupPermissionUpate.canEdit,
},
]);
jest.spyOn(groupRepo, 'findOne').mockResolvedValueOnce(group);
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const savedNote = await service.updateNotePermissions(
noteWithPreexistingPermissions,
{
sharedToUsers: [],
sharedToGroups: [groupPermissionUpate],
},
);
expect(await savedNote.userPermissions).toHaveLength(0);
expect((await savedNote.groupPermissions)[0].group.name).toEqual(
groupPermissionUpate.groupName,
);
expect((await savedNote.groupPermissions)[0].canEdit).toEqual(
groupPermissionUpate.canEdit,
);
});
it('with existing GroupPermissions and with new UserPermissions', async () => {
const noteWithPreexistingPermissions: Note = { ...note };
noteWithPreexistingPermissions.groupPermissions = Promise.resolve([
{
note: noteWithPreexistingPermissions,
group: group,
canEdit: !groupPermissionUpate.canEdit,
},
]);
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce(user);
jest.spyOn(groupRepo, 'findOne').mockResolvedValueOnce(group);
const savedNote = await service.updateNotePermissions(
noteWithPreexistingPermissions,
{
sharedToUsers: [userPermissionUpdate],
sharedToGroups: [groupPermissionUpate],
},
);
expect((await savedNote.userPermissions)[0].user.username).toEqual(
userPermissionUpdate.username,
);
expect((await savedNote.userPermissions)[0].canEdit).toEqual(
userPermissionUpdate.canEdit,
);
expect((await savedNote.groupPermissions)[0].group.name).toEqual(
groupPermissionUpate.groupName,
);
expect((await savedNote.groupPermissions)[0].canEdit).toEqual(
groupPermissionUpate.canEdit,
);
});
it('with existing GroupPermissions and with existing UserPermissions', async () => {
const noteWithPreexistingPermissions: Note = { ...note };
noteWithPreexistingPermissions.groupPermissions = Promise.resolve([
{
note: noteWithPreexistingPermissions,
group: group,
canEdit: !groupPermissionUpate.canEdit,
},
]);
noteWithPreexistingPermissions.userPermissions = Promise.resolve([
{
note: noteWithPreexistingPermissions,
user: user,
canEdit: !userPermissionUpdate.canEdit,
},
]);
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
jest.spyOn(userRepo, 'findOne').mockResolvedValueOnce(user);
jest.spyOn(groupRepo, 'findOne').mockResolvedValueOnce(group);
const savedNote = await service.updateNotePermissions(
noteWithPreexistingPermissions,
{
sharedToUsers: [userPermissionUpdate],
sharedToGroups: [groupPermissionUpate],
},
);
expect((await savedNote.userPermissions)[0].user.username).toEqual(
userPermissionUpdate.username,
);
expect((await savedNote.userPermissions)[0].canEdit).toEqual(
userPermissionUpdate.canEdit,
);
expect((await savedNote.groupPermissions)[0].group.name).toEqual(
groupPermissionUpate.groupName,
);
expect((await savedNote.groupPermissions)[0].canEdit).toEqual(
groupPermissionUpate.canEdit,
);
});
});
describe('fails:', () => {
it('userPermissions has duplicate entries', async () => {
await expect(
service.updateNotePermissions(note, {
sharedToUsers: [userPermissionUpdate, userPermissionUpdate],
sharedToGroups: [],
}),
).rejects.toThrow(PermissionsUpdateInconsistentError);
});
it('groupPermissions has duplicate entries', async () => {
await expect(
service.updateNotePermissions(note, {
sharedToUsers: [],
sharedToGroups: [groupPermissionUpate, groupPermissionUpate],
}),
).rejects.toThrow(PermissionsUpdateInconsistentError);
});
it('userPermissions and groupPermissions have duplicate entries', async () => {
await expect(
service.updateNotePermissions(note, {
sharedToUsers: [userPermissionUpdate, userPermissionUpdate],
sharedToGroups: [groupPermissionUpate, groupPermissionUpate],
}),
).rejects.toThrow(PermissionsUpdateInconsistentError);
});
});
});
describe('setUserPermission', () => {
describe('works', () => {
it('with user not added before and editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const user = User.create('test', 'Testy') as User;
const resultNote = await service.setUserPermission(note, user, true);
const noteUserPermission = NoteUserPermission.create(user, note, true);
expect((await resultNote.userPermissions)[0]).toStrictEqual(
noteUserPermission,
);
});
it('with user not added before and not editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const user = User.create('test', 'Testy') as User;
const resultNote = await service.setUserPermission(note, user, false);
const noteUserPermission = NoteUserPermission.create(user, note, false);
expect((await resultNote.userPermissions)[0]).toStrictEqual(
noteUserPermission,
);
});
it('with user added before and editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const user = User.create('test', 'Testy') as User;
note.userPermissions = Promise.resolve([
NoteUserPermission.create(user, note, false),
]);
const resultNote = await service.setUserPermission(note, user, true);
const noteUserPermission = NoteUserPermission.create(user, note, true);
expect((await resultNote.userPermissions)[0]).toStrictEqual(
noteUserPermission,
);
});
it('with user added before and not editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const user = User.create('test', 'Testy') as User;
note.userPermissions = Promise.resolve([
NoteUserPermission.create(user, note, true),
]);
const resultNote = await service.setUserPermission(note, user, false);
const noteUserPermission = NoteUserPermission.create(user, note, false);
expect((await resultNote.userPermissions)[0]).toStrictEqual(
noteUserPermission,
);
});
});
});
describe('removeUserPermission', () => {
describe('works', () => {
it('with user added before and editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const user = User.create('test', 'Testy') as User;
note.userPermissions = Promise.resolve([
NoteUserPermission.create(user, note, true),
]);
const resultNote = await service.removeUserPermission(note, user);
expect((await resultNote.userPermissions).length).toStrictEqual(0);
});
it('with user not added before and not editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const user = User.create('test', 'Testy') as User;
note.userPermissions = Promise.resolve([
NoteUserPermission.create(user, note, false),
]);
const resultNote = await service.removeUserPermission(note, user);
expect((await resultNote.userPermissions).length).toStrictEqual(0);
});
});
});
describe('setGroupPermission', () => {
describe('works', () => {
it('with group not added before and editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const group = Group.create('test', 'Testy', false) as Group;
const resultNote = await service.setGroupPermission(note, group, true);
const noteGroupPermission = NoteGroupPermission.create(
group,
note,
true,
);
expect((await resultNote.groupPermissions)[0]).toStrictEqual(
noteGroupPermission,
);
});
it('with group not added before and not editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const group = Group.create('test', 'Testy', false) as Group;
const resultNote = await service.setGroupPermission(note, group, false);
const noteGroupPermission = NoteGroupPermission.create(
group,
note,
false,
);
expect((await resultNote.groupPermissions)[0]).toStrictEqual(
noteGroupPermission,
);
});
it('with group added before and editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const group = Group.create('test', 'Testy', false) as Group;
note.groupPermissions = Promise.resolve([
NoteGroupPermission.create(group, note, false),
]);
const resultNote = await service.setGroupPermission(note, group, true);
const noteGroupPermission = NoteGroupPermission.create(
group,
note,
true,
);
expect((await resultNote.groupPermissions)[0]).toStrictEqual(
noteGroupPermission,
);
});
it('with group added before and not editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const group = Group.create('test', 'Testy', false) as Group;
note.groupPermissions = Promise.resolve([
NoteGroupPermission.create(group, note, true),
]);
const resultNote = await service.setGroupPermission(note, group, false);
const noteGroupPermission = NoteGroupPermission.create(
group,
note,
false,
);
expect((await resultNote.groupPermissions)[0]).toStrictEqual(
noteGroupPermission,
);
});
});
});
describe('removeGroupPermission', () => {
describe('works', () => {
it('with user added before and editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const group = Group.create('test', 'Testy', false) as Group;
note.groupPermissions = Promise.resolve([
NoteGroupPermission.create(group, note, true),
]);
const resultNote = await service.removeGroupPermission(note, group);
expect((await resultNote.groupPermissions).length).toStrictEqual(0);
});
it('with user not added before and not editable', async () => {
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const note = Note.create(null) as Note;
const group = Group.create('test', 'Testy', false) as Group;
note.groupPermissions = Promise.resolve([
NoteGroupPermission.create(group, note, false),
]);
const resultNote = await service.removeGroupPermission(note, group);
expect((await resultNote.groupPermissions).length).toStrictEqual(0);
});
});
});
describe('changeOwner', () => {
it('works', async () => {
const note = Note.create(null) as Note;
const user = User.create('test', 'Testy') as User;
jest
.spyOn(noteRepo, 'save')
.mockImplementationOnce(async (entry: Note) => {
return entry;
});
const resultNote = await service.changeOwner(note, user);
expect(await resultNote.owner).toStrictEqual(user);
});
});
describe('toTagList', () => {
it('works', async () => {
const note = {} as Note;