ghost/test/unit/services/permissions/public_spec.js

var should = require('should'),
    _ = require('lodash'),
    common = require('../../../../core/server/lib/common'),
    applyPublicRules = require('../../../../core/server/services/permissions/public');

describe('Permissions', function () {
    describe('applyPublicRules', function () {
        it('should return empty object for docName with no rules', function (done) {
            applyPublicRules('test', 'test', {}).then(function (result) {
                result.should.eql({});
                done();
            });
        });

        it('should return unchanged object for non-public context', function (done) {
            const internal = {context: 'internal'};
            const user = {context: {user: 1}};

            applyPublicRules('posts', 'browse', _.cloneDeep(internal)).then(function (result) {
                result.should.eql(internal);

                return applyPublicRules('posts', 'browse', _.cloneDeep(user));
            }).then(function (result) {
                result.should.eql(user);

                done();
            }).catch(done);
        });

        it('should return unchanged object for post with public context', function (done) {
            var publicContext = {context: {}};

            applyPublicRules('posts', 'browse', _.cloneDeep(publicContext)).then(function (result) {
                result.should.not.eql(publicContext);
                result.should.eql({
                    context: {},
                    status: 'published'
                });

                return applyPublicRules('posts', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'published'}));
            }).then(function (result) {
                result.should.eql({
                    context: {},
                    status: 'published'
                });

                done();
            }).catch(done);
        });

        it('should throw an error for draft post without uuid (read)', function (done) {
            var draft = {context: {}, data: {status: 'draft'}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof common.errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should throw an error for draft post (browse)', function (done) {
            var draft = {context: {}, status: 'draft'};

            applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof common.errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should permit post draft status with uuid (read)', function (done) {
            var draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd'}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
                result.should.eql(draft);
                done();
            }).catch(done);
        });

        it('should permit post all status with uuid (read)', function (done) {
            var draft = {context: {}, data: {status: 'all', uuid: '1234-abcd'}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {
                result.should.eql(draft);
                done();
            }).catch(done);
        });

        it('should NOT permit post draft status with uuid (browse)', function (done) {
            var draft = {context: {}, status: 'draft', uuid: '1234-abcd'};

            applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof common.errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should NOT permit post all status with uuid (browse)', function (done) {
            var draft = {context: {}, status: 'all', uuid: '1234-abcd'};

            applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof common.errors.NoPermissionError).should.eql(true);
                done();
            });
        });

        it('should throw an error for draft post with uuid and id or slug (read)', function (done) {
            var draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', id: 1}};

            applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
                done('Did not throw an error for draft');
            }).catch(function (err) {
                (err instanceof common.errors.NoPermissionError).should.eql(true);

                draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', slug: 'abcd'}};

                return applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {
                    done('Did not throw an error for draft');
                }).catch(function (err) {
                    (err instanceof common.errors.NoPermissionError).should.eql(true);
                    done();
                });
            });
        });

        it('should return unchanged object for user with public context', function (done) {
            var publicContext = {context: {}};

            applyPublicRules('users', 'browse', _.cloneDeep(publicContext)).then(function (result) {
                result.should.not.eql(publicContext);
                result.should.eql({
                    context: {},
                    status: 'all'
                });

                return applyPublicRules('users', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'active'}));
            }).then(function (result) {
                result.should.eql({
                    context: {},
                    status: 'active'
                });

                done();
            }).catch(done);
        });
    });
});
Removed old jshint/jscs rules refs https://github.com/TryGhost/Ghost/commit/bcf5a1bc3446864c036eab5454c612b9c3b00211 - leftovers 2018-06-02 21:48:23 +02:00			`var should = require('should'),`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00			`_ = require('lodash'),`
Move tests from core to root (#11700) - move all test files from core/test to test/ - updated all imports and other references - all code inside of core/ is then application code - tests are correctly at the root level - consistent with other repos/projects Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk> 2020-03-30 16:26:47 +01:00			`common = require('../../../../core/server/lib/common'),`
			`applyPublicRules = require('../../../../core/server/services/permissions/public');`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00
			`describe('Permissions', function () {`
			`describe('applyPublicRules', function () {`
			`it('should return empty object for docName with no rules', function (done) {`
			`applyPublicRules('test', 'test', {}).then(function (result) {`
			`result.should.eql({});`
			`done();`
			`});`
			`});`

			`it('should return unchanged object for non-public context', function (done) {`
Remove External Apps - Apps are marked as removed in 3.0, never officially launched and have been deprecated for at least 2 years. - We've slowly removed bits that got in our way or were insecure over time meaning they mostly didn't work - This cleans up the remainder of the logic - The tables should be cleaned up in a future major 2020-03-19 15:23:10 +00:00			`const internal = {context: 'internal'};`
			`const user = {context: {user: 1}};`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00
			`applyPublicRules('posts', 'browse', _.cloneDeep(internal)).then(function (result) {`
			`result.should.eql(internal);`

			`return applyPublicRules('posts', 'browse', _.cloneDeep(user));`
			`}).then(function (result) {`
			`result.should.eql(user);`

			`done();`
			`}).catch(done);`
			`});`

			`it('should return unchanged object for post with public context', function (done) {`
			`var publicContext = {context: {}};`

			`applyPublicRules('posts', 'browse', _.cloneDeep(publicContext)).then(function (result) {`
			`result.should.not.eql(publicContext);`
			`result.should.eql({`
			`context: {},`
			`status: 'published'`
			`});`

			`return applyPublicRules('posts', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'published'}));`
			`}).then(function (result) {`
			`result.should.eql({`
			`context: {},`
			`status: 'published'`
			`});`

			`done();`
			`}).catch(done);`
			`});`

			`it('should throw an error for draft post without uuid (read)', function (done) {`
			`var draft = {context: {}, data: {status: 'draft'}};`

			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-11 22:47:46 +01:00			`(err instanceof common.errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00			`done();`
			`});`
			`});`

			`it('should throw an error for draft post (browse)', function (done) {`
			`var draft = {context: {}, status: 'draft'};`

			`applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-11 22:47:46 +01:00			`(err instanceof common.errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00			`done();`
			`});`
			`});`

			`it('should permit post draft status with uuid (read)', function (done) {`
			`var draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd'}};`

			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {`
			`result.should.eql(draft);`
			`done();`
			`}).catch(done);`
			`});`

			`it('should permit post all status with uuid (read)', function (done) {`
			`var draft = {context: {}, data: {status: 'all', uuid: '1234-abcd'}};`

			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function (result) {`
			`result.should.eql(draft);`
			`done();`
			`}).catch(done);`
			`});`

			`it('should NOT permit post draft status with uuid (browse)', function (done) {`
			`var draft = {context: {}, status: 'draft', uuid: '1234-abcd'};`

			`applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-11 22:47:46 +01:00			`(err instanceof common.errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00			`done();`
			`});`
			`});`

			`it('should NOT permit post all status with uuid (browse)', function (done) {`
			`var draft = {context: {}, status: 'all', uuid: '1234-abcd'};`

			`applyPublicRules('posts', 'browse', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-11 22:47:46 +01:00			`(err instanceof common.errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00			`done();`
			`});`
			`});`

			`it('should throw an error for draft post with uuid and id or slug (read)', function (done) {`
			`var draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', id: 1}};`

			`applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-11 22:47:46 +01:00			`(err instanceof common.errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00
			`draft = {context: {}, data: {status: 'draft', uuid: '1234-abcd', slug: 'abcd'}};`

			`return applyPublicRules('posts', 'read', _.cloneDeep(draft)).then(function () {`
			`done('Did not throw an error for draft');`
			`}).catch(function (err) {`
Import lib/common only refs #9178 - avoid importing 4 modules (logging, errors, events and i18n) - simply require common in each file 2017-12-11 22:47:46 +01:00			`(err instanceof common.errors.NoPermissionError).should.eql(true);`
Permissions: code cleanup & basic unit tests (#9037) refs #9043 - Split public-related and context code into logical components - Split tests up to match - Ensure we have 100% unit test coverage - General cleanup 2017-09-25 10:17:06 +01:00			`done();`
			`});`
			`});`
			`});`

			`it('should return unchanged object for user with public context', function (done) {`
			`var publicContext = {context: {}};`

			`applyPublicRules('users', 'browse', _.cloneDeep(publicContext)).then(function (result) {`
			`result.should.not.eql(publicContext);`
			`result.should.eql({`
			`context: {},`
			`status: 'all'`
			`});`

			`return applyPublicRules('users', 'browse', _.extend({}, _.cloneDeep(publicContext), {status: 'active'}));`
			`}).then(function (result) {`
			`result.should.eql({`
			`context: {},`
			`status: 'active'`
			`});`

			`done();`
			`}).catch(done);`
			`});`
			`});`
			`});`