Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

Added and fixed permission tests

Browse source 
- fixed test for db functions
- added tests for different users
This commit is contained in:
Sebastian Gierlinger 2014-04-10 17:56:56 +02:00
parent e47e9c62d0
commit da3630071a
4 changed files with 157 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
core/test/integration/api/api_db_spec.js
View file

@ -18,13 +18,15 @@ describe('DB API', function () {
});
beforeEach(function (done) {
testUtils.initData()
.then(function () {
return testUtils.insertDefaultFixtures();
})
.then(function () {
done();
}, done);
testUtils.initData().then(function () {
return testUtils.insertDefaultFixtures();
}).then(function () {
return testUtils.insertEditorUser();
}).then(function () {
return testUtils.insertAuthorUser();
}).then(function () {
done();
}, done);
});
afterEach(function (done) {
@ -35,7 +37,7 @@ describe('DB API', function () {
it('delete all content', function (done) {
permissions.init().then(function () {
return dbAPI.deleteAllContent();
return dbAPI.deleteAllContent.call({user: 1});
}).then(function (result){
should.exist(result.message);
result.message.should.equal('Successfully deleted all content from your blog.')
@ -50,8 +52,71 @@ describe('DB API', function () {
results.posts.length.should.equal(0);
done();
});
}).otherwise(function () {
done()
}).otherwise(function (error) {
done(new Error(JSON.stringify(error)));
});
});
it('delete all content is denied', function (done) {
permissions.init().then(function () {
return dbAPI.deleteAllContent.call({user: 2});
}).then(function (){
done(new Error("Delete all content is not denied for editor."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.deleteAllContent.call({user: 3});
}).then(function (){
done(new Error("Delete all content is not denied for author."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.deleteAllContent();
}).then(function (){
done(new Error("Delete all content is not denied without authentication."));
}, function (error) {
error.code.should.eql(403);
done();
});
});
it('export content is denied', function (done) {
permissions.init().then(function () {
return dbAPI.exportContent.call({user: 2});
}).then(function (){
done(new Error("Export content is not denied for editor."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.exportContent.call({user: 3});
}).then(function (){
done(new Error("Export content is not denied for author."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.exportContent();
}).then(function (){
done(new Error("Export content is not denied without authentication."));
}, function (error) {
error.code.should.eql(403);
done();
});
});
it('import content is denied', function (done) {
permissions.init().then(function () {
return dbAPI.importContent.call({user: 2});
}).then(function (result){
done(new Error("Import content is not denied for editor."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.importContent.call({user: 3});
}).then(function (result){
done(new Error("Import content is not denied for author."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.importContent();
}).then(function (result){
done(new Error("Import content is not denied without authentication."));
}, function (error) {
error.code.should.eql(403);
done();
});
});
});

4
core/test/integration/api/api_posts_spec.js
View file

@ -30,7 +30,7 @@ describe('Post API', function () {
}, done);
});
it('can browse', function (done) {
it('browse', function (done) {
PostAPI.browse().then(function (results) {
should.exist(results);
testUtils.API.checkResponse(results, 'posts');
@ -41,7 +41,7 @@ describe('Post API', function () {
}).then(null, done);
});
it('can read', function (done) {
it('read', function (done) {
var firstPost;
PostAPI.browse().then(function (results) {

83
core/test/integration/api/api_users_spec.js
View file

@ -16,13 +16,15 @@ describe('Users API', function () {
});
beforeEach(function (done) {
testUtils.initData()
.then(function () {
return testUtils.insertDefaultFixtures();
})
.then(function () {
done();
}, done);
testUtils.initData().then(function () {
return testUtils.insertDefaultFixtures();
}).then(function () {
return testUtils.insertEditorUser();
}).then(function () {
return testUtils.insertAuthorUser();
}).then(function () {
done();
}, done);
});
afterEach(function (done) {
@ -31,16 +33,77 @@ describe('Users API', function () {
}, done);
});
it('can browse', function (done) {
it('browse', function (done) {
permissions.init().then(function () {
return UsersAPI.browse.call({user:1})
return UsersAPI.browse.call({user: 1});
}).then(function (results) {
should.exist(results);
results.length.should.be.above(0);
testUtils.API.checkResponse(results[0], 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.browse.call({user: 2});
}).then(function (results) {
should.exist(results);
results.length.should.be.above(0);
testUtils.API.checkResponse(results[0], 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.browse.call({user: 3});
}).then(function (results) {
should.exist(results);
results.length.should.be.above(0);
testUtils.API.checkResponse(results[0], 'user');
done();
}).otherwise(function () {
}, function (error) {
done(new Error(JSON.stringify(error)));
})
});
it('browse denied', function (done) {
permissions.init().then(function () {
return UsersAPI.browse();
}).then(function (results) {
done(new Error("Browse user is not denied without authentication."));
}, function () {
done();
});
});
it('read', function (done) {
permissions.init().then(function () {
return UsersAPI.read.call({user: 1}, {id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.read.call({user: 2}, {id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.read.call({user: 3}, {id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.read({id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
done();
}, function (error) {
done(new Error(JSON.stringify(error)));
});
});
});

14
core/test/utils/index.js
View file

@ -104,7 +104,7 @@ function insertEditorUser() {
userRoles = [];
users.push(DataGenerator.forKnex.createUser(DataGenerator.Content.users[1]));
userRoles.push(DataGenerator.forKnex.createUserRole(1, 2));
userRoles.push(DataGenerator.forKnex.createUserRole(2, 2));
return knex('users')
.insert(users)
.then(function () {
@ -117,7 +117,7 @@ function insertAuthorUser() {
userRoles = [];
users.push(DataGenerator.forKnex.createUser(DataGenerator.Content.users[2]));
userRoles.push(DataGenerator.forKnex.createUserRole(1, 3));
userRoles.push(DataGenerator.forKnex.createUserRole(3, 3));
return knex('users')
.insert(users)
.then(function () {
@ -186,11 +186,11 @@ function insertAppWithFields() {
function insertDefaultFixtures() {
return when(insertDefaultUser().then(function () {
return insertPosts().then(function () {
return insertApps();
});
}));
return insertDefaultUser().then(function () {
return insertPosts()
}).then(function () {
return insertApps();
});
}
function loadExportFixture(filename) {