Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-03 23:00:14 -05:00
Code Issues Activity

Added and fixed permission tests

Browse source 
- fixed test for db functions
- added tests for different users
This commit is contained in:
Sebastian Gierlinger 2014-04-10 17:56:56 +02:00
parent e47e9c62d0
commit da3630071a
4 changed files with 157 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
core/test/integration/api/api_db_spec.js
View file

@ -18,13 +18,15 @@ describe('DB API', function () {
}); });
beforeEach(function (done) { beforeEach(function (done) {
testUtils.initData() testUtils.initData().then(function () {
.then(function () { return testUtils.insertDefaultFixtures();
return testUtils.insertDefaultFixtures(); }).then(function () {
}) return testUtils.insertEditorUser();
.then(function () { }).then(function () {
done(); return testUtils.insertAuthorUser();
}, done); }).then(function () {
done();
}, done);
}); });
afterEach(function (done) { afterEach(function (done) {
@ -35,7 +37,7 @@ describe('DB API', function () {
it('delete all content', function (done) { it('delete all content', function (done) {
permissions.init().then(function () { permissions.init().then(function () {
return dbAPI.deleteAllContent(); return dbAPI.deleteAllContent.call({user: 1});
}).then(function (result){ }).then(function (result){
should.exist(result.message); should.exist(result.message);
result.message.should.equal('Successfully deleted all content from your blog.') result.message.should.equal('Successfully deleted all content from your blog.')
@ -50,8 +52,71 @@ describe('DB API', function () {
results.posts.length.should.equal(0); results.posts.length.should.equal(0);
done(); done();
}); });
}).otherwise(function () { }).otherwise(function (error) {
done() done(new Error(JSON.stringify(error)));
});
});
it('delete all content is denied', function (done) {
permissions.init().then(function () {
return dbAPI.deleteAllContent.call({user: 2});
}).then(function (){
done(new Error("Delete all content is not denied for editor."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.deleteAllContent.call({user: 3});
}).then(function (){
done(new Error("Delete all content is not denied for author."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.deleteAllContent();
}).then(function (){
done(new Error("Delete all content is not denied without authentication."));
}, function (error) {
error.code.should.eql(403);
done();
});
});
it('export content is denied', function (done) {
permissions.init().then(function () {
return dbAPI.exportContent.call({user: 2});
}).then(function (){
done(new Error("Export content is not denied for editor."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.exportContent.call({user: 3});
}).then(function (){
done(new Error("Export content is not denied for author."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.exportContent();
}).then(function (){
done(new Error("Export content is not denied without authentication."));
}, function (error) {
error.code.should.eql(403);
done();
});
});
it('import content is denied', function (done) {
permissions.init().then(function () {
return dbAPI.importContent.call({user: 2});
}).then(function (result){
done(new Error("Import content is not denied for editor."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.importContent.call({user: 3});
}).then(function (result){
done(new Error("Import content is not denied for author."));
}, function (error) {
error.code.should.eql(403);
return dbAPI.importContent();
}).then(function (result){
done(new Error("Import content is not denied without authentication."));
}, function (error) {
error.code.should.eql(403);
done();
}); });
}); });
}); });

4
core/test/integration/api/api_posts_spec.js
View file

@ -30,7 +30,7 @@ describe('Post API', function () {
}, done); }, done);
}); });
it('can browse', function (done) { it('browse', function (done) {
PostAPI.browse().then(function (results) { PostAPI.browse().then(function (results) {
should.exist(results); should.exist(results);
testUtils.API.checkResponse(results, 'posts'); testUtils.API.checkResponse(results, 'posts');
@ -41,7 +41,7 @@ describe('Post API', function () {
}).then(null, done); }).then(null, done);
}); });
it('can read', function (done) { it('read', function (done) {
var firstPost; var firstPost;
PostAPI.browse().then(function (results) { PostAPI.browse().then(function (results) {

83
core/test/integration/api/api_users_spec.js
View file

@ -16,13 +16,15 @@ describe('Users API', function () {
}); });
beforeEach(function (done) { beforeEach(function (done) {
testUtils.initData() testUtils.initData().then(function () {
.then(function () { return testUtils.insertDefaultFixtures();
return testUtils.insertDefaultFixtures(); }).then(function () {
}) return testUtils.insertEditorUser();
.then(function () { }).then(function () {
done(); return testUtils.insertAuthorUser();
}, done); }).then(function () {
done();
}, done);
}); });
afterEach(function (done) { afterEach(function (done) {
@ -31,16 +33,77 @@ describe('Users API', function () {
}, done); }, done);
}); });
it('can browse', function (done) { it('browse', function (done) {
permissions.init().then(function () { permissions.init().then(function () {
return UsersAPI.browse.call({user:1}) return UsersAPI.browse.call({user: 1});
}).then(function (results) {
should.exist(results);
results.length.should.be.above(0);
testUtils.API.checkResponse(results[0], 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.browse.call({user: 2});
}).then(function (results) {
should.exist(results);
results.length.should.be.above(0);
testUtils.API.checkResponse(results[0], 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.browse.call({user: 3});
}).then(function (results) { }).then(function (results) {
should.exist(results); should.exist(results);
results.length.should.be.above(0); results.length.should.be.above(0);
testUtils.API.checkResponse(results[0], 'user'); testUtils.API.checkResponse(results[0], 'user');
done(); done();
}).otherwise(function () { }, function (error) {
done(new Error(JSON.stringify(error)));
})
});
it('browse denied', function (done) {
permissions.init().then(function () {
return UsersAPI.browse();
}).then(function (results) {
done(new Error("Browse user is not denied without authentication."));
}, function () {
done(); done();
}); });
}); });
it('read', function (done) {
permissions.init().then(function () {
return UsersAPI.read.call({user: 1}, {id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.read.call({user: 2}, {id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.read.call({user: 3}, {id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
}, function (error) {
done(new Error(JSON.stringify(error)));
}).then(function () {
return UsersAPI.read({id: 1});
}).then(function (result) {
should.exist(result);
result.id.should.eql(1);
testUtils.API.checkResponse(result, 'user');
done();
}, function (error) {
done(new Error(JSON.stringify(error)));
});
});
}); });

14
core/test/utils/index.js
View file

@ -104,7 +104,7 @@ function insertEditorUser() {
userRoles = []; userRoles = [];
users.push(DataGenerator.forKnex.createUser(DataGenerator.Content.users[1])); users.push(DataGenerator.forKnex.createUser(DataGenerator.Content.users[1]));
userRoles.push(DataGenerator.forKnex.createUserRole(1, 2)); userRoles.push(DataGenerator.forKnex.createUserRole(2, 2));
return knex('users') return knex('users')
.insert(users) .insert(users)
.then(function () { .then(function () {
@ -117,7 +117,7 @@ function insertAuthorUser() {
userRoles = []; userRoles = [];
users.push(DataGenerator.forKnex.createUser(DataGenerator.Content.users[2])); users.push(DataGenerator.forKnex.createUser(DataGenerator.Content.users[2]));
userRoles.push(DataGenerator.forKnex.createUserRole(1, 3)); userRoles.push(DataGenerator.forKnex.createUserRole(3, 3));
return knex('users') return knex('users')
.insert(users) .insert(users)
.then(function () { .then(function () {
@ -186,11 +186,11 @@ function insertAppWithFields() {
function insertDefaultFixtures() { function insertDefaultFixtures() {
return when(insertDefaultUser().then(function () { return insertDefaultUser().then(function () {
return insertPosts().then(function () { return insertPosts()
return insertApps(); }).then(function () {
}); return insertApps();
})); });
} }
function loadExportFixture(filename) { function loadExportFixture(filename) {