-
-
Notifications
You must be signed in to change notification settings - Fork 10k
/
api_db_spec.js
111 lines (103 loc) · 4.74 KB
/
api_db_spec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
var testUtils = require('../../utils'),
should = require('should'),
_ = require('lodash'),
dbAPI = require('../../../server/api/db'),
ModelTag = require('../../../server/models/tag'),
ModelPost = require('../../../server/models/post');
describe('DB API', function () {
// Keep the DB clean
before(testUtils.teardown);
afterEach(testUtils.teardown);
beforeEach(testUtils.setup('users:roles', 'settings', 'posts', 'subscriber', 'perms:db', 'perms:init'));
should.exist(dbAPI);
it('delete all content (owner)', function () {
return dbAPI.deleteAllContent(testUtils.context.owner).then(function (result) {
should.exist(result.db);
result.db.should.be.instanceof(Array);
result.db.should.be.empty();
}).then(function () {
return ModelTag.Tag.findAll(testUtils.context.owner).then(function (results) {
should.exist(results);
results.length.should.equal(0);
});
}).then(function () {
return ModelPost.Post.findAll(testUtils.context.owner).then(function (results) {
should.exist(results);
results.length.should.equal(0);
});
});
});
it('delete all content (admin)', function () {
return dbAPI.deleteAllContent(testUtils.context.admin).then(function (result) {
should.exist(result.db);
result.db.should.be.instanceof(Array);
result.db.should.be.empty();
}).then(function () {
return ModelTag.Tag.findAll(testUtils.context.admin).then(function (results) {
should.exist(results);
results.length.should.equal(0);
});
}).then(function () {
return ModelPost.Post.findAll(testUtils.context.admin).then(function (results) {
should.exist(results);
results.length.should.equal(0);
});
});
});
it('delete all content is denied (editor, author & without authentication)', function () {
return dbAPI.deleteAllContent(testUtils.context.editor).then(function () {
throw new Error('Delete all content is not denied for editor.');
}, function (error) {
error.errorType.should.eql('NoPermissionError');
return dbAPI.deleteAllContent(testUtils.context.author);
}).then(function () {
throw new Error('Delete all content is not denied for author.');
}, function (error) {
error.errorType.should.eql('NoPermissionError');
return dbAPI.deleteAllContent();
}).then(function () {
throw new Error('Delete all content is not denied without authentication.');
}).catch(function (error) {
error.errorType.should.eql('NoPermissionError');
});
});
it('export content is denied (editor, author & without authentication)', function () {
return dbAPI.exportContent(testUtils.context.editor).then(function () {
throw new Error('Export content is not denied for editor.');
}, function (error) {
error.errorType.should.eql('NoPermissionError');
return dbAPI.exportContent(testUtils.context.author);
}).then(function () {
throw new Error('Export content is not denied for author.');
}, function (error) {
error.errorType.should.eql('NoPermissionError');
return dbAPI.exportContent();
}).then(function () {
throw new Error('Export content is not denied without authentication.');
}).catch(function (error) {
error.errorType.should.eql('NoPermissionError');
});
});
it('import content is denied (editor, author & without authentication)', function () {
var file = {
originalname: 'myFile.json',
path: '/my/path/myFile.json',
mimetype: 'application/json'
};
return dbAPI.importContent(_.extend(testUtils.context.editor, file)).then(function () {
throw new Error('Import content is not denied for editor.');
}, function (error) {
error.errorType.should.eql('NoPermissionError');
return dbAPI.importContent(_.extend(testUtils.context.author, file));
}).then(function () {
throw new Error('Import content is not denied for author.');
}, function (error) {
error.errorType.should.eql('NoPermissionError');
return dbAPI.importContent(file);
}).then(function () {
throw new Error('Import content is not denied without authentication.');
}).catch(function (error) {
error.errorType.should.eql('NoPermissionError');
});
});
});