Merge 8a372c7 into 4fdcbc5

afontainec · Feb 6, 2020 · 69ffb09 · 69ffb09
2 parents 4fdcbc5 + 8a372c7
commit 69ffb09
Show file tree

Hide file tree

Showing 5 changed files with 209 additions and 0 deletions.
diff --git a/models/access.js b/models/access.js
@@ -62,6 +62,19 @@ const addAccessibleToSearch = (search, access, tableName, key) => {
   return search;
 };
 
+const hasAccessTo = (user, to, filterId) => {
+  if (!user || !user.access || !to) return false;
+  const { access } = user;
+  if (hasAccessToAll(user, to)) return true;
+  const roles = RESTRICTED_ROLES[to];
+  for (let i = 0; i < access.length; i++) {
+    if (codemaster.utils.Array.contains(roles, access[i].role)) {
+      if (access[i].filter.toString() === filterId.toString()) return true;
+    }
+  }
+  return false;
+};
+
 
 module.exports = {
   isAdmin,
@@ -70,4 +83,5 @@ module.exports = {
   accessiblesIds,
   find,
   addAccessibleToSearch,
+  hasAccessTo,
 };
diff --git a/test/models/access/accessiblesIds.js b/test/models/access/accessiblesIds.js
@@ -0,0 +1,39 @@
+// During the test the env variable is set to test
+process.env.NODE_ENV = 'test';
+
+// Require the dev-dependencies
+const chai = require('chai');
+const { Access } = require('../../../index');
+
+const { assert } = chai;
+
+
+// Our parent block
+describe('MODELS: ACCESS.accessiblesIds', () => { // eslint-disable-line
+
+  it('access is undef', (done) => { // eslint-disable-line
+    const result = Access.accessiblesIds(null, 'places');
+    assert.deepEqual(result, []);
+    done();
+  });
+
+  it('to is undef', (done) => { // eslint-disable-line
+    const result = Access.accessiblesIds([]);
+    assert.deepEqual(result, []);
+    done();
+  });
+
+  it('to does not have restricted_roles', (done) => { // eslint-disable-line
+    const result = Access.accessiblesIds([], 'other');
+    assert.deepEqual(result, []);
+    done();
+  });
+
+  it('Happy path', (done) => { // eslint-disable-line
+    const access = [{ role: 'other', filter: 66 }, { role: 'venueOwner', filter: 1 }, { role: 'venueOwner', filter: 2 }];
+    const result = Access.accessiblesIds(access, 'places');
+    assert.deepEqual(result, [1, 2]);
+    done();
+  });
+
+});
diff --git a/test/models/access/hasAccessTo.js b/test/models/access/hasAccessTo.js
@@ -0,0 +1,62 @@
+// During the test the env variable is set to test
+process.env.NODE_ENV = 'test';
+
+// Require the dev-dependencies
+const chai = require('chai');
+const { Access } = require('../../../index');
+
+const { assert } = chai;
+
+
+// Our parent block
+describe('MODELS: ACCESS hasAccessTo', () => { // eslint-disable-line
+
+  it('user is undef', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo(null, 'places', 1);
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('user.access is undef', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo({}, 'places', 1);
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('to is undef', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo({ access: [] });
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('user has access to all', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo({ access: [{ role: 'admin' }] }, 'places', 66);
+    assert.isTrue(bool);
+    done();
+  });
+
+  it('user has restricted access: both ints', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo({ access: [{ role: 'venueOwner', filter: 66 }] }, 'places', 66);
+    assert.isTrue(bool);
+    done();
+  });
+
+  it('user has restricted access: one as int the other as string', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo({ access: [{ role: 'venueOwner', filter: '66' }] }, 'places', 66);
+    assert.isTrue(bool);
+    done();
+  });
+
+  it('user does have restricted access but with different filter', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo({ access: [{ role: 'venueOwner', filter: 67 }] }, 'places', 66);
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('user does not have restricted access', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessTo({ access: [{ role: 'other', filter: 66 }] }, 'places', 66);
+    assert.isFalse(bool);
+    done();
+  });
+
+});
diff --git a/test/models/access/hasAccessToAll.js b/test/models/access/hasAccessToAll.js
@@ -0,0 +1,50 @@
+// During the test the env variable is set to test
+process.env.NODE_ENV = 'test';
+
+// Require the dev-dependencies
+const chai = require('chai');
+const { Access } = require('../../../index');
+
+const { assert } = chai;
+
+
+// Our parent block
+describe('MODELS: ACCESS hasAccessToAll', () => { // eslint-disable-line
+
+  it('user is undef', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessToAll();
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('user.access is undef', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessToAll({});
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('user is admin', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessToAll({ is_admin: true });
+    assert.isTrue(bool);
+    done();
+  });
+
+  it('user has access to all', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessToAll({ access: [{ role: 'placesAdmin' }] }, 'places');
+    assert.isTrue(bool);
+    done();
+  });
+
+  it('user does not have access to all', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessToAll({ access: [{ role: 'other' }] }, 'places');
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('to does not have UNRESTRICTED_ROLES', (done) => { // eslint-disable-line
+    const bool = Access.hasAccessToAll({ access: [{ role: 'other' }] }, 'other');
+    assert.isFalse(bool);
+    done();
+  });
+
+});
diff --git a/test/models/access/isAdmin.js b/test/models/access/isAdmin.js
@@ -0,0 +1,44 @@
+// During the test the env variable is set to test
+process.env.NODE_ENV = 'test';
+
+// Require the dev-dependencies
+const chai = require('chai');
+const { Access } = require('../../../index');
+
+const { assert } = chai;
+
+
+// Our parent block
+describe('MODELS: ACCESS isAdmin', () => { // eslint-disable-line
+
+  it('user is undef', (done) => { // eslint-disable-line
+    const bool = Access.isAdmin();
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('user.is_admin = true', (done) => { // eslint-disable-line
+    const bool = Access.isAdmin({ is_admin: true });
+    assert.isTrue(bool);
+    done();
+  });
+
+  it('user does not have access', (done) => { // eslint-disable-line
+    const bool = Access.isAdmin({});
+    assert.isFalse(bool);
+    done();
+  });
+
+  it('user has admin role', (done) => { // eslint-disable-line
+    const bool = Access.isAdmin({ access: [{ role: 'admin' }] });
+    assert.isTrue(bool);
+    done();
+  });
+
+  it('user does not have admin role', (done) => { // eslint-disable-line
+    const bool = Access.isAdmin({ access: [{ role: 'other' }] });
+    assert.isFalse(bool);
+    done();
+  });
+
+});