diff --git a/models/access.js b/models/access.js index 28051da66..b53523da3 100644 --- a/models/access.js +++ b/models/access.js @@ -62,6 +62,19 @@ const addAccessibleToSearch = (search, access, tableName, key) => { return search; }; +const hasAccessTo = (user, to, filterId) => { + if (!user || !user.access || !to) return false; + const { access } = user; + if (hasAccessToAll(user, to)) return true; + const roles = RESTRICTED_ROLES[to]; + for (let i = 0; i < access.length; i++) { + if (codemaster.utils.Array.contains(roles, access[i].role)) { + if (access[i].filter.toString() === filterId.toString()) return true; + } + } + return false; +}; + module.exports = { isAdmin, @@ -70,4 +83,5 @@ module.exports = { accessiblesIds, find, addAccessibleToSearch, + hasAccessTo, }; diff --git a/test/models/access/accessiblesIds.js b/test/models/access/accessiblesIds.js new file mode 100644 index 000000000..1ea718df8 --- /dev/null +++ b/test/models/access/accessiblesIds.js @@ -0,0 +1,39 @@ +// During the test the env variable is set to test +process.env.NODE_ENV = 'test'; + +// Require the dev-dependencies +const chai = require('chai'); +const { Access } = require('../../../index'); + +const { assert } = chai; + + +// Our parent block +describe('MODELS: ACCESS.accessiblesIds', () => { // eslint-disable-line + + it('access is undef', (done) => { // eslint-disable-line + const result = Access.accessiblesIds(null, 'places'); + assert.deepEqual(result, []); + done(); + }); + + it('to is undef', (done) => { // eslint-disable-line + const result = Access.accessiblesIds([]); + assert.deepEqual(result, []); + done(); + }); + + it('to does not have restricted_roles', (done) => { // eslint-disable-line + const result = Access.accessiblesIds([], 'other'); + assert.deepEqual(result, []); + done(); + }); + + it('Happy path', (done) => { // eslint-disable-line + const access = [{ role: 'other', filter: 66 }, { role: 'venueOwner', filter: 1 }, { role: 'venueOwner', filter: 2 }]; + const result = Access.accessiblesIds(access, 'places'); + assert.deepEqual(result, [1, 2]); + done(); + }); + +}); diff --git a/test/models/access/hasAccessTo.js b/test/models/access/hasAccessTo.js new file mode 100644 index 000000000..c0dfcf2c9 --- /dev/null +++ b/test/models/access/hasAccessTo.js @@ -0,0 +1,62 @@ +// During the test the env variable is set to test +process.env.NODE_ENV = 'test'; + +// Require the dev-dependencies +const chai = require('chai'); +const { Access } = require('../../../index'); + +const { assert } = chai; + + +// Our parent block +describe('MODELS: ACCESS hasAccessTo', () => { // eslint-disable-line + + it('user is undef', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo(null, 'places', 1); + assert.isFalse(bool); + done(); + }); + + it('user.access is undef', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo({}, 'places', 1); + assert.isFalse(bool); + done(); + }); + + it('to is undef', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo({ access: [] }); + assert.isFalse(bool); + done(); + }); + + it('user has access to all', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo({ access: [{ role: 'admin' }] }, 'places', 66); + assert.isTrue(bool); + done(); + }); + + it('user has restricted access: both ints', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo({ access: [{ role: 'venueOwner', filter: 66 }] }, 'places', 66); + assert.isTrue(bool); + done(); + }); + + it('user has restricted access: one as int the other as string', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo({ access: [{ role: 'venueOwner', filter: '66' }] }, 'places', 66); + assert.isTrue(bool); + done(); + }); + + it('user does have restricted access but with different filter', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo({ access: [{ role: 'venueOwner', filter: 67 }] }, 'places', 66); + assert.isFalse(bool); + done(); + }); + + it('user does not have restricted access', (done) => { // eslint-disable-line + const bool = Access.hasAccessTo({ access: [{ role: 'other', filter: 66 }] }, 'places', 66); + assert.isFalse(bool); + done(); + }); + +}); diff --git a/test/models/access/hasAccessToAll.js b/test/models/access/hasAccessToAll.js new file mode 100644 index 000000000..4889d4541 --- /dev/null +++ b/test/models/access/hasAccessToAll.js @@ -0,0 +1,50 @@ +// During the test the env variable is set to test +process.env.NODE_ENV = 'test'; + +// Require the dev-dependencies +const chai = require('chai'); +const { Access } = require('../../../index'); + +const { assert } = chai; + + +// Our parent block +describe('MODELS: ACCESS hasAccessToAll', () => { // eslint-disable-line + + it('user is undef', (done) => { // eslint-disable-line + const bool = Access.hasAccessToAll(); + assert.isFalse(bool); + done(); + }); + + it('user.access is undef', (done) => { // eslint-disable-line + const bool = Access.hasAccessToAll({}); + assert.isFalse(bool); + done(); + }); + + it('user is admin', (done) => { // eslint-disable-line + const bool = Access.hasAccessToAll({ is_admin: true }); + assert.isTrue(bool); + done(); + }); + + it('user has access to all', (done) => { // eslint-disable-line + const bool = Access.hasAccessToAll({ access: [{ role: 'placesAdmin' }] }, 'places'); + assert.isTrue(bool); + done(); + }); + + it('user does not have access to all', (done) => { // eslint-disable-line + const bool = Access.hasAccessToAll({ access: [{ role: 'other' }] }, 'places'); + assert.isFalse(bool); + done(); + }); + + it('to does not have UNRESTRICTED_ROLES', (done) => { // eslint-disable-line + const bool = Access.hasAccessToAll({ access: [{ role: 'other' }] }, 'other'); + assert.isFalse(bool); + done(); + }); + +}); diff --git a/test/models/access/isAdmin.js b/test/models/access/isAdmin.js new file mode 100644 index 000000000..ce54c7387 --- /dev/null +++ b/test/models/access/isAdmin.js @@ -0,0 +1,44 @@ +// During the test the env variable is set to test +process.env.NODE_ENV = 'test'; + +// Require the dev-dependencies +const chai = require('chai'); +const { Access } = require('../../../index'); + +const { assert } = chai; + + +// Our parent block +describe('MODELS: ACCESS isAdmin', () => { // eslint-disable-line + + it('user is undef', (done) => { // eslint-disable-line + const bool = Access.isAdmin(); + assert.isFalse(bool); + done(); + }); + + it('user.is_admin = true', (done) => { // eslint-disable-line + const bool = Access.isAdmin({ is_admin: true }); + assert.isTrue(bool); + done(); + }); + + it('user does not have access', (done) => { // eslint-disable-line + const bool = Access.isAdmin({}); + assert.isFalse(bool); + done(); + }); + + it('user has admin role', (done) => { // eslint-disable-line + const bool = Access.isAdmin({ access: [{ role: 'admin' }] }); + assert.isTrue(bool); + done(); + }); + + it('user does not have admin role', (done) => { // eslint-disable-line + const bool = Access.isAdmin({ access: [{ role: 'other' }] }); + assert.isFalse(bool); + done(); + }); + +});