diff --git a/packages/back-end/test/permissions.test.ts b/packages/back-end/test/permissions.test.ts index 8c5515641f25..ae02ebc1aa28 100644 --- a/packages/back-end/test/permissions.test.ts +++ b/packages/back-end/test/permissions.test.ts @@ -1,8 +1,4 @@ -import { - getReadAccessFilter, - hasReadAccess, - Permissions, -} from "shared/permissions"; +import { getReadAccessFilter, hasReadAccess } from "shared/permissions"; import { getUserPermissions, roleToPermissionMap, @@ -11,7 +7,6 @@ import { OrganizationInterface } from "../types/organization"; import { TeamInterface } from "../types/team"; import { FeatureInterface } from "../types/feature"; import { MetricInterface } from "../types/metric"; -import { DataSourceInterface } from "../types/datasource"; describe("Build base user permissions", () => { const testOrg: OrganizationInterface = { @@ -1812,4980 +1807,3 @@ describe("hasReadAccess filter", () => { ]); }); }); - -describe("PermissionsUtilClass.canCreateAttribute check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create attribute in 'All Projects'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateAttribute({})).toEqual(false); - }); - - it("User with global engineer role can create attribute in in 'All Projects'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateAttribute({})).toEqual(true); - }); - - it("User with global readonly role can not create attribute in in project 'ABC123'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateAttribute({ projects: ["ABC123"] })).toEqual( - false - ); - }); - - it("User with global readonly role can create attribute in in project 'ABC123' if they have an engineer role for that project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateAttribute({ projects: ["ABC123"] })).toEqual( - true - ); - }); - - it("User with global engineer role can not create attribute in in project 'ABC123' if they have a readonly role for that project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateAttribute({ projects: ["ABC123"] })).toEqual( - false - ); - }); - - it("User with global readonly role can not create attribute in in project 'ABC123' and 'DEF456 if they have a engineer role for only one of the projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canCreateAttribute({ projects: ["ABC123", "DEF456"] }) - ).toEqual(false); - }); - - it("User with global readonly role can create attribute in in project 'ABC123' and 'DEF456 if they have a engineer role for both projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - DEF456: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canCreateAttribute({ projects: ["ABC123", "DEF456"] }) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canUpdateAttribute check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role and engineer role on project ABC123 can not remove all projects from existing attribute", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateAttribute({ projects: ["ABC123"] }, { projects: [] }) - ).toEqual(false); - }); - - it("User with global engineer role can remove all projects from existing attribute", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateAttribute({ projects: ["ABC123"] }, { projects: [] }) - ).toEqual(true); - }); - - it("User with global readonly role can update an attribute from being in project ABC123 to being in ABC123 and DEF456", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - DEF456: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateAttribute( - { projects: ["ABC123"] }, - { projects: ["ABC123", "DEF456"] } - ) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteAttribute check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not delete attribute in 'All Projects'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteAttribute({})).toEqual(false); - }); - - it("User with global engineer role can delete attribute in in 'All Projects'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteAttribute({})).toEqual(true); - }); - - it("User with global readonly role can not delete attribute in in project 'ABC123'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteAttribute({ projects: ["ABC123"] })).toEqual( - false - ); - }); - - it("User with global readonly role can delete attribute in in project 'ABC123' if they have an engineer role for that project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteAttribute({ projects: ["ABC123"] })).toEqual( - true - ); - }); - - it("User with global engineer role can not delete attribute in in project 'ABC123' if they have a readonly role for that project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteAttribute({ projects: ["ABC123"] })).toEqual( - false - ); - }); - - it("User with global readonly role can not delete attribute in in project 'ABC123' and 'DEF456 if they have a engineer role for only one of the projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canDeleteAttribute({ projects: ["ABC123", "DEF456"] }) - ).toEqual(false); - }); - - it("User with global readonly role can delete attribute in in project 'ABC123' and 'DEF456 if they have a engineer role for both projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - DEF456: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canDeleteAttribute({ projects: ["ABC123", "DEF456"] }) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateSegmentcheck", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateSegment()).toEqual(false); - }); - - it("User with global collaborator role can create segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateSegment()).toEqual(false); - }); - - it("User with global analyst role can create segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateSegment()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canUpdateSegmentcheck", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not update segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateSegment()).toEqual(false); - }); - - it("User with global collaborator role can update segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateSegment()).toEqual(false); - }); - - it("User with global analyst role can update segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateSegment()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteSegmentcheck", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not delete segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteSegment()).toEqual(false); - }); - - it("User with global collaborator role can delete segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteSegment()).toEqual(false); - }); - - it("User with global analyst role can delete segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteSegment()).toEqual(true); - }); -}); - -// permissionsClass Global Permissions Test -describe("PermissionsUtilClass.canCreatePresentation check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreatePresentation()).toEqual(false); - }); - - it("User with global collaborator role can create presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreatePresentation()).toEqual(true); - }); - - it("User with global engineer role can create presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreatePresentation()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canUpdatePresentation check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not update presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdatePresentation()).toEqual(false); - }); - - it("User with global collaborator role can update presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdatePresentation()).toEqual(true); - }); - - it("User with global engineer role can update presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdatePresentation()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeletePresentation check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not delete presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeletePresentation()).toEqual(false); - }); - - it("User with global collaborator role can delete presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeletePresentation()).toEqual(true); - }); - - it("User with global engineer role can delete presentation", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeletePresentation()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateDimension check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateDimension()).toEqual(false); - }); - - it("User with global collaborator role can create dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateDimension()).toEqual(false); - }); - - it("User with global analyst role can create dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateDimension()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canUpdateDimension check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not update dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDimension()).toEqual(false); - }); - - it("User with global collaborator role can update dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDimension()).toEqual(false); - }); - - it("User with global analyst role can update dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDimension()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteDimension check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not delete dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteDimension()).toEqual(false); - }); - - it("User with global collaborator role can delete dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteDimension()).toEqual(false); - }); - - it("User with global analyst role can delete dimension", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteDimension()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateSegmentcheck", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateSegment()).toEqual(false); - }); - - it("User with global collaborator role can create segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateSegment()).toEqual(false); - }); - - it("User with global analyst role can create segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateSegment()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canUpdateSegmentcheck", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not update segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateSegment()).toEqual(false); - }); - - it("User with global collaborator role can update segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateSegment()).toEqual(false); - }); - - it("User with global analyst role can update segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateSegment()).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteSegmentcheck", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not delete segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteSegment()).toEqual(false); - }); - - it("User with global collaborator role can delete segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteSegment()).toEqual(false); - }); - - it("User with global analyst role can delete segment", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteSegment()).toEqual(true); - }); -}); - -// permissionsClass Project Permissions Test -describe("PermissionsUtilClass.canCreateIdea check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create idea without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateIdea({ project: "" })).toEqual(false); - }); - - it("User with global collaborator role can create idea without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateIdea({ project: "" })).toEqual(true); - }); - - it("User with global readonly role can not create idea with a project if they don't have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateIdea({ project: "abc123" })).toEqual(false); - }); - - it("User with global readonly role can create idea with a project if they do have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateIdea({ project: "abc123" })).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canUpdateIdea check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not update idea without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateIdea({ project: "" }, { project: "abc123" }) - ).toEqual(false); - }); - - it("User with global collaborator role can update idea without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateIdea({ project: "" }, { project: "abc123" }) - ).toEqual(true); - }); - - it("User with global readonly role can not update idea with a project if they don't have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateIdea({ project: "abc123" }, { project: "" }) - ).toEqual(false); - }); - - it("User with global readonly role can not remove project from idea if they do have a project specific role that gives them permission in the new project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateIdea({ project: "abc123" }, { project: "" }) - ).toEqual(false); - }); - - it("User with global readonly role can update idea's project from idea if they do have a project specific role that gives them permission in the new project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - def456: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateIdea({ project: "abc123" }, { project: "def456" }) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteIdea check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not delete idea without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteIdea({ project: "" })).toEqual(false); - }); - - it("User with global collaborator role can delete idea without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteIdea({ project: "" })).toEqual(true); - }); - - it("User with global readonly role can not delete idea with a project if they don't have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteIdea({ project: "abc123" })).toEqual(false); - }); - - it("User with global readonly role can delete idea with a project if they do have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteIdea({ project: "abc123" })).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canViewExperimentModal check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canViewExperimentModal()).toEqual(false); - }); - - it("User with global experimenter role can create experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canViewExperimentModal()).toEqual(true); - }); - - it("User with global readonly role can not create experiment with a project if they don't have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canViewExperimentModal("abc123")).toEqual(false); - }); - - it("User with global readonly role can create experiment with a project if they do have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canViewExperimentModal("abc123")).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateExperiment check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not create experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateExperiment({ project: "" })).toEqual(false); - }); - - it("User with global analyst role can create experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateExperiment({ project: "" })).toEqual(true); - }); - - it("User with global readonly role can not create experiment with a project if they don't have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateExperiment({ project: "abc123" })).toEqual( - false - ); - }); - - it("User with global readonly role can create experiment with a project if they do have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateExperiment({ project: "abc123" })).toEqual( - true - ); - }); -}); - -describe("PermissionsUtilClass.canUpdateExperiment check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not update experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateExperiment({ project: "" }, { project: "abc123" }) - ).toEqual(false); - }); - - it("User with global analyst role can update experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateExperiment({ project: "" }, { project: "abc123" }) - ).toEqual(true); - }); - - it("User with global readonly role can not update experiment with a project if they don't have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateExperiment({ project: "abc123" }, { project: "" }) - ).toEqual(false); - }); - - it("User with global readonly role can not remove project from experiment if they do have a project specific role that gives them permission in the new project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateExperiment({ project: "abc123" }, { project: "" }) - ).toEqual(false); - }); - - it("User with global readonly role can update experiment's project from experiment if they do have a project specific role that gives them permission in the new project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - def456: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateExperiment( - { project: "abc123" }, - { project: "def456" } - ) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteExperiment check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global readonly role can not delete experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteExperiment({ project: "" })).toEqual(false); - }); - - it("User with global analyst role can delete experiment without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteExperiment({ project: "" })).toEqual(true); - }); - - it("User with global readonly role can not delete experiment with a project if they don't have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteExperiment({ project: "abc123" })).toEqual( - false - ); - }); - - it("User with global readonly role can delete experiment with a project if they do have a project specific role that gives them permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteExperiment({ project: "abc123" })).toEqual( - true - ); - }); -}); - -describe("PermissionsUtilClass.canCreateMetric check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canCreateMetric should handle undefined projects correctly for engineer user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({})).toEqual(false); - }); - - it("canCreateMetric should handle undefined projects correctly for experimenter user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({})).toEqual(true); - }); - - it("canCreateMetric should handle empty projects array correctly for noaccess user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: [] })).toEqual(false); - }); - - it("canCreateMetric should handle empty projects array correctly for experimenter user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: [] })).toEqual(true); - }); - - it("canCreateMetric should handle valid projects array correctly for noaccess user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: ["abc123"] })).toEqual( - false - ); - }); - - it("canCreateMetric should handle valid projects array correctly for experimenter user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: ["abc123"] })).toEqual(true); - }); - - it("canCreateMetric should handle valid projects array correctly for experimenter user with project-level readonly role", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: ["abc123"] })).toEqual( - false - ); - }); - - it("canCreateMetric should handle valid projects array correctly for readonly user with project-level experimenter role in only 1 of the two projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - // its false since the user doesn't have permission in all projects - permissions.canCreateMetric({ projects: ["abc123", "def456"] }) - ).toEqual(false); - }); - - it("canCreateMetric should handle valid projects array correctly for readonly user with project-level experimenter and analyst roles", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - def456: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - // its true since the user DOES have permission in all projects - permissions.canCreateMetric({ projects: ["abc123", "def456"] }) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canUpdateMetric check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canUpdateMetric should not allow updates if the user is an engineer (and doesn't have permission)", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - const metric: Pick = { - projects: ["abc123"], - managedBy: "", - }; - - const updates: Pick = { - projects: ["abc123"], - }; - - expect(permissions.canUpdateMetric(metric, updates)).toEqual(false); - }); - - it("canUpdateMetric should allow updates if the metric projects are unchanged", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - const metric: Pick = { - projects: ["abc123"], - managedBy: "", - }; - - const updates: Pick = { - projects: ["abc123"], - }; - - expect(permissions.canUpdateMetric(metric, updates)).toEqual(true); - }); - - it("canUpdateMetric should allow updates if the updates don't change the projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - const metric: Pick = { - projects: ["abc123"], - managedBy: "", - }; - - const updates: Pick = {}; - - expect(permissions.canUpdateMetric(metric, updates)).toEqual(true); - }); - - it("canUpdateMetric should allow updates if the updates if the projects changed, but the user has permission in all of the projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - const metric: Pick = { - projects: ["abc123"], - managedBy: "", - }; - - const updates: Pick = { - projects: ["abc123", "def456"], - }; - - expect(permissions.canUpdateMetric(metric, updates)).toEqual(true); - }); - - it("canUpdateMetric should not allow updates if the projects changed, and the user does not have permission in all of the projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - def456: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - const metric: Pick = { - projects: ["abc123"], - managedBy: "", - }; - - const updates: Pick = { - projects: ["abc123", "def456"], - }; - - expect(permissions.canUpdateMetric(metric, updates)).toEqual(false); - }); - - it("canUpdateMetric should handle user with global no-access role correctly", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - def456: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - const metric: Pick = { - projects: ["def456"], - managedBy: "", - }; - - const updates: Pick = { - projects: ["abc123", "def456"], - }; - - expect(permissions.canUpdateMetric(metric, updates)).toEqual(false); - }); - - it("canUpdateMetric should handle user with global no-access role correctly", async () => { - console.log("starting last test"); - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - def456: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - const metric: Pick = { - projects: ["def456"], - managedBy: "", - }; - - const updates: Pick = { - projects: [], - }; - - expect(permissions.canUpdateMetric(metric, updates)).toEqual(false); - }); -}); - -describe("PermissionsUtilClass.canDeleteMetric check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canDeleteMetric should handle undefined projects correctly for engineer user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteMetric({})).toEqual(false); - }); - - it("canDeleteMetric should handle undefined projects correctly for experimenter user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteMetric({})).toEqual(true); - }); - - it("canDeleteMetric should handle empty projects array correctly for noaccess user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteMetric({ projects: [] })).toEqual(false); - }); - - it("canCreateMetric should handle empty projects array correctly for experimenter user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: [] })).toEqual(true); - }); - - it("canCreateMetric should handle valid projects array correctly for noaccess user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: ["abc123"] })).toEqual( - false - ); - }); - - it("canCreateMetric should handle valid projects array correctly for experimenter user", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: ["abc123"] })).toEqual(true); - }); - - it("canCreateMetric should handle valid projects array correctly for experimenter user with project-level readonly role", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateMetric({ projects: ["abc123"] })).toEqual( - false - ); - }); - - it("canCreateMetric should handle valid projects array correctly for readonly user with project-level experimenter role in only 1 of the two projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - // its false since the user doesn't have permission in all projects - permissions.canCreateMetric({ projects: ["abc123", "def456"] }) - ).toEqual(false); - }); - - it("canCreateMetric should handle valid projects array correctly for readonly user with project-level experimenter and analyst roles", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - def456: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - // its true since the user DOES have permission in all projects - permissions.canCreateMetric({ projects: ["abc123", "def456"] }) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateFactTable check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canCreateFactTable should return false if user's global role is engineer and user is in All Projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateFactTable({ projects: [] })).toEqual(false); - }); - - it("canCreateFactTable should return true if user's global role is analyst and user is in All Projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateFactTable({ projects: [] })).toEqual(true); - }); - - it("canCreateFactTable should return true if user's global role is analyst and user is in a specific project and doesn't have a project-specific role for that project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateFactTable({ projects: ["abc123"] })).toEqual( - true - ); - }); - - it("canCreateFactTable should return false if user's global role is analyst and user is in a specific project and does have a project-specific role for that project that doesn't provide the permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateFactTable({ projects: ["abc123"] })).toEqual( - false - ); - }); - - it("canCreateFactTable should return true if user's global role is readonly and user is in a specific project and does have a project-specific role for that project that provides the permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateFactTable({ projects: ["abc123"] })).toEqual( - true - ); - }); -}); - -describe("PermissionsUtilClass.canUpdateFactTable check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canUpdateFactTable should return true if user has global analyst role and no project specific roles", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateFactTable({ projects: [] }, { projects: ["abc123"] }) - ).toEqual(true); - }); - - it("canUpdateFactTable should return false if user has global engineer role and no project specific roles", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect( - permissions.canUpdateFactTable({ projects: [] }, { projects: ["abc123"] }) - ).toEqual(false); - }); - - it("canUpdateFactTable should return false if user has global engineer role and attempts to convert a Fact Table from being in one project, to being in All Projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateFactTable({ projects: ["abc123"] }, { projects: [] }) - ).toEqual(false); - }); - - it("canUpdateFactTable should return true if user has global engineer role and attempts to convert a Fact Table from being in one project, to being in two projects, if the user has permission in both projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - def456: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateFactTable( - { projects: ["abc123"] }, - { projects: ["abc123", "def456"] } - ) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteFactTable check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canDeleteFactTable should return false if user's global role is engineer and user is in All Projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteFactTable({ projects: [] })).toEqual(false); - }); - - it("canDeleteFactTable should return true if user's global role is analyst and user is in All Projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteFactTable({ projects: [] })).toEqual(true); - }); - - it("canDeleteFactTable should return true if user's global role is analyst and user is in a specific project and doesn't have a project-specific role for that project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteFactTable({ projects: ["abc123"] })).toEqual( - true - ); - }); - - it("canDeleteFactTable should return false if user's global role is analyst and user is in a specific project and does have a project-specific role for that project that doesn't provide the permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteFactTable({ projects: ["abc123"] })).toEqual( - false - ); - }); - - it("canDeleteFactTable should return true if user's global role is readonly and user is in a specific project and does have a project-specific role for that project that provides the permission", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteFactTable({ projects: ["abc123"] })).toEqual( - true - ); - }); -}); - -describe("PermissionsUtilClass.canAddComment check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - it("canAddComment returns true for user with global experimenter role on experiment in 'All Projects'", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canAddComment([])).toEqual(true); - }); - it("canAddComment returns true for user with global experimenter role on experiment in 'abc123'", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canAddComment(["abc123"])).toEqual(true); - }); - it("canAddComment returns false for user with global readonly role on experiment in 'All Projects'", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canAddComment([])).toEqual(false); - }); - it("canAddComment returns false for user with global noaccess role on experiment in 'abc123'", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canAddComment(["abc123"])).toEqual(false); - }); - it("canAddComment returns true for user with global noaccess role and experimenter role for project 'abc123' for an experiment in 'abc123'", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canAddComment(["abc123"])).toEqual(true); - }); - it("canAddComment returns false for user with global noaccess role and project-level experimenter role, but checking for a different project", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canAddComment(["def123"])).toEqual(false); - }); - it("canAddComment returns true for user with global noaccess role and project-level experimenter role for metric in multiple projects, including the project they have permission for", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canAddComment(["abc123", "def123", "hij123"])).toEqual( - true - ); - }); - it("canAddComment returns false for user with global noaccess role on experiment in 'def123'", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canAddComment(["abc123", "def123", "hij123"])).toEqual( - false - ); - }); - // This is a test specific to the putUpload endpoint - the user needs to have addComment permission either globally, or in atleast 1 project in order to be able to upload images - it("canAddComment returns true for user with global noaccess role and 1 project level experimenter role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canAddComment([])).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateProjects check", () => { - // These tests are pretty basic right now since we don't have custom roles and only admins can edit projects, we will expand these when custom roles become available - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canCreateProjects returns false for user with global experimenter role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateProjects()).toEqual(false); - }); - - it("canCreateProjects returns true for user with global admin role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateProjects()).toEqual(true); - }); - - //TODO: When we add custom roles, add tests here -}); - -describe("PermissionsUtilClass.canUpdateProject check", () => { - // These tests are pretty basic right now since we don't have custom roles and only admins can edit projects, we will expand these when custom roles become available - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canUpdateProject returns false for user with global experimenter role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateProject("abc123")).toEqual(false); - }); - - it("canUpdateProject returns true for user with global admin role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateProject("abc123")).toEqual(true); - }); - - //TODO: When we add custom roles, add tests here -}); - -describe("PermissionsUtilClass.canDeleteProject check", () => { - // These tests are pretty basic right now since we don't have custom roles and only admins can edit projects, we will expand these when custom roles become available - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canDeleteProject returns false for user with global experimenter role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteProject("abc123")).toEqual(false); - }); - - it("canDeleteProject returns true for user with global admin role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteProject("abc123")).toEqual(true); - }); - - //TODO: When we add custom roles, add tests here -}); - -describe("PermissionsUtilClass.canByPassApprovalChecks", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with experimenter role unable to bypassApprovalCheck", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canBypassApprovalChecks({ project: "" })).toEqual(false); - }); - - it("User with admin role able to bypassApprovalCheck", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canBypassApprovalChecks({ project: "" })).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canReviewFeatureDrafts", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with experimenter role able to reviewFeatureDrafts", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canReviewFeatureDrafts({ project: "" })).toEqual(true); - }); - - it("User with engineer role able to reviewFeatureDrafts", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canReviewFeatureDrafts({ project: "" })).toEqual(true); - }); - - it("User with anaylst role able to reviewFeatureDrafts", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canReviewFeatureDrafts({ project: "" })).toEqual(false); - }); - - it("User with global readonly role, but experimenter role on project 'abc123', should be able to reivew features in project 'abc123'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canReviewFeatureDrafts({ project: "abc123" })).toEqual( - true - ); - }); - - it("User with global experimenter role, but readonly role on project 'abc123', should be able to reivew features in project 'abc123'", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canReviewFeatureDrafts({ project: "abc123" })).toEqual( - false - ); - }); - - it("User with admin role able to bypassApprovalCheck", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canReviewFeatureDrafts({ project: "" })).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateVisualChange", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with global visualEditor role able to createVisualChange", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("visualEditor", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateVisualChange({})).toEqual(true); - }); - - it("User with global collaborator role not able to createVisualChange", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateVisualChange({})).toEqual(false); - }); - - it("User with global collaborator role and project-specific visualEditor role able to createVisualChange", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("visualEditor", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateVisualChange({ project: "ABC123" })).toEqual( - true - ); - }); - - it("User with global collaborator role and project-specific visualEditor role not able to createVisualChange if experiment is not in a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("visualEditor", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateVisualChange({})).toEqual(false); - }); - - it("user with global engineer role able to createVisualChange", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateVisualChange({})).toEqual(true); - }); - - it("user with global analyst role able to createVisualChange", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateVisualChange({})).toEqual(true); - }); - - it("user with global experimenter role able to createVisualChange", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateVisualChange({})).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateDataSource", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with admin role able to create a data source", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateDataSource({ projects: [] })).toEqual(true); - }); - - it("User with engineer role is not able to create a data source", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateDataSource({ projects: [] })).toEqual(false); - }); -}); - -describe("PermissionsUtilClass.canUpdateDataSourceParams", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with admin role able to update a data source's params", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDataSourceParams({ projects: [] })).toEqual( - true - ); - }); - - it("User with engineer role is not able to create a data source's params", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDataSourceParams({ projects: [] })).toEqual( - false - ); - }); -}); - -describe("PermissionsUtilClass.canUpdateDataSourceSettings", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with admin role able to update a data source's settings", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDataSourceSettings({ projects: [] })).toEqual( - true - ); - }); - - it("User with engineer role is not able to update a data source's settings", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDataSourceSettings({ projects: [] })).toEqual( - false - ); - }); - - it("User with analyst role is is able to update a data source's settings", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDataSourceSettings({ projects: [] })).toEqual( - true - ); - }); - - it("User with experimenter role is able to update a data source's settings", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateDataSourceSettings({ projects: [] })).toEqual( - true - ); - }); - - it("User with global noaccess role and project-level experimenter role is able to update a data source's settings", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateDataSourceSettings({ projects: ["abc123"] }) - ).toEqual(true); - }); - - it("User with global noaccess role and project-level experimenter role is not able to update a data source's settings if the data source is in all projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canUpdateDataSourceSettings({ projects: [] })).toEqual( - false - ); - }); - - it("User with global noaccess role and project-level experimenter role is not able to update a data source's settings if the data source is in all projects", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("noaccess", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("experimenter", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateDataSourceSettings({ - projects: ["abc123", "def123"], - }) - ).toEqual(false); - }); -}); - -describe("PermissionsUtilClass.canDeleteDataSource", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with admin role able delete a data source", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("admin", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteDataSource({ projects: [] })).toEqual(true); - }); - - it("User with engineer role is not able delete a data source", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteDataSource({ projects: [] })).toEqual(false); - }); -}); - -describe("PermissionsUtilClass.canRunTestQueries check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - it("canRunTestQueries returns false for user with global 'engineer' role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - const sampleDataSource: Pick = { - id: "data_abc", - }; - - expect(permissions.canRunTestQueries(sampleDataSource)).toEqual(false); - }); - - it("canRunTestQueries returns true for user with global 'analyst' role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - const sampleDataSource: Pick = { - id: "data_abc", - }; - - expect(permissions.canRunTestQueries(sampleDataSource)).toEqual(true); - }); - - it("canRunTestQueries returns false for user with global 'collaborator' role, and project-specific 'analyst' roles, but none in the project in question", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - def: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - const sampleDataSource: Pick = { - id: "data_abc", - projects: ["ghi", "xyz"], - }; - - expect(permissions.canRunTestQueries(sampleDataSource)).toEqual(false); - }); - - it("canRunTestQueries returns true for user with global 'collaborator' role, and project-specific 'analyst' role for atleast 1 project", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - def: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - const sampleDataSource: Pick = { - id: "data_abc", - projects: ["ghi", "xyz", "abc"], - }; - - expect(permissions.canRunTestQueries(sampleDataSource)).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canManageFeatureDrafts", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("User with collaborator role is not able to manage feature drafts", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canManageFeatureDrafts({ project: "" })).toEqual(false); - }); - - it("User with engineer role is able to manage feature drafts", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canManageFeatureDrafts({ project: "" })).toEqual(true); - }); - - it("User with anaylst role is not able to manage feature drafts", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canManageFeatureDrafts({ project: "" })).toEqual(false); - }); - - it("User with global readonly role is not able to manage feature drafts for feature without a project", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canManageFeatureDrafts({ project: "" })).toEqual(false); - }); - - it("User with global readonly role is able to manage feature drafts if their project specific permissions grant it", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("readonly", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canManageFeatureDrafts({ project: "abc123" })).toEqual( - true - ); - }); - - it("canManageFeatureDrafts works as expected for a feature without the project property", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canManageFeatureDrafts({})).toEqual(true); - }); - - it("canManageFeatureDrafts works as expected for a feature without the project property", async () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("collaborator", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canManageFeatureDrafts({})).toEqual(false); - }); -}); - -describe("PermissionsUtilClass.canViewFeatureModal check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canViewFeatureModal returns true for user with global 'engineer' role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canViewFeatureModal()).toEqual(true); - }); - - it("canViewFeatureModal returns false for user with global 'analyst' role", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canViewFeatureModal()).toEqual(false); - }); - - it("canViewFeatureModal returns true for user with global 'analyst' role, if their project-specific role gives them access", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - abc123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canViewFeatureModal("abc123")).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canCreateFeature check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canCreateFeature returns true for user with global 'engineer' role when trying to create a feature in all projects", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateFeature({ project: "" })).toEqual(true); - }); - - it("canCreateFeature returns false for user with global 'analyst' role when trying to create a feature in all projects", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canCreateFeature({ project: "" })).toEqual(false); - }); - - it("canCreateFeature returns true for user with global 'analyst' role when trying to create a feature in a project they have engineer permissions for", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateFeature({ project: "ABC123" })).toEqual(true); - }); - - it("canCreateFeature returns false for user with global 'engineer' role when trying to create a feature in a project they have analyst permissions for", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canCreateFeature({ project: "ABC123" })).toEqual(false); - }); -}); - -describe("PermissionsUtilClass.canUpdateFeature check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canUpdateFeature returns true for user with global 'engineer' role when trying to update a feature in all projects", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canUpdateFeature({}, { project: "abc123" })).toEqual( - true - ); - }); - - it("canUpdateFeature returns false for user with global 'analyst' role when trying to update a feature in a specific project and move it to all projects", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateFeature({ project: "ABC123" }, { project: "" }) - ).toEqual(false); - }); - - it("canUpdateFeature returns true for user with global 'analyst' role when trying to move a feature from 1 project they have engineer permissions for to another project they have engineer permissions for", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - DEF456: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect( - permissions.canUpdateFeature({ project: "ABC123" }, { project: "DEF456" }) - ).toEqual(true); - }); -}); - -describe("PermissionsUtilClass.canDeleteFeature check", () => { - const testOrg: OrganizationInterface = { - id: "org_sktwi1id9l7z9xkjb", - name: "Test Org", - ownerEmail: "test@test.com", - url: "https://test.com", - dateCreated: new Date(), - invites: [], - members: [ - { - id: "base_user_123", - role: "readonly", - dateCreated: new Date(), - limitAccessByEnvironment: false, - environments: [], - projectRoles: [], - teams: [], - }, - ], - settings: { - environments: [ - { id: "development" }, - { id: "staging" }, - { id: "production" }, - ], - }, - }; - - it("canDeleteFeature returns true for user with global 'engineer' role when trying to delete a feature in all projects", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteFeature({ project: "" })).toEqual(true); - }); - - it("canDeleteFeature returns false for user with global 'analyst' role when trying to delete a feature in all projects", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: {}, - }, - false - ); - - expect(permissions.canDeleteFeature({ project: "" })).toEqual(false); - }); - - it("canDeleteFeature returns true for user with global 'analyst' role when trying to delete a feature in a project they have engineer permissions for", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteFeature({ project: "ABC123" })).toEqual(true); - }); - - it("canDeleteFeature returns false for user with global 'engineer' role when trying to delete a feature in a project they have analyst permissions for", () => { - const permissions = new Permissions( - { - global: { - permissions: roleToPermissionMap("engineer", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - projects: { - ABC123: { - permissions: roleToPermissionMap("analyst", testOrg), - limitAccessByEnvironment: false, - environments: [], - }, - }, - }, - false - ); - - expect(permissions.canDeleteFeature({ project: "ABC123" })).toEqual(false); - }); -}); diff --git a/packages/back-end/test/permissionsClass.test.ts b/packages/back-end/test/permissionsClass.test.ts new file mode 100644 index 000000000000..a89a6923cb2e --- /dev/null +++ b/packages/back-end/test/permissionsClass.test.ts @@ -0,0 +1,986 @@ +import { Permissions } from "../../shared/src/permissions"; +import { roleToPermissionMap } from "../src/util/organization.util"; +import { OrganizationInterface } from "../types/organization"; + +const testOrg: OrganizationInterface = { + id: "org_sktwi1id9l7z9xkjb", + name: "Test Org", + ownerEmail: "test@test.com", + url: "https://test.com", + dateCreated: new Date(), + invites: [], + members: [ + { + id: "base_user_123", + role: "readonly", + dateCreated: new Date(), + limitAccessByEnvironment: false, + environments: [], + projectRoles: [], + teams: [], + }, + ], + settings: { + environments: [ + { id: "development" }, + { id: "staging" }, + { id: "production" }, + ], + }, +}; + +class TestPermissions extends Permissions { + public constructor() { + super( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: {}, + }, + false + ); + + this.checkGlobalPermission = jest.fn(() => true); + this.checkProjectFilterPermission = jest.fn(() => true); + this.checkProjectFilterUpdatePermission = jest.fn(() => true); + } +} + +// GLOBAL_PERMISSIONS HELPER METHODS +describe("canCreatePresentation", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canCreatePresentation(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createPresentations"); + }); +}); + +describe("canUpdatePresentation", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canUpdatePresentation(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createPresentations"); + }); +}); + +describe("canDeletePresentation", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canDeletePresentation(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createPresentations"); + }); +}); + +describe("canCreateDimension", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canCreateDimension(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createDimensions"); + }); +}); + +describe("canUpdateDimension", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canUpdateDimension(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createDimensions"); + }); +}); + +describe("canDeleteDimension", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canDeleteDimension(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createDimensions"); + }); +}); + +describe("canUpdateSegment", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canUpdateSegment(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createSegments"); + }); +}); + +describe("canDeleteSegment", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canDeleteSegment(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("createSegments"); + }); +}); + +describe("canManageNorthStarMetric", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canManageNorthStarMetric(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith( + "manageNorthStarMetric" + ); + }); +}); + +describe("canManageBilling", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canManageBilling(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("manageBilling"); + }); +}); + +describe("canManageIntegrations", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canManageIntegrations(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("manageIntegrations"); + }); +}); + +describe("canCreateApiKey", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canCreateApiKey(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("manageApiKeys"); + }); +}); + +describe("canDeleteApiKey", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canDeleteApiKey(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("manageApiKeys"); + }); +}); + +describe("canManageTeam", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canManageTeam(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("manageTeam"); + }); +}); + +describe("canManageOrgSettings", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canManageOrgSettings(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith( + "organizationSettings" + ); + }); +}); + +describe("canSuperDeleteReport", () => { + it("Calls checkGlobalPermission with the correct parameters", () => { + const p = new TestPermissions(); + p.canSuperDeleteReport(); + expect(p.checkGlobalPermission).toHaveBeenCalledWith("superDeleteReport"); + }); +}); + +// PROJECT_SCOPED_PERMISSIONS HELPER METHODS +describe("canCreateVisualChange", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canCreateVisualChange({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageVisualChanges" + ); + }); +}); + +describe("canUpdateVisualChange", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canUpdateVisualChange({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageVisualChanges" + ); + }); +}); + +describe("canViewAttributeModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewAttributeModal("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageTargetingAttributes" + ); + }); +}); + +describe("canCreateAttribute", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateAttribute({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "manageTargetingAttributes" + ); + }); +}); + +describe("canUpdateAttribute", () => { + it("Calls checkProjectFilterUpdatePermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateAttribute({ projects: ["a", "b"] }, { projects: ["a"] })); + expect(p.checkProjectFilterUpdatePermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + { projects: ["a"] }, + "manageTargetingAttributes" + ); + }); +}); + +describe("canDeleteAttribute", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteAttribute({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "manageTargetingAttributes" + ); + }); +}); + +describe("canViewFeatureModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewFeatureModal("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageFeatures" + ); + }); +}); + +describe("canCreateFeature", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateFeature({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageFeatures" + ); + }); +}); + +describe("canUpdateFeature", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateFeature({ project: "a" }, { project: "b" })); + expect(p.checkProjectFilterUpdatePermission).toHaveBeenCalledWith( + { projects: ["a"] }, + { projects: ["b"] }, + "manageFeatures" + ); + }); +}); + +describe("canDeleteFeature", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteFeature({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageFeatures" + ); + }); +}); + +describe("canViewExperimentModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewExperimentModal("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createAnalyses" + ); + }); +}); + +describe("canCreateExperiment", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateExperiment({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createAnalyses" + ); + }); +}); + +describe("canUpdateExperiment", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateExperiment({ project: "a" }, { project: "b" })); + expect(p.checkProjectFilterUpdatePermission).toHaveBeenCalledWith( + { projects: ["a"] }, + { projects: ["b"] }, + "createAnalyses" + ); + }); +}); + +describe("canDeleteExperiment", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteExperiment({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createAnalyses" + ); + }); +}); + +describe("canViewReportModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewReportModal("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createAnalyses" + ); + }); +}); + +describe("canCreateReport", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateReport({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createAnalyses" + ); + }); +}); + +describe("canUpdateReport", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateReport({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createAnalyses" + ); + }); +}); + +describe("canDeleteReport", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteReport({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createAnalyses" + ); + }); +}); + +describe("canViewIdeaModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewIdeaModal("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createIdeas" + ); + }); +}); + +describe("canCreateIdea", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateIdea({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createIdeas" + ); + }); +}); + +describe("canUpdateIdea", () => { + it("Calls checkProjectFilterUpdatePermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateIdea({ project: "a" }, { project: "b" })); + expect(p.checkProjectFilterUpdatePermission).toHaveBeenCalledWith( + { projects: ["a"] }, + { projects: ["b"] }, + "createIdeas" + ); + }); +}); + +describe("canDeleteIdea", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteIdea({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createIdeas" + ); + }); +}); + +describe("canViewCreateFactTableModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewCreateFactTableModal("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageFactTables" + ); + }); +}); + +describe("canViewEditFactTableModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewEditFactTableModal({ projects: ["a", "b"] })); + expect(p.checkProjectFilterUpdatePermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + {}, + "manageFactTables" + ); + }); +}); + +describe("canCreateFactTable", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateFactTable({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageFactTables" + ); + }); +}); + +describe("canUpdateFactTable", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateFactTable({ projects: ["a", "b"] }, { projects: ["a"] })); + expect(p.checkProjectFilterUpdatePermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + { projects: ["a"] }, + "manageFactTables" + ); + }); +}); + +describe("canDeleteFactTable", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteFactTable({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageFactTables" + ); + }); +}); + +describe("canCreateMetric", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateMetric({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createMetrics" + ); + }); +}); + +describe("canUpdateMetric", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateMetric({ projects: ["a"] }, { projects: ["a", "b"] })); + expect(p.checkProjectFilterUpdatePermission).toHaveBeenCalledWith( + { projects: ["a"] }, + { projects: ["a", "b"] }, + "createMetrics" + ); + }); +}); + +describe("canDeleteMetric", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteMetric({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createMetrics" + ); + }); +}); + +describe("canManageFeatureDrafts", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canManageFeatureDrafts({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageFeatureDrafts" + ); + }); +}); + +describe("canReviewFeatureDrafts", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canReviewFeatureDrafts({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "canReview" + ); + }); +}); + +describe("canBypassApprovalChecks", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canBypassApprovalChecks({ project: "a" })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "bypassApprovalChecks" + ); + }); +}); + +describe("canAddComment", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canAddComment(["a"])); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "addComments" + ); + }); +}); + +describe("canCreateProjects", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateProjects()); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: [] }, + "manageProjects" + ); + }); +}); + +describe("canUpdateSomeProjects", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateSomeProjects()); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: [] }, + "manageProjects" + ); + }); +}); + +describe("canUpdateProject", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateProject("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageProjects" + ); + }); +}); + +describe("canDeleteProject", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteProject("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "manageProjects" + ); + }); +}); + +describe("canViewCreateDataSourceModal", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canViewCreateDataSourceModal("a")); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createDatasources" + ); + }); +}); + +describe("canCreateDataSource", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canCreateDataSource({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createDatasources" + ); + }); +}); + +describe("canUpdateDataSourceParams", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateDataSourceParams({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createDatasources" + ); + }); +}); + +describe("canUpdateDataSourceSettings", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canUpdateDataSourceSettings({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "editDatasourceSettings" + ); + }); +}); + +describe("canDeleteDataSource", () => { + it("Calls checkProjectFilterPermission with the correct paramters", () => { + const p = new TestPermissions(); + expect(p.canDeleteDataSource({ projects: ["a"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a"] }, + "createDatasources" + ); + }); +}); + +describe("canRunExperimentQueries", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canRunExperimentQueries({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "runQueries" + ); + }); +}); + +describe("canRunPastExperimentQueries", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canRunPastExperimentQueries({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "runQueries" + ); + }); +}); + +describe("canRunFactQueries", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canRunFactQueries({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "runQueries" + ); + }); +}); + +describe("canRunTestQueries", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canRunTestQueries({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "runQueries" + ); + }); +}); + +describe("canRunSchemaQueries", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canRunSchemaQueries({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "runQueries" + ); + }); +}); + +describe("canRunHealthQueries", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canRunHealthQueries({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "runQueries" + ); + }); +}); + +describe("canRunMetricQueries", () => { + it("Calls checkProjectFilterPermission with the correct parameters", () => { + const p = new TestPermissions(); + expect(p.canRunMetricQueries({ projects: ["a", "b"] })); + expect(p.checkProjectFilterPermission).toHaveBeenCalledWith( + { projects: ["a", "b"] }, + "runQueries" + ); + }); +}); + +//ENV_SCOPED_PERMISSIONS HELPER METHODS + +// hasPermission Tests +describe("hasPermission", () => { + it("hasPermission should always return true if user is superAdmin, regardless of their other roles", () => { + const permissions = new Permissions( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: {}, + }, + true + ); + + expect(permissions.hasPermission("manageFeatures", "project1")).toEqual( + true + ); + }); + + it("hasPermission should use project level role over global role when specified", () => { + const permissions = new Permissions( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: { + project1: { + permissions: roleToPermissionMap("engineer", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + }, + }, + false + ); + + expect(permissions.hasPermission("manageFeatures", "project1")).toEqual( + true + ); + }); + + it("hasPermission should use global role over project role user doesn't have a specific role for the specified project", () => { + const permissions = new Permissions( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: { + project1: { + permissions: roleToPermissionMap("engineer", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + }, + }, + false + ); + + expect(permissions.hasPermission("manageFeatures", "project2")).toEqual( + false + ); + }); + + it("hasPermission should use global role if no project is specified", () => { + const permissions = new Permissions( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: { + project1: { + permissions: roleToPermissionMap("engineer", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + }, + }, + false + ); + + expect(permissions.hasPermission("manageFeatures", "")).toEqual(false); + }); + + it("hasPermission should return false if user doesn't have env permission", () => { + const permissions = new Permissions( + { + global: { + permissions: roleToPermissionMap("engineer", testOrg), + limitAccessByEnvironment: true, + environments: ["dev"], + }, + projects: {}, + }, + false + ); + + expect(permissions.hasPermission("publishFeatures", "", ["prod"])).toEqual( + false + ); + }); + + it("hasPermission should return false if user doesn't have env permission", () => { + const permissions = new Permissions( + { + global: { + permissions: roleToPermissionMap("engineer", testOrg), + limitAccessByEnvironment: true, + environments: ["dev"], + }, + projects: {}, + }, + false + ); + + expect(permissions.hasPermission("publishFeatures", "", ["dev"])).toEqual( + true + ); + }); +}); + +// checkProjectFilterPermission +describe("checkProjectFilterPermission", () => { + class MockPermissionsHasPermissionsReturnsFalse extends Permissions { + public constructor() { + super( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: { + project1: { + permissions: roleToPermissionMap("readonly", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + project2: { + permissions: roleToPermissionMap("readonly", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + }, + }, + false + ); + + this.hasPermission = jest.fn(() => false); + } + } + + class MockPermissionsHasPermissionsReturnsTrue extends Permissions { + public constructor() { + super( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: { + project1: { + permissions: roleToPermissionMap("readonly", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + project2: { + permissions: roleToPermissionMap("readonly", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + }, + }, + false + ); + + this.hasPermission = jest.fn(() => true); + } + } + it("Calls this.hasPermission once with the correct parameters & correct number of times for non READ_ONLY_PERMISSION and 1 project", () => { + const p = new MockPermissionsHasPermissionsReturnsFalse(); + expect( + p.checkProjectFilterPermission({ projects: ["a"] }, "manageFeatures") + ); + expect(p.hasPermission).toBeCalledTimes(1); + expect(p.hasPermission).toHaveBeenCalledWith("manageFeatures", "a"); + }); + + it("Calls this.hasPermission 4 times for non READ_ONLY_PERMISSION and 4 project", () => { + const p = new MockPermissionsHasPermissionsReturnsTrue(); + expect( + p.checkProjectFilterPermission( + { projects: ["a", "b", "c", "d"] }, + "manageFeatures" + ) + ); + expect(p.hasPermission).toBeCalledTimes(4); + }); + + it("Calls this.hasPermission 3 times for READ_ONLY_PERMISSION and 4 project", () => { + const p = new MockPermissionsHasPermissionsReturnsFalse(); + expect(p.checkProjectFilterPermission({}, "runQueries")); + expect(p.hasPermission).toBeCalledTimes(3); + }); +}); + +// checkProjectFilerUpdatePermission + +// checkGlobalPermission +describe("checkGlobalPermission", () => { + class MockPermissions extends Permissions { + public constructor() { + super( + { + global: { + permissions: roleToPermissionMap("noaccess", testOrg), + limitAccessByEnvironment: false, + environments: [], + }, + projects: {}, + }, + false + ); + + this.hasPermission = jest.fn(() => true); + } + } + + it("Calls this.hasPermission with the correct paramters", () => { + const p = new MockPermissions(); + expect(p.checkGlobalPermission("createDimensions")); + expect(p.hasPermission).toBeCalledTimes(1); + expect(p.hasPermission).toHaveBeenCalledWith("createDimensions", ""); + }); +}); diff --git a/packages/shared/src/permissions/permissionsClass.ts b/packages/shared/src/permissions/permissionsClass.ts index 6d7c49d1d470..4c65a0929229 100644 --- a/packages/shared/src/permissions/permissionsClass.ts +++ b/packages/shared/src/permissions/permissionsClass.ts @@ -514,15 +514,11 @@ export class Permissions { ); } - private checkGlobalPermission(permissionToCheck: GlobalPermission): boolean { - if (this.superAdmin) { - return true; - } - - return this.userPermissions.global.permissions[permissionToCheck] || false; + public checkGlobalPermission(permissionToCheck: GlobalPermission): boolean { + return this.hasPermission(permissionToCheck, ""); } - private checkProjectFilterPermission( + public checkProjectFilterPermission( obj: { projects?: string[] }, permission: ProjectScopedPermission ): boolean { @@ -543,7 +539,7 @@ export class Permissions { return projects.every((project) => this.hasPermission(permission, project)); } - private checkProjectFilterUpdatePermission( + public checkProjectFilterUpdatePermission( existing: { projects?: string[] }, updates: { projects?: string[] }, permission: ProjectScopedPermission @@ -563,7 +559,7 @@ export class Permissions { return true; } - private hasPermission( + public hasPermission( permissionToCheck: Permission, project: string, envs?: string[]