Add tests for custom rule in Object Scope Authorization

jungsoft · Oct 18, 2019 · 6b667a4 · 6b667a4
1 parent 30fa409
commit 6b667a4
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/test/middlewares/object_scope_authorization_test.exs b/test/middlewares/object_scope_authorization_test.exs
@@ -42,6 +42,7 @@ defmodule Rajska.ObjectScopeAuthorizationTest do
     def has_user_access?(%{role: :admin}, User, _field, :default), do: true
     def has_user_access?(%{id: user_id}, User, {:id, id}, :default) when user_id === id, do: true
     def has_user_access?(_current_user, User, _field, :default), do: false
+    def has_user_access?(_crreutn_user, User, _field, :object), do: false
 
     def has_user_access?(%{role: :admin}, Company, _field, :default), do: true
     def has_user_access?(%{id: user_id}, Company, {:user_id, company_user_id}, :default) when user_id === company_user_id, do: true
@@ -131,6 +132,12 @@ defmodule Rajska.ObjectScopeAuthorizationTest do
           {:ok, nil}
         end
       end
+
+      field :user_query_with_rule, :user_rule do
+        resolve fn _args, _ ->
+          {:ok, %User{id: 1}}
+        end
+      end
     end
 
     object :user do
@@ -163,6 +170,13 @@ defmodule Rajska.ObjectScopeAuthorizationTest do
     object :not_scoped do
       field :name, :string
     end
+
+    object :user_rule do
+      meta :scope_by, :id
+      meta :rule, :object
+
+      field :id, :integer
+    end
   end
 
   test "Only user with same ID and admin has access to scoped user" do
@@ -287,6 +301,16 @@ defmodule Rajska.ObjectScopeAuthorizationTest do
     refute Map.has_key?(result, :errors)
   end
 
+  test "accepts a meta rule" do
+    assert {:ok, %{errors: errors}} = run_pipeline(user_query_with_rule(), context(:admin, 1))
+    assert [
+      %{
+        locations: [%{column: 0, line: 2}],
+        message: "Not authorized to access object user_rule",
+      }
+    ] == errors
+  end
+
   test "Raises when no meta scope_by is defined for an object" do
     assert_raise RuntimeError, ~r/No meta scope_by defined for object :not_scoped/, fn ->
       assert {:ok, _result} = run_pipeline(object_not_scoped_query(2), context(:user, 2))
@@ -424,6 +448,16 @@ defmodule Rajska.ObjectScopeAuthorizationTest do
     """
   end
 
+  defp user_query_with_rule do
+    """
+    {
+      userQueryWithRule {
+        id
+      }
+    }
+    """
+  end
+
   defp context(role, id), do: [context: %{current_user: %{role: role, id: id}}]
 
   defp run_pipeline(document, opts) do