added and fixed tests

chrismatix · chrismatix · commit afa614f9f0eb · 2018-01-18T10:41:41.000+01:00
diff --git a/.npmignore b/.npmignore
@@ -0,0 +1,2 @@
+test/
+README.md
diff --git a/.travis.yml b/.travis.yml
@@ -0,0 +1,4 @@
+language: node_js
+node_js:
+    - "6.11"
+script: npm test
diff --git a/index.js b/index.js
@@ -22,18 +22,20 @@ module.exports = function (schema) {
         update(this, next);
     });
 
+    schema.query.setAuthLevel = function(authLevel) {
+        this.options.authLevel = authLevel;
+        return this;
+    };
+
     function hasPermission(vm, action) {
-        if (!vm.schema.permissions[vm.options.authLevel]) {
-            return false;
-        }
         var authLevel = vm.options.authLevel;
 
         if (Array.isArray(authLevel)) {
             return authLevel.filter(function (level) {
-                return !!vm.schema.permissions[level][action];
+                return vm.schema.permissions[level] && !!vm.schema.permissions[level][action];
             }).length > 0;
         } else {
-            return vm.schema.permissions[authLevel][action];
+            return vm.schema.permissions[authLevel] && vm.schema.permissions[authLevel][action];
         }
     }
 
@@ -92,7 +94,7 @@ module.exports = function (schema) {
         var vm = schema;
         var authorizedFields = [];
         if (authOptionPresent(vm)) {
-            if (vm.schema.permissions[vm.options.authLevel] && vm.schema.permissions[vm.options.authLevel].read) {
+            if (hasPermission(vm, 'read')) {
                 //check to see if the group has any read permissions and add to the authorizedFields array
                 authorizedFields = authorizedFields.concat(getAuthorizedFields(vm, 'read'));
             }
@@ -136,7 +138,7 @@ module.exports = function (schema) {
                     reason: 'you do not have access to the following permissions: [save]'
                 });
             }
-            if (vm.schema.permissions[vm.options.authLevel] && vm.schema.permissions[vm.options.authLevel].write) {
+            if (hasPermission(vm, 'write')) {
                 //check to see if group has any write permissions and add to the authorizedFields array
                 authorizedFields = authorizedFields.concat(getAuthorizedFields(vm, 'write'));
             }
@@ -162,7 +164,7 @@ module.exports = function (schema) {
             } else {
 
                 //Detect which fields can be returned if 'new: true' is set
-                if (vm.schema.permissions[vm.options.authLevel] && vm.schema.permissions[vm.options.authLevel].read) {
+                if (hasPermission(vm, 'read')) {
 
                     //check to see if the group has any read permissions and add to the authorizedFields array
                     authorizedReturnFields = authorizedReturnFields.concat(getAuthorizedFields(vm, 'read'));
diff --git a/package.json b/package.json
@@ -4,7 +4,7 @@
   "description": "Data level authorization for Mongoose",
   "main": "index.js",
   "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "nodeunit test/*.test.js"
   },
   "repository": {
     "type": "git",
@@ -33,5 +33,15 @@
   "homepage": "https://github.com/352Media/mongoose-authorization#readme",
   "dependencies": {
     "lodash": "^3.10.1"
+  },
+  "peerDependencies": {
+    "mongoose": "^4.5.0"
+  },
+  "devDependencies": {
+    "async": "^2.6.0",
+    "mongodb": "^3.0.1",
+    "mongoose": "^4.13.9",
+    "nodeunit": "^0.11.2",
+    "uuid": "^3.2.1"
   }
 }
diff --git a/test/index.test.js b/test/index.test.js
@@ -0,0 +1,132 @@
+'use strict';
+
+var mongoose = require('mongoose');
+var lodash = require('lodash');
+var async = require('async');
+var User = require('./user.schema');
+
+var dbUri = 'mongodb://localhost:27017/mongooseAuthorization';
+
+var userSeed = {
+    email: 'foo@test.com',
+    first_name: 'Archer',
+    last_name: 'Sterling',
+    password: 'guest',
+    last_login_date: new Date(),
+    login_attempts: 1,
+    avatar: 'http://someurl.com'
+  };
+
+var userValues;
+
+var permissions = User.schema.permissions;
+
+var levelPermissions = Object.assign({}, permissions);
+
+delete levelPermissions.defaults;
+
+mongoose.connect(dbUri);
+mongoose.connection.on('error', function(err) {
+    console.error('Failed to connect to mongo at ' + dbUri);
+    console.error('MongoDB connection error: ' + err);
+    throw err;
+  });
+
+module.exports = {
+    setUp: function(callback) {
+        User.remove({}, function(error) {
+            if (error) {
+              callback(error);
+            }
+
+            User.create(userSeed, function(error, user) {
+                userValues = user.toJSON();
+                callback(error);
+              });
+          });
+      },
+
+    'should return everything for no authLevel': function(test) {
+        User.findOne({})
+            .exec()
+            .then(function(user) {
+                test.ok(user);
+
+                Object.keys(userValues).forEach(function(pathKey) {
+                    test.deepEqual(user[pathKey], userValues[pathKey]);
+                  });
+
+                test.done();
+              }).catch(test.done);
+      },
+
+    'should only return projection for authLevel merged with defaults': function(test) {
+
+        function testAuthLevel(fields, level, callback) {
+          fields = fields.read.concat(permissions.defaults.read);
+          User.findOne({}, null, {authLevel: level})
+              .exec()
+              .then(function(user) {
+                  test.ok(user);
+
+                  fields.forEach(function(field) {
+                      test.deepEqual(user[field], userValues[field]);
+                    });
+
+                  var returnedKeys = Object.keys(user.toJSON());
+                  test.equal(lodash.difference(returnedKeys, fields).length, 0);
+
+                  callback();
+                }).catch(callback);
+        }
+
+        async.forEachOf(levelPermissions, testAuthLevel, test.done);
+      },
+
+    'should work with query extension function': function(test) {
+
+        function testAuthLevel(fields, level, callback) {
+          fields = fields.read.concat(permissions.defaults.read);
+          User.findOne({})
+              .setAuthLevel(level)
+              .exec()
+              .then(function(user) {
+                  test.ok(user);
+
+                  fields.forEach(function(field) {
+                      test.deepEqual(user[field], userValues[field]);
+                    });
+
+                  var returnedKeys = Object.keys(user.toJSON());
+                  test.equal(lodash.difference(returnedKeys, fields).length, 0);
+
+                  callback();
+                }).catch(callback);
+        }
+
+        async.forEachOf(levelPermissions, testAuthLevel, test.done);
+      },
+
+    'should merge authLevels if they are arrays': function(test) {
+        User.findOne({}, null, {authLevel: ['admin', 'owner']})
+            .exec()
+            .then(function(user) {
+                test.ok(user);
+
+                var fields = levelPermissions.admin.read.concat(
+                    levelPermissions.owner.read
+                ).concat(permissions.defaults.read);
+
+                fields.forEach(function(field) {
+                    console.log(field, ' : ', user[field]);
+                    test.deepEqual(user[field], userValues[field]);
+                  });
+
+                var returnedKeys = Object.keys(user.toJSON());
+                test.equal(lodash.difference(returnedKeys, fields).length, 0);
+
+                test.done();
+              }).catch(test.done);
+      }
+  };
+
diff --git a/test/user.schema.js b/test/user.schema.js
@@ -0,0 +1,70 @@
+'use strict';
+
+var mongoose = require('mongoose');
+var uuid = require('uuid');
+
+var userSchema = new mongoose.Schema({
+    user_id: {
+        type: String,
+        required: true,
+        unique: true,
+        default: uuid.v4()
+      },
+    email: {
+        type: String,
+        required: true,
+        unique: true
+      },
+    first_name: {
+        type: String,
+        required: true
+      },
+    last_name: {
+        type: String,
+        required: true
+      },
+    password: String,
+    login_attempts: {
+        type: Number,
+        default: 0
+      },
+    avatar: {
+        type: String
+      },
+    last_login_date: {
+        type: Date
+      },
+    status: {
+        type: String,
+        required: true,
+        default: 'active'
+      }
+  });
+
+/*
+ * Make sure you add this before compiling your model
+ */
+userSchema.permissions = {
+    defaults: {
+        read: ['_id', 'user_id', 'email', 'first_name', 'last_name', 'avatar']
+      },
+    admin: {
+        read: ['status'],
+        write: ['status'],
+        save: true
+      },
+    owner: {
+        read: ['last_login_date'],
+        write: ['email', 'first_name', 'last_name', 'avatar'],
+        remove: true
+      }
+  };
+
+userSchema.plugin(require('../'));
+
+/*
+ * Compile model
+ */
+var users = mongoose.model('users', userSchema);
+
+module.exports = users;
