| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192 |
- import { mergeConfig } from '@vendure/core';
- import path from 'path';
- import { afterAll, beforeAll, describe, expect, it } from 'vitest';
- import { initialData } from '../../../e2e-common/e2e-initial-data';
- import { TEST_SETUP_TIMEOUT_MS, testConfig } from '../../../e2e-common/test-config';
- import { createTestEnvironment } from '../../testing/lib/create-test-environment';
- import {
- sync,
- TestPluginWithCustomPermissions,
- wishlist,
- } from './fixtures/test-plugins/with-custom-permissions';
- import {
- crudCreateDocument,
- crudDeleteDocument,
- crudReadDocument,
- crudUpdateDocument,
- syncCustomPermissionsDocument,
- } from './graphql/admin-definitions';
- import { ResultOf } from './graphql/graphql-admin';
- import {
- createAdministratorDocument,
- createRoleDocument,
- updateRoleDocument,
- } from './graphql/shared-definitions';
- import { assertThrowsWithMessage } from './utils/assert-throws-with-message';
- describe('Custom permissions', () => {
- const { server, adminClient } = createTestEnvironment(
- mergeConfig(testConfig(), {
- plugins: [TestPluginWithCustomPermissions],
- }),
- );
- let testRole: ResultOf<typeof createRoleDocument>['createRole'];
- let testAdmin: ResultOf<typeof createAdministratorDocument>['createAdministrator'];
- beforeAll(async () => {
- await server.init({
- initialData,
- productsCsvPath: path.join(__dirname, 'fixtures/e2e-products-minimal.csv'),
- customerCount: 1,
- });
- await adminClient.asSuperAdmin();
- // create a new role and Admin and sign in as that Admin
- const { createRole } = await adminClient.query(createRoleDocument, {
- input: {
- channelIds: ['T_1'],
- code: 'test-role',
- description: 'Testing custom permissions',
- permissions: [],
- },
- });
- testRole = createRole;
- const { createAdministrator } = await adminClient.query(createAdministratorDocument, {
- input: {
- firstName: 'Test',
- lastName: 'Admin',
- emailAddress: 'test@admin.com',
- password: 'test',
- roleIds: [testRole.id],
- },
- });
- testAdmin = createAdministrator;
- }, TEST_SETUP_TIMEOUT_MS);
- afterAll(async () => {
- await server.destroy();
- });
- describe('superadmin has custom permissions automatically', () => {
- beforeAll(async () => {
- await adminClient.asSuperAdmin();
- });
- it('single permission', async () => {
- const { syncWishlist } = await adminClient.query(syncCustomPermissionsDocument);
- expect(syncWishlist).toBe(true);
- });
- it('CRUD create permission', async () => {
- const { createWishlist } = await adminClient.query(crudCreateDocument);
- expect(createWishlist).toBe(true);
- });
- it('CRUD read permission', async () => {
- // eslint-disable-next-line no-shadow,@typescript-eslint/no-shadow
- const { wishlist } = await adminClient.query(crudReadDocument);
- expect(wishlist).toBe(true);
- });
- it('CRUD update permission', async () => {
- const { updateWishlist } = await adminClient.query(crudUpdateDocument);
- expect(updateWishlist).toBe(true);
- });
- it('CRUD delete permission', async () => {
- const { deleteWishlist } = await adminClient.query(crudDeleteDocument);
- expect(deleteWishlist).toBe(true);
- });
- });
- describe('custom permissions prevent unauthorized access', () => {
- beforeAll(async () => {
- await adminClient.asUserWithCredentials(testAdmin.emailAddress, 'test');
- });
- it(
- 'single permission',
- assertThrowsWithMessage(async () => {
- await adminClient.query(syncCustomPermissionsDocument);
- }, 'You are not currently authorized to perform this action'),
- );
- it(
- 'CRUD create permission',
- assertThrowsWithMessage(async () => {
- await adminClient.query(crudCreateDocument);
- }, 'You are not currently authorized to perform this action'),
- );
- it(
- 'CRUD read permission',
- assertThrowsWithMessage(async () => {
- await adminClient.query(crudReadDocument);
- }, 'You are not currently authorized to perform this action'),
- );
- it(
- 'CRUD update permission',
- assertThrowsWithMessage(async () => {
- await adminClient.query(crudUpdateDocument);
- }, 'You are not currently authorized to perform this action'),
- );
- it(
- 'CRUD delete permission',
- assertThrowsWithMessage(async () => {
- await adminClient.query(crudDeleteDocument);
- }, 'You are not currently authorized to perform this action'),
- );
- });
- describe('adding permissions enables access', () => {
- beforeAll(async () => {
- await adminClient.asSuperAdmin();
- await adminClient.query(updateRoleDocument, {
- input: {
- id: testRole.id,
- permissions: [
- sync.Permission,
- wishlist.Create,
- wishlist.Read,
- wishlist.Update,
- wishlist.Delete,
- ],
- },
- });
- await adminClient.asUserWithCredentials(testAdmin.emailAddress, 'test');
- });
- it('single permission', async () => {
- const { syncWishlist } = await adminClient.query(syncCustomPermissionsDocument);
- expect(syncWishlist).toBe(true);
- });
- it('CRUD create permission', async () => {
- const { createWishlist } = await adminClient.query(crudCreateDocument);
- expect(createWishlist).toBe(true);
- });
- it('CRUD read permission', async () => {
- // eslint-disable-next-line no-shadow,@typescript-eslint/no-shadow
- const { wishlist } = await adminClient.query(crudReadDocument);
- expect(wishlist).toBe(true);
- });
- it('CRUD update permission', async () => {
- const { updateWishlist } = await adminClient.query(crudUpdateDocument);
- expect(updateWishlist).toBe(true);
- });
- it('CRUD delete permission', async () => {
- const { deleteWishlist } = await adminClient.query(crudDeleteDocument);
- expect(deleteWishlist).toBe(true);
- });
- });
- });
|
