Skip to content

Commit

Permalink
Merge pull request #3989 from moshemal/issue-3988
Browse files Browse the repository at this point in the history 
Use done function for multiple async assertions
  • Loading branch information
@bajtos
bajtos authored Sep 17, 2018
2 parents fa644d6 + 186ae2a commit 0bb7cd6
Showing 1 changed file with 118 additions and 123 deletions.
241 changes: 118 additions & 123 deletions test/acl.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,11 @@ var Role = loopback.Role;
var RoleMapping = loopback.RoleMapping;
var User = loopback.User;
var testModel;
var async = require('async');

// Speed up the password hashing algorithm for tests
User.settings.saltWorkFactor = 4;

function checkResult(err, result) {
// console.log(err, result);
assert(!err);
}

var ds = null;
before(function() {
ds = loopback.createDataSource({connector: loopback.Memory});
Expand All @@ -48,22 +44,27 @@ describe('security scopes', function() {
testModel.attachTo(ds);
});

it('should allow access to models for the given scope by wildcard', function() {
it('should allow access to models for the given scope by wildcard', function(done) {
Scope.create({name: 'userScope', description: 'access user information'},
function(err, scope) {
ACL.create({
principalType: ACL.SCOPE, principalId: scope.id,
model: 'User', property: ACL.ALL,
accessType: ACL.ALL, permission: ACL.ALLOW,
}, function(err, resource) {
Scope.checkPermission('userScope', 'User', ACL.ALL, ACL.ALL, checkResult);
Scope.checkPermission('userScope', 'User', 'name', ACL.ALL, checkResult);
Scope.checkPermission('userScope', 'User', 'name', ACL.READ, checkResult);
async.parallel([
cb => Scope.checkPermission('userScope', 'User', ACL.ALL, ACL.ALL, cb),
cb => Scope.checkPermission('userScope', 'User', 'name', ACL.ALL, cb),
cb => Scope.checkPermission('userScope', 'User', 'name', ACL.READ, cb),
], (err) => {
assert.ifError(err);
done();
});
});
});
});

it('should allow access to models for the given scope', function() {
it('should allow access to models for the given scope', function(done) {
Scope.create({name: 'testModelScope', description: 'access testModel information'},
function(err, scope) {
ACL.create({
Expand All @@ -75,23 +76,21 @@ describe('security scopes', function() {
model: 'testModel', property: 'name',
accessType: ACL.WRITE, permission: ACL.DENY,
}, function(err, resource) {
// console.log(resource);
Scope.checkPermission('testModelScope', 'testModel', ACL.ALL, ACL.ALL,
function(err, perm) {
assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
});
Scope.checkPermission('testModelScope', 'testModel', 'name', ACL.ALL,
function(err, perm) {
assert(perm.permission === ACL.DENY); // because name.WRITE == DENY
});
Scope.checkPermission('testModelScope', 'testModel', 'name', ACL.READ,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});
Scope.checkPermission('testModelScope', 'testModel', 'name', ACL.WRITE,
function(err, perm) {
assert(perm.permission === ACL.DENY);
});
async.parallel([
cb => Scope.checkPermission('testModelScope', 'testModel', ACL.ALL, ACL.ALL, cb),
cb => Scope.checkPermission('testModelScope', 'testModel', 'name', ACL.ALL, cb),
cb => Scope.checkPermission('testModelScope', 'testModel', 'name', ACL.READ, cb),
cb => Scope.checkPermission('testModelScope', 'testModel', 'name', ACL.WRITE, cb),
], (err, perms) => {
if (err) return done(err);
assert.deepEqual(perms.map(p => p.permission), [
ACL.DENY,
ACL.DENY,
ACL.ALLOW,
ACL.DENY,
]);
done();
});
});
});
});
Expand Down Expand Up @@ -221,7 +220,7 @@ describe('security ACLs', function() {
methodNames: []});
});

it('should allow access to models for the given principal by wildcard', function() {
it('should allow access to models for the given principal by wildcard', function(done) {
// jscs:disable validateIndentation
ACL.create({
principalType: ACL.USER, principalId: 'u001', model: 'User', property: ACL.ALL,
Expand All @@ -231,18 +230,22 @@ describe('security ACLs', function() {
principalType: ACL.USER, principalId: 'u001', model: 'User', property: ACL.ALL,
accessType: ACL.READ, permission: ACL.DENY,
}, function(err, acl) {
ACL.checkPermission(ACL.USER, 'u001', 'User', 'name', ACL.READ, function(err, perm) {
assert(perm.permission === ACL.DENY);
});

ACL.checkPermission(ACL.USER, 'u001', 'User', 'name', ACL.ALL, function(err, perm) {
assert(perm.permission === ACL.DENY);
async.parallel([
cb => ACL.checkPermission(ACL.USER, 'u001', 'User', 'name', ACL.READ, cb),
cb => ACL.checkPermission(ACL.USER, 'u001', 'User', 'name', ACL.ALL, cb),
], (err, perms) => {
if (err) return done(err);
assert.deepEqual(perms.map(p => p.permission), [
ACL.DENY,
ACL.DENY,
]);
done();
});
});
});
});

it('should allow access to models by exception', function() {
it('should allow access to models by exception', function(done) {
ACL.create({
principalType: ACL.USER, principalId: 'u001', model: 'testModel', property: ACL.ALL,
accessType: ACL.ALL, permission: ACL.DENY,
Expand All @@ -255,41 +258,31 @@ describe('security ACLs', function() {
principalType: ACL.USER, principalId: 'u002', model: 'testModel', property: ACL.ALL,
accessType: ACL.EXECUTE, permission: ACL.ALLOW,
}, function(err, acl) {
ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.READ,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});

ACL.checkPermission(ACL.USER, 'u001', 'testModel', ACL.ALL, ACL.READ,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});

ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.WRITE,
function(err, perm) {
assert(perm.permission === ACL.DENY);
});

ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.ALL,
function(err, perm) {
assert(perm.permission === ACL.DENY);
});

ACL.checkPermission(ACL.USER, 'u002', 'testModel', 'name', ACL.WRITE,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});

ACL.checkPermission(ACL.USER, 'u002', 'testModel', 'name', ACL.READ,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});
async.parallel([
cb => ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.READ, cb),
cb => ACL.checkPermission(ACL.USER, 'u001', 'testModel', ACL.ALL, ACL.READ, cb),
cb => ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.WRITE, cb),
cb => ACL.checkPermission(ACL.USER, 'u001', 'testModel', 'name', ACL.ALL, cb),
cb => ACL.checkPermission(ACL.USER, 'u002', 'testModel', 'name', ACL.WRITE, cb),
cb => ACL.checkPermission(ACL.USER, 'u002', 'testModel', 'name', ACL.READ, cb),
], (err, perms) => {
if (err) return done(err);
assert.deepEqual(perms.map(p => p.permission), [
ACL.ALLOW,
ACL.ALLOW,
ACL.DENY,
ACL.DENY,
ACL.ALLOW,
ACL.ALLOW,
]);
done();
});
});
});
});
});

it('should honor defaultPermission from the model', function() {
it('should honor defaultPermission from the model', function(done) {
var Customer = ds.createModel('Customer', {
name: {
type: String,
Expand All @@ -310,21 +303,22 @@ describe('security ACLs', function() {
// ACL default permission is to DENY for model Customer
Customer.settings.defaultPermission = ACL.DENY;

ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.WRITE,
function(err, perm) {
assert(perm.permission === ACL.DENY);
});

ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.READ, function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});

ACL.checkPermission(ACL.USER, 'u002', 'Customer', 'name', ACL.WRITE, function(err, perm) {
assert(perm.permission === ACL.DENY);
async.parallel([
cb => ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.WRITE, cb),
cb => ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.READ, cb),
cb => ACL.checkPermission(ACL.USER, 'u002', 'Customer', 'name', ACL.WRITE, cb),
], (err, perms) => {
if (err) return done(err);
assert.deepEqual(perms.map(p => p.permission), [
ACL.DENY,
ACL.ALLOW,
ACL.DENY,
]);
done();
});
});

it('should honor static ACLs from the model', function() {
it('should honor static ACLs from the model', function(done) {
var Customer = ds.createModel('Customer', {
name: {
type: String,
Expand Down Expand Up @@ -352,30 +346,23 @@ describe('security ACLs', function() {
];
*/

ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.WRITE,
function(err, perm) {
assert(perm.permission === ACL.DENY);
});

ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.READ,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});

ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.ALL,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});

ACL.checkPermission(ACL.USER, 'u002', 'Customer', 'name', ACL.READ,
function(err, perm) {
assert(perm.permission === ACL.ALLOW);
});

ACL.checkPermission(ACL.USER, 'u003', 'Customer', 'name', ACL.WRITE,
function(err, perm) {
assert(perm.permission === ACL.DENY);
});
async.parallel([
cb => ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.WRITE, cb),
cb => ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.READ, cb),
cb => ACL.checkPermission(ACL.USER, 'u001', 'Customer', 'name', ACL.ALL, cb),
cb => ACL.checkPermission(ACL.USER, 'u002', 'Customer', 'name', ACL.READ, cb),
cb => ACL.checkPermission(ACL.USER, 'u003', 'Customer', 'name', ACL.WRITE, cb),
], (err, perms) => {
if (err) return done(err);
assert.deepEqual(perms.map(p => p.permission), [
ACL.DENY,
ACL.ALLOW,
ACL.ALLOW,
ACL.ALLOW,
ACL.DENY,
]);
done();
});
});

it('should filter static ACLs by model/property', function() {
Expand Down Expand Up @@ -411,7 +398,7 @@ describe('security ACLs', function() {
assert(staticACLs[0].property === 'findById');
});

it('should check access against LDL, ACL, and Role', function() {
it('should check access against LDL, ACL, and Role', function(done) {
// var log = console.log;
var log = function() {};

Expand Down Expand Up @@ -461,27 +448,35 @@ describe('security ACLs', function() {
}, function(err, acl) {
log('ACL 2: ', acl.toObject());

ACL.checkAccessForContext({
principals: [
{type: ACL.USER, id: userId},
],
model: 'Customer',
property: 'name',
accessType: ACL.READ,
}, function(err, access) {
assert(!err && access.permission === ACL.ALLOW);
});

ACL.checkAccessForContext({
principals: [
{type: ACL.ROLE, id: Role.EVERYONE},
],
model: 'Customer',
property: 'name',
accessType: ACL.READ,
}, function(err, access) {
assert(!err && access.permission === ACL.DENY);
});
async.parallel([
cb => {
ACL.checkAccessForContext({
principals: [
{type: ACL.USER, id: userId},
],
model: 'Customer',
property: 'name',
accessType: ACL.READ,
}, function(err, access) {
assert.ifError(err);
assert.equal(access.permission, ACL.ALLOW);
cb();
});
},
cb => {
ACL.checkAccessForContext({
principals: [
{type: ACL.ROLE, id: Role.EVERYONE},
],
model: 'Customer',
property: 'name',
accessType: ACL.READ,
}, function(err, access) {
assert.ifError(err);
assert.equal(access.permission, ACL.DENY);
cb();
});
}], done);
});
});
});
Expand Down

0 comments on commit 0bb7cd6

Please sign in to comment.