-
-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(core): Allow Roles to be created in other channels
Relates to #12
- Loading branch information
1 parent
6fc421a
commit df5f006
Showing
11 changed files
with
267 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,17 +6,21 @@ import path from 'path'; | |
import { dataDir, TEST_SETUP_TIMEOUT_MS, testConfig } from './config/test-config'; | ||
import { initialData } from './fixtures/e2e-initial-data'; | ||
import { | ||
CreateAdministrator, | ||
CreateChannel, | ||
CreateRole, | ||
CurrencyCode, | ||
LanguageCode, | ||
Me, | ||
Permission, | ||
} from './graphql/generated-e2e-admin-types'; | ||
import { ME } from './graphql/shared-definitions'; | ||
import { CREATE_ADMINISTRATOR, CREATE_ROLE, ME } from './graphql/shared-definitions'; | ||
import { assertThrowsWithMessage } from './utils/assert-throws-with-message'; | ||
|
||
describe('Channels', () => { | ||
const { server, adminClient, shopClient } = createTestEnvironment(testConfig); | ||
const SECOND_CHANNEL_TOKEN = 'second_channel_token'; | ||
let secondChannelAdminRole: CreateRole.CreateRole; | ||
|
||
beforeAll(async () => { | ||
await server.init({ | ||
|
@@ -67,10 +71,117 @@ describe('Channels', () => { | |
it('superadmin has all permissions on new channel', async () => { | ||
const { me } = await adminClient.query<Me.Query>(ME); | ||
|
||
expect(me!.channels.length).toBe(2); | ||
|
||
const secondChannelData = me!.channels.find(c => c.token === SECOND_CHANNEL_TOKEN); | ||
const nonOwnerPermissions = Object.values(Permission).filter(p => p !== Permission.Owner); | ||
expect(secondChannelData!.permissions).toEqual(nonOwnerPermissions); | ||
}); | ||
|
||
it('createRole on second Channel', async () => { | ||
const { createRole } = await adminClient.query<CreateRole.Mutation, CreateRole.Variables>( | ||
CREATE_ROLE, | ||
{ | ||
input: { | ||
description: 'second channel admin', | ||
code: 'second-channel-admin', | ||
channelId: 'T_2', | ||
permissions: [ | ||
Permission.ReadCatalog, | ||
Permission.ReadSettings, | ||
Permission.ReadAdministrator, | ||
Permission.CreateAdministrator, | ||
Permission.UpdateAdministrator, | ||
], | ||
}, | ||
}, | ||
); | ||
|
||
expect(createRole.channels).toEqual([ | ||
{ | ||
id: 'T_2', | ||
code: 'second-channel', | ||
token: SECOND_CHANNEL_TOKEN, | ||
}, | ||
]); | ||
|
||
secondChannelAdminRole = createRole; | ||
}); | ||
|
||
it('createAdministrator with second-channel-admin role', async () => { | ||
const { createAdministrator } = await adminClient.query< | ||
CreateAdministrator.Mutation, | ||
CreateAdministrator.Variables | ||
>(CREATE_ADMINISTRATOR, { | ||
input: { | ||
firstName: 'Admin', | ||
lastName: 'Two', | ||
emailAddress: '[email protected]', | ||
password: 'test', | ||
roleIds: [secondChannelAdminRole.id], | ||
}, | ||
}); | ||
|
||
expect(createAdministrator.user.roles.map(r => r.description)).toEqual(['second channel admin']); | ||
}); | ||
|
||
it( | ||
'cannot create role on channel for which admin does not have CreateAdministrator permission', | ||
assertThrowsWithMessage(async () => { | ||
await adminClient.asUserWithCredentials('[email protected]', 'test'); | ||
await adminClient.query<CreateRole.Mutation, CreateRole.Variables>(CREATE_ROLE, { | ||
input: { | ||
description: 'read default channel catalog', | ||
code: 'read default channel catalog', | ||
channelId: 'T_1', | ||
permissions: [Permission.ReadCatalog], | ||
}, | ||
}); | ||
}, 'You are not currently authorized to perform this action'), | ||
); | ||
|
||
it('can create role on channel for which admin has CreateAdministrator permission', async () => { | ||
const { createRole } = await adminClient.query<CreateRole.Mutation, CreateRole.Variables>( | ||
CREATE_ROLE, | ||
{ | ||
input: { | ||
description: 'read second channel catalog', | ||
code: 'read-second-channel-catalog', | ||
channelId: 'T_2', | ||
permissions: [Permission.ReadCatalog], | ||
}, | ||
}, | ||
); | ||
|
||
expect(createRole.channels).toEqual([ | ||
{ | ||
id: 'T_2', | ||
code: 'second-channel', | ||
token: SECOND_CHANNEL_TOKEN, | ||
}, | ||
]); | ||
}); | ||
|
||
it('createRole with no channelId implicitly uses active channel', async () => { | ||
const { createRole } = await adminClient.query<CreateRole.Mutation, CreateRole.Variables>( | ||
CREATE_ROLE, | ||
{ | ||
input: { | ||
description: 'update second channel catalog', | ||
code: 'update-second-channel-catalog', | ||
permissions: [Permission.UpdateCatalog], | ||
}, | ||
}, | ||
); | ||
|
||
expect(createRole.channels).toEqual([ | ||
{ | ||
id: 'T_2', | ||
code: 'second-channel', | ||
token: SECOND_CHANNEL_TOKEN, | ||
}, | ||
]); | ||
}); | ||
}); | ||
|
||
const CREATE_CHANNEL = gql` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
packages/core/src/service/helpers/utils/get-user-channels-permissions.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
import { Permission } from '@vendure/common/lib/generated-types'; | ||
import { ID } from '@vendure/common/lib/shared-types'; | ||
import { unique } from '@vendure/common/lib/unique'; | ||
|
||
import { User } from '../../../entity/user/user.entity'; | ||
|
||
export interface UserChannelPermissions { | ||
id: ID; | ||
token: string; | ||
code: string; | ||
permissions: Permission[]; | ||
} | ||
|
||
/** | ||
* Returns an array of Channels and permissions on those Channels for the given User. | ||
*/ | ||
export function getUserChannelsPermissions(user: User): UserChannelPermissions[] { | ||
const channelsMap: { [code: string]: UserChannelPermissions } = {}; | ||
|
||
for (const role of user.roles) { | ||
for (const channel of role.channels) { | ||
if (!channelsMap[channel.code]) { | ||
channelsMap[channel.code] = { | ||
id: channel.id, | ||
token: channel.token, | ||
code: channel.code, | ||
permissions: [], | ||
}; | ||
} | ||
channelsMap[channel.code].permissions = unique([ | ||
...channelsMap[channel.code].permissions, | ||
...role.permissions, | ||
]); | ||
} | ||
} | ||
|
||
return Object.values(channelsMap); | ||
} |
Oops, something went wrong.