feat: implement e2e test for CompanyResolver (#944)

* feat: wip e2e server test * feat: use github action postgres & use infra for local * feat: company e2e test * feat: add company e2e test for permissions * Simplify server e2e test run * Fix lint --------- Co-authored-by: Charles Bochet <charles@twenty.com>
2023-07-27 18:48:40 +02:00
parent 9027406fdf
commit 157e5b9a2e
25 changed files with 655 additions and 59 deletions
--- a/server/src/ability/ability.module.ts
+++ b/server/src/ability/ability.module.ts
@ -26,7 +26,7 @@ import {
 } from './handlers/workspace-member.ability-handler';
 import {
  ManageCompanyAbilityHandler,
-  ReadCompanyAbilityHandler,
+  ReadOneCompanyAbilityHandler,
  CreateCompanyAbilityHandler,
  UpdateCompanyAbilityHandler,
  DeleteCompanyAbilityHandler,
@ -124,7 +124,7 @@ import {
    DeleteWorkspaceMemberAbilityHandler,
    // Company
    ManageCompanyAbilityHandler,
-    ReadCompanyAbilityHandler,
+    ReadOneCompanyAbilityHandler,
    CreateCompanyAbilityHandler,
    UpdateCompanyAbilityHandler,
    DeleteCompanyAbilityHandler,
@ -208,7 +208,7 @@ import {
    DeleteWorkspaceMemberAbilityHandler,
    // Company
    ManageCompanyAbilityHandler,
-    ReadCompanyAbilityHandler,
+    ReadOneCompanyAbilityHandler,
    CreateCompanyAbilityHandler,
    UpdateCompanyAbilityHandler,
    DeleteCompanyAbilityHandler,
--- a/server/src/ability/ability.util.ts
+++ b/server/src/ability/ability.util.ts
@ -205,3 +205,42 @@ export async function relationAbilityChecker(

  return true;
 }
+
+const isWhereInput = (input: any): boolean => {
+  return Object.values(input).some((value) => typeof value === 'object');
+};
+
+type ExcludeUnique<T> = T extends infer U
+  ? 'AND' extends keyof U
+    ? U
+    : never
+  : never;
+
+/**
+ * Convert a where unique input to a where input prisma
+ * @param args Can be a where unique input or a where input
+ * @returns whare input
+ */
+export const convertToWhereInput = <T>(
+  where: T | undefined,
+): ExcludeUnique<T> | undefined => {
+  const input = where as any;
+
+  if (!input) {
+    return input;
+  }
+
+  // If it's already a WhereInput, return it directly
+  if (isWhereInput(input)) {
+    return input;
+  }
+
+  // If not convert it to a WhereInput
+  const whereInput = {};
+
+  for (const key in input) {
+    whereInput[key] = { equals: input[key] };
+  }
+
+  return whereInput as ExcludeUnique<T>;
+};
--- a/server/src/ability/handlers/company.ability-handler.ts
+++ b/server/src/ability/handlers/company.ability-handler.ts
@ -13,11 +13,15 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from 'src/ability/ability.action';
 import { AppAbility } from 'src/ability/ability.factory';
 import { CompanyWhereInput } from 'src/core/@generated/company/company-where.input';
-import { relationAbilityChecker } from 'src/ability/ability.util';
+import { CompanyWhereUniqueInput } from 'src/core/@generated/company/company-where-unique.input';
+import {
+  convertToWhereInput,
+  relationAbilityChecker,
+} from 'src/ability/ability.util';
 import { assert } from 'src/utils/assert';

 class CompanyArgs {
-  where?: CompanyWhereInput;
+  where?: CompanyWhereUniqueInput | CompanyWhereInput;
  [key: string]: any;
 }

@ -29,9 +33,18 @@ export class ManageCompanyAbilityHandler implements IAbilityHandler {
 }

@Injectable()
-export class ReadCompanyAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Read, 'Company');
+export class ReadOneCompanyAbilityHandler implements IAbilityHandler {
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CompanyArgs>();
+    const company = await this.prismaService.client.company.findFirst({
+      where: args.where,
+    });
+    assert(company, '', NotFoundException);
+
+    return ability.can(AbilityAction.Read, subject('Company', company));
  }
 }

@ -65,10 +78,11 @@ export class UpdateCompanyAbilityHandler implements IAbilityHandler {
  async handle(ability: AppAbility, context: ExecutionContext) {
    const gqlContext = GqlExecutionContext.create(context);
    const args = gqlContext.getArgs<CompanyArgs>();
-    const company = await this.prismaService.client.company.findFirst({
-      where: args.where,
+    const where = convertToWhereInput(args.where);
+    const companies = await this.prismaService.client.company.findMany({
+      where,
    });
-    assert(company, '', NotFoundException);
+    assert(companies.length, '', NotFoundException);

    const allowed = await relationAbilityChecker(
      'Company',
@ -81,7 +95,18 @@ export class UpdateCompanyAbilityHandler implements IAbilityHandler {
      return false;
    }

-    return ability.can(AbilityAction.Update, subject('Company', company));
+    for (const company of companies) {
+      const allowed = ability.can(
+        AbilityAction.Delete,
+        subject('Company', company),
+      );
+
+      if (!allowed) {
+        return false;
+      }
+    }
+
+    return true;
  }
 }

@ -92,11 +117,23 @@ export class DeleteCompanyAbilityHandler implements IAbilityHandler {
  async handle(ability: AppAbility, context: ExecutionContext) {
    const gqlContext = GqlExecutionContext.create(context);
    const args = gqlContext.getArgs<CompanyArgs>();
-    const company = await this.prismaService.client.company.findFirst({
-      where: args.where,
+    const where = convertToWhereInput(args.where);
+    const companies = await this.prismaService.client.company.findMany({
+      where,
    });
-    assert(company, '', NotFoundException);
+    assert(companies.length, '', NotFoundException);

-    return ability.can(AbilityAction.Delete, subject('Company', company));
+    for (const company of companies) {
+      const allowed = ability.can(
+        AbilityAction.Delete,
+        subject('Company', company),
+      );
+
+      if (!allowed) {
+        return false;
+      }
+    }
+
+    return true;
  }
 }
--- a/server/src/core/company/company.resolver.ts
+++ b/server/src/core/company/company.resolver.ts
@ -21,11 +21,12 @@ import { CheckAbilities } from 'src/decorators/check-abilities.decorator';
 import {
  CreateCompanyAbilityHandler,
  DeleteCompanyAbilityHandler,
-  ReadCompanyAbilityHandler,
+  ReadOneCompanyAbilityHandler,
  UpdateCompanyAbilityHandler,
 } from 'src/ability/handlers/company.ability-handler';
 import { UserAbility } from 'src/decorators/user-ability.decorator';
 import { AppAbility } from 'src/ability/ability.factory';
+import { FindUniqueCompanyArgs } from 'src/core/@generated/company/find-unique-company.args';

 import { CompanyService } from './company.service';

@ -36,7 +37,6 @@ export class CompanyResolver {

  @Query(() => [Company])
  @UseGuards(AbilityGuard)
-  @CheckAbilities(ReadCompanyAbilityHandler)
  async findManyCompany(
    @Args() args: FindManyCompanyArgs,
    @UserAbility() ability: AppAbility,
@ -60,19 +60,18 @@ export class CompanyResolver {

  @Query(() => Company)
  @UseGuards(AbilityGuard)
-  @CheckAbilities(ReadCompanyAbilityHandler)
+  @CheckAbilities(ReadOneCompanyAbilityHandler)
  async findUniqueCompany(
-    @Args('id') id: string,
-    @UserAbility() ability: AppAbility,
+    @Args() args: FindUniqueCompanyArgs,
    @PrismaSelector({ modelName: 'Company' })
    prismaSelect: PrismaSelect<'Company'>,
  ): Promise<Partial<Company>> {
-    return this.companyService.findUniqueOrThrow({
-      where: {
-        id: id,
-      },
+    const company = this.companyService.findUniqueOrThrow({
+      where: args.where,
      select: prismaSelect.value,
    });
+
+    return company;
  }

  @Mutation(() => Company, {
--- a/server/src/core/view/resolvers/view-field.resolver.spec.ts
+++ b/server/src/core/view/resolvers/view-field.resolver.spec.ts
@ -1,9 +1,9 @@
 import { Test, TestingModule } from '@nestjs/testing';

 import { ViewFieldService } from 'src/core/view/services/view-field.service';
+import { AbilityFactory } from 'src/ability/ability.factory';

 import { ViewFieldResolver } from './view-field.resolver';
-import { AbilityFactory } from 'src/ability/ability.factory';

 describe('ViewFieldResolver', () => {
  let resolver: ViewFieldResolver;
--- a/server/src/database/prisma.service.ts
+++ b/server/src/database/prisma.service.ts
@ -2,6 +2,7 @@ import {
  INestApplication,
  Injectable,
  Logger,
+  OnModuleDestroy,
  OnModuleInit,
 } from '@nestjs/common';

@ -20,7 +21,7 @@ const createPrismaClient = (options: Prisma.PrismaClientOptions) => {
 type ExtendedPrismaClient = ReturnType<typeof createPrismaClient>;

@Injectable()
-export class PrismaService implements OnModuleInit {
+export class PrismaService implements OnModuleInit, OnModuleDestroy {
  private readonly logger = new Logger(PrismaService.name);
  private prismaClient!: ExtendedPrismaClient;

@ -61,6 +62,10 @@ export class PrismaService implements OnModuleInit {
    await this.prismaClient.$connect();
  }

+  async onModuleDestroy(): Promise<void> {
+    await this.prismaClient.$disconnect();
+  }
+
  async enableShutdownHooks(app: INestApplication) {
    this.prismaClient.$on('beforeExit', async () => {
      await app.close();