[permissions] Enable permissionsV2 in seeds (#12623)
In this PR - enable permissions V2 in seeds - remove permission V2 toggle in tests
This commit is contained in:
Marie
@ -45,6 +45,11 @@ export const seedFeatureFlags = async (
|
||||
workspaceId: workspaceId,
|
||||
value: true,
|
||||
},
|
||||
{
|
||||
key: FeatureFlagKey.IS_PERMISSIONS_V2_ENABLED,
|
||||
workspaceId: workspaceId,
|
||||
value: true,
|
||||
},
|
||||
])
|
||||
.execute();
|
||||
};
|
||||
|
||||
@ -2,6 +2,7 @@ import { randomUUID } from 'node:crypto';
|
||||
|
||||
import { PERSON_GQL_FIELDS } from 'test/integration/constants/person-gql-fields.constants';
|
||||
import { createManyOperationFactory } from 'test/integration/graphql/utils/create-many-operation-factory.util';
|
||||
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
|
||||
@ -9,7 +10,6 @@ import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
|
||||
describe('createManyObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = createManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
@ -25,8 +25,7 @@ describe('createManyObjectRecordsPermissions', () => {
|
||||
],
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ createPeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
@ -56,6 +55,39 @@ describe('createManyObjectRecordsPermissions', () => {
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.createPeople).toBeDefined();
|
||||
expect(response.body.data.createPeople).toHaveLength(2);
|
||||
expect([
|
||||
response.body.data.createPeople[0].id,
|
||||
response.body.data.createPeople[1].id,
|
||||
]).toContain(personId1);
|
||||
expect([
|
||||
response.body.data.createPeople[0].id,
|
||||
response.body.data.createPeople[1].id,
|
||||
]).toContain(personId2);
|
||||
});
|
||||
|
||||
it('should create multiple object records when executed by api key', async () => {
|
||||
const personId1 = randomUUID();
|
||||
const personId2 = randomUUID();
|
||||
|
||||
const graphqlOperation = createManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: [
|
||||
{
|
||||
id: personId1,
|
||||
},
|
||||
{
|
||||
id: personId2,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.createPeople).toBeDefined();
|
||||
expect(response.body.data.createPeople).toHaveLength(2);
|
||||
@ -63,106 +95,3 @@ describe('createManyObjectRecordsPermissions', () => {
|
||||
expect(response.body.data.createPeople[1].id).toBe(personId2);
|
||||
});
|
||||
});
|
||||
|
||||
// describe('permissions V2 enabled', () => {
|
||||
// beforeAll(async () => {
|
||||
// const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
// SEED_APPLE_WORKSPACE_ID,
|
||||
// 'IS_PERMISSIONS_V2_ENABLED',
|
||||
// true,
|
||||
// );
|
||||
|
||||
// await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
// });
|
||||
|
||||
// afterAll(async () => {
|
||||
// const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
// SEED_APPLE_WORKSPACE_ID,
|
||||
// 'IS_PERMISSIONS_V2_ENABLED',
|
||||
// false,
|
||||
// );
|
||||
|
||||
// await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
// });
|
||||
|
||||
// it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
// const graphqlOperation = createManyOperationFactory({
|
||||
// objectMetadataSingularName: 'person',
|
||||
// objectMetadataPluralName: 'people',
|
||||
// gqlFields: PERSON_GQL_FIELDS,
|
||||
// data: [
|
||||
// {
|
||||
// id: randomUUID(),
|
||||
// },
|
||||
// {
|
||||
// id: randomUUID(),
|
||||
// },
|
||||
// ],
|
||||
// });
|
||||
|
||||
// const response =
|
||||
// await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
// expect(response.body.data).toStrictEqual({ createPeople: null });
|
||||
// expect(response.body.errors).toBeDefined();
|
||||
// expect(response.body.errors[0].message).toBe(
|
||||
// PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
// );
|
||||
// expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
// });
|
||||
|
||||
// it('should create multiple object records when user has permission (admin role)', async () => {
|
||||
// const personId1 = randomUUID();
|
||||
// const personId2 = randomUUID();
|
||||
|
||||
// const graphqlOperation = createManyOperationFactory({
|
||||
// objectMetadataSingularName: 'person',
|
||||
// objectMetadataPluralName: 'people',
|
||||
// gqlFields: PERSON_GQL_FIELDS,
|
||||
// data: [
|
||||
// {
|
||||
// id: personId1,
|
||||
// },
|
||||
// {
|
||||
// id: personId2,
|
||||
// },
|
||||
// ],
|
||||
// });
|
||||
|
||||
// const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
// expect(response.body.data).toBeDefined();
|
||||
// expect(response.body.data.createPeople).toBeDefined();
|
||||
// expect(response.body.data.createPeople).toHaveLength(2);
|
||||
// expect(response.body.data.createPeople[0].id).toBe(personId1);
|
||||
// expect(response.body.data.createPeople[1].id).toBe(personId2);
|
||||
// });
|
||||
|
||||
// it('should create multiple object records when executed by api key', async () => {
|
||||
// const personId1 = randomUUID();
|
||||
// const personId2 = randomUUID();
|
||||
|
||||
// const graphqlOperation = createManyOperationFactory({
|
||||
// objectMetadataSingularName: 'person',
|
||||
// objectMetadataPluralName: 'people',
|
||||
// gqlFields: PERSON_GQL_FIELDS,
|
||||
// data: [
|
||||
// {
|
||||
// id: personId1,
|
||||
// },
|
||||
// {
|
||||
// id: personId2,
|
||||
// },
|
||||
// ],
|
||||
// });
|
||||
|
||||
// const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
|
||||
|
||||
// expect(response.body.data).toBeDefined();
|
||||
// expect(response.body.data.createPeople).toBeDefined();
|
||||
// expect(response.body.data.createPeople).toHaveLength(2);
|
||||
// expect(response.body.data.createPeople[0].id).toBe(personId1);
|
||||
// expect(response.body.data.createPeople[1].id).toBe(personId2);
|
||||
// });
|
||||
// });
|
||||
});
|
||||
|
||||
@ -5,14 +5,11 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create
|
||||
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('createOneObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
@ -22,67 +19,7 @@ describe('createOneObjectRecordsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ createPerson: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should create an object record when user has permission (admin role)', async () => {
|
||||
const personId = randomUUID();
|
||||
const graphqlOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: {
|
||||
id: personId,
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.createPerson).toBeDefined();
|
||||
expect(response.body.data.createPerson.id).toBe(personId);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: {
|
||||
id: randomUUID(),
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ createPerson: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
@ -126,4 +63,3 @@ describe('createOneObjectRecordsPermissions', () => {
|
||||
expect(response.body.data.createPerson.id).toBe(personId);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -6,14 +6,11 @@ import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delet
|
||||
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('deleteManyObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = deleteManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
@ -26,93 +23,7 @@ describe('deleteManyObjectRecordsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ deletePeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should delete multiple object records when user has permission (admin role)', async () => {
|
||||
const personId1 = randomUUID();
|
||||
const personId2 = randomUUID();
|
||||
|
||||
const createGraphqlOperation = createManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: [
|
||||
{
|
||||
id: personId1,
|
||||
},
|
||||
{
|
||||
id: personId2,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createGraphqlOperation);
|
||||
|
||||
const deleteGraphqlOperation = deleteManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [personId1, personId2],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(deleteGraphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.deletePeople).toBeDefined();
|
||||
expect(response.body.data.deletePeople).toHaveLength(2);
|
||||
expect(response.body.data.deletePeople[0].id).toBe(personId1);
|
||||
expect(response.body.data.deletePeople[1].id).toBe(personId2);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = deleteManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [randomUUID(), randomUUID()],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ deletePeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
@ -204,4 +115,3 @@ describe('deleteManyObjectRecordsPermissions', () => {
|
||||
expect(response.body.data.deletePeople[1].id).toBe(personId2);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -6,62 +6,11 @@ import { deleteOneOperationFactory } from 'test/integration/graphql/utils/delete
|
||||
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('deleteOneObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
const personId = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
const createOnePersonRecordOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: {
|
||||
id: personId,
|
||||
},
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createOnePersonRecordOperation);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const personId = randomUUID();
|
||||
const graphqlOperation = deleteOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
recordId: personId,
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ deletePerson: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should delete an object record when user has permission (admin role)', async () => {
|
||||
const deleteGraphqlOperation = deleteOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
recordId: personId,
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(deleteGraphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.deletePerson).toBeDefined();
|
||||
expect(response.body.data.deletePerson.id).toBe(personId);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
const personId = randomUUID();
|
||||
|
||||
@ -75,24 +24,6 @@ describe('deleteOneObjectRecordsPermissions', () => {
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createOnePersonRecordOperation);
|
||||
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
|
||||
@ -5,14 +5,11 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat
|
||||
import { destroyManyOperationFactory } from 'test/integration/graphql/utils/destroy-many-operation-factory.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('destroyManyObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = destroyManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
@ -25,8 +22,7 @@ describe('destroyManyObjectRecordsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ destroyPeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
@ -76,89 +72,3 @@ describe('destroyManyObjectRecordsPermissions', () => {
|
||||
expect(response.body.data.destroyPeople[1].id).toBe(personId2);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = destroyManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [randomUUID(), randomUUID()],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ destroyPeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should destroy multiple object records when user has permission (admin role)', async () => {
|
||||
const personId1 = randomUUID();
|
||||
const personId2 = randomUUID();
|
||||
|
||||
const createGraphqlOperation = createManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: [
|
||||
{
|
||||
id: personId1,
|
||||
},
|
||||
{
|
||||
id: personId2,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createGraphqlOperation);
|
||||
|
||||
const graphqlOperation = destroyManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [personId1, personId2],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.destroyPeople).toBeDefined();
|
||||
expect(response.body.data.destroyPeople).toHaveLength(2);
|
||||
expect(response.body.data.destroyPeople[0].id).toBe(personId1);
|
||||
expect(response.body.data.destroyPeople[1].id).toBe(personId2);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -5,14 +5,11 @@ import { createOneOperationFactory } from 'test/integration/graphql/utils/create
|
||||
import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('destroyOneObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
const personId = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
@ -28,14 +25,14 @@ describe('destroyOneObjectRecordsPermissions', () => {
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const personId = randomUUID();
|
||||
const graphqlOperation = destroyOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
recordId: personId,
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ destroyPerson: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
@ -59,71 +56,3 @@ describe('destroyOneObjectRecordsPermissions', () => {
|
||||
expect(response.body.data.destroyPerson.id).toBe(personId);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
const personId = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
const createGraphqlOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: {
|
||||
id: personId,
|
||||
},
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createGraphqlOperation);
|
||||
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const personId = randomUUID();
|
||||
const graphqlOperation = destroyOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
recordId: personId,
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ destroyPerson: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should destroy an object record when user has permission (admin role)', async () => {
|
||||
const graphqlOperation = destroyOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
recordId: personId,
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.destroyPerson).toBeDefined();
|
||||
expect(response.body.data.destroyPerson.id).toBe(personId);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -3,13 +3,10 @@ import { createCustomRoleWithObjectPermissions } from 'test/integration/graphql/
|
||||
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
|
||||
import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one-operation-factory.util';
|
||||
import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
@ -20,15 +17,6 @@ describe('granularObjectRecordsPermissions', () => {
|
||||
let customRoleId: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
// Enable Permissions V2
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
|
||||
// Get the original Member role ID for restoration later
|
||||
const getRolesQuery = {
|
||||
query: `
|
||||
@ -69,15 +57,6 @@ describe('granularObjectRecordsPermissions', () => {
|
||||
.post('/graphql')
|
||||
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
|
||||
.send(restoreMemberRoleQuery);
|
||||
|
||||
// Disable Permissions V2
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterEach(async () => {
|
||||
|
||||
@ -6,33 +6,23 @@ import { createCustomRoleWithObjectPermissions } from 'test/integration/graphql/
|
||||
import { createOneOperationFactory } from 'test/integration/graphql/utils/create-one-operation-factory.util';
|
||||
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
|
||||
import { findManyOperationFactory } from 'test/integration/graphql/utils/find-many-operation-factory.util';
|
||||
import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one-operation-factory.util';
|
||||
import { makeGraphqlAPIRequestWithMemberRole as makeGraphqlAPIRequestWithJony } from 'test/integration/graphql/utils/make-graphql-api-request-with-member-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
|
||||
describe('permissionsOnRelations', () => {
|
||||
describe('permissions V2 enabled', () => {
|
||||
let originalMemberRoleId: string;
|
||||
let customRoleId: string;
|
||||
const personId = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
// Enable Permissions V2
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
|
||||
// Get the original Member role ID for restoration later
|
||||
const getRolesQuery = {
|
||||
query: `
|
||||
@ -73,7 +63,7 @@ describe('permissionsOnRelations', () => {
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: {
|
||||
id: randomUUID(),
|
||||
id: personId,
|
||||
name: {
|
||||
firstName: 'Marie',
|
||||
},
|
||||
@ -103,15 +93,6 @@ describe('permissionsOnRelations', () => {
|
||||
.post('/graphql')
|
||||
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
|
||||
.send(restoreMemberRoleQuery);
|
||||
|
||||
// Disable Permissions V2
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterEach(async () => {
|
||||
@ -219,9 +200,8 @@ describe('permissionsOnRelations', () => {
|
||||
});
|
||||
|
||||
// Create a query with nested relations
|
||||
const graphqlOperation = findManyOperationFactory({
|
||||
const graphqlOperation = findOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: `
|
||||
id
|
||||
city
|
||||
@ -238,6 +218,11 @@ describe('permissionsOnRelations', () => {
|
||||
}
|
||||
}
|
||||
`,
|
||||
filter: {
|
||||
id: {
|
||||
eq: personId,
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequestWithJony(graphqlOperation);
|
||||
@ -249,4 +234,3 @@ describe('permissionsOnRelations', () => {
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -6,14 +6,11 @@ import { deleteManyOperationFactory } from 'test/integration/graphql/utils/delet
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { restoreManyOperationFactory } from 'test/integration/graphql/utils/restore-many-operation-factory.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('restoreManyObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
const personId1 = randomUUID();
|
||||
const personId2 = randomUUID();
|
||||
|
||||
@ -62,8 +59,7 @@ describe('restoreManyObjectRecordsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ restorePeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
@ -94,104 +90,3 @@ describe('restoreManyObjectRecordsPermissions', () => {
|
||||
expect(response.body.data.restorePeople[1].id).toBe(personId2);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
const personId1 = randomUUID();
|
||||
const personId2 = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
// Create people
|
||||
const createGraphqlOperation = createManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: [
|
||||
{
|
||||
id: personId1,
|
||||
},
|
||||
{
|
||||
id: personId2,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createGraphqlOperation);
|
||||
|
||||
// Delete people
|
||||
const deleteGraphqlOperation = deleteManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [personId1, personId2],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(deleteGraphqlOperation);
|
||||
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = restoreManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [personId1, personId2],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ restorePeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should restore multiple object records when user has permission (admin role)', async () => {
|
||||
const graphqlOperation = restoreManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [personId1, personId2],
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.restorePeople).toBeDefined();
|
||||
expect(response.body.data.restorePeople).toHaveLength(2);
|
||||
expect(response.body.data.restorePeople[0].id).toBe(personId1);
|
||||
expect(response.body.data.restorePeople[1].id).toBe(personId2);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -5,108 +5,12 @@ import { createManyOperationFactory } from 'test/integration/graphql/utils/creat
|
||||
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { updateManyOperationFactory } from 'test/integration/graphql/utils/update-many-operation-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('updateManyObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
const personId1 = randomUUID();
|
||||
const personId2 = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
const createGraphqlOperation = createManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: [
|
||||
{
|
||||
id: personId1,
|
||||
},
|
||||
{
|
||||
id: personId2,
|
||||
},
|
||||
],
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createGraphqlOperation);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = updateManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [randomUUID(), randomUUID()],
|
||||
},
|
||||
},
|
||||
data: {
|
||||
jobTitle: 'Architect',
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ updatePeople: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should update multiple object records when user has permission (admin role)', async () => {
|
||||
const graphqlOperation = updateManyOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
objectMetadataPluralName: 'people',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
filter: {
|
||||
id: {
|
||||
in: [personId1, personId2],
|
||||
},
|
||||
},
|
||||
data: {
|
||||
jobTitle: 'Architect',
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.updatePeople).toBeDefined();
|
||||
expect(response.body.data.updatePeople).toHaveLength(2);
|
||||
expect(response.body.data.updatePeople[0].jobTitle).toBe('Architect');
|
||||
expect(response.body.data.updatePeople[1].jobTitle).toBe('Architect');
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const personId1 = randomUUID();
|
||||
const personId2 = randomUUID();
|
||||
@ -238,12 +142,7 @@ describe('updateManyObjectRecordsPermissions', () => {
|
||||
expect(response.body.data.updatePeople).toHaveLength(2);
|
||||
expect(response.body.data.updatePeople[0].id).toBe(personId1);
|
||||
expect(response.body.data.updatePeople[1].id).toBe(personId2);
|
||||
expect(response.body.data.updatePeople[0].jobTitle).toBe(
|
||||
'Product Manager',
|
||||
);
|
||||
expect(response.body.data.updatePeople[1].jobTitle).toBe(
|
||||
'Product Manager',
|
||||
);
|
||||
});
|
||||
expect(response.body.data.updatePeople[0].jobTitle).toBe('Product Manager');
|
||||
expect(response.body.data.updatePeople[1].jobTitle).toBe('Product Manager');
|
||||
});
|
||||
});
|
||||
|
||||
@ -6,73 +6,12 @@ import { findOneOperationFactory } from 'test/integration/graphql/utils/find-one
|
||||
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('updateOneObjectRecordsPermissions', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
const personId = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
const createPersonOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
data: {
|
||||
id: personId,
|
||||
jobTitle: 'Software Engineer',
|
||||
},
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createPersonOperation);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = updateOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
recordId: personId,
|
||||
data: {
|
||||
jobTitle: 'Senior Software Engineer',
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ updatePerson: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should update an object record when user has permission (admin role)', async () => {
|
||||
const graphqlOperation = updateOneOperationFactory({
|
||||
objectMetadataSingularName: 'person',
|
||||
gqlFields: PERSON_GQL_FIELDS,
|
||||
recordId: personId,
|
||||
data: {
|
||||
jobTitle: 'Senior Software Engineer',
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.updatePerson).toBeDefined();
|
||||
expect(response.body.data.updatePerson.id).toBe(personId);
|
||||
expect(response.body.data.updatePerson.jobTitle).toBe(
|
||||
'Senior Software Engineer',
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
const personId = randomUUID();
|
||||
let allPetsViewId: string;
|
||||
|
||||
@ -88,14 +27,6 @@ describe('updateOneObjectRecordsPermissions', () => {
|
||||
|
||||
await makeGraphqlAPIRequest(createPersonOperation);
|
||||
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
|
||||
const findAllPetsViewOperation = findOneOperationFactory({
|
||||
objectMetadataSingularName: 'view',
|
||||
gqlFields: 'id',
|
||||
@ -114,14 +45,6 @@ describe('updateOneObjectRecordsPermissions', () => {
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
|
||||
const updateViewOperation = updateOneOperationFactory({
|
||||
objectMetadataSingularName: 'view',
|
||||
gqlFields: 'id',
|
||||
@ -144,8 +67,7 @@ describe('updateOneObjectRecordsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ updatePerson: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
@ -168,8 +90,7 @@ describe('updateOneObjectRecordsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.updateView).toBeDefined();
|
||||
@ -217,4 +138,3 @@ describe('updateOneObjectRecordsPermissions', () => {
|
||||
);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -3,13 +3,11 @@ import { default as request } from 'supertest';
|
||||
import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util';
|
||||
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { createUpsertObjectPermissionsOperation } from 'test/integration/graphql/utils/upsert-object-permission-operation-factory.util';
|
||||
import { makeMetadataAPIRequest } from 'test/integration/metadata/suites/utils/make-metadata-api-request.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
|
||||
@ -19,13 +17,6 @@ describe('Object Permissions Validation', () => {
|
||||
let companyObjectId: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
// Get object metadata IDs for Person and Company
|
||||
const getObjectMetadataOperation = {
|
||||
query: gql`
|
||||
@ -58,16 +49,6 @@ describe('Object Permissions Validation', () => {
|
||||
expect(companyObjectId).toBeDefined();
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
describe('cases with role with all rights by default', () => {
|
||||
beforeEach(async () => {
|
||||
// Create a custom role for each test
|
||||
|
||||
@ -3,35 +3,13 @@ import { default as request } from 'supertest';
|
||||
import { createRoleOperation } from 'test/integration/graphql/utils/create-custom-role-operation-factory.util';
|
||||
import { deleteRole } from 'test/integration/graphql/utils/delete-one-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
|
||||
describe('Role Permissions Validation', () => {
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
describe('validateRoleDoesNotHaveWritingPermissionsWithoutReadingPermissionsOrThrow', () => {
|
||||
describe('createRole - Valid Cases', () => {
|
||||
it('should allow creating role with read=true and any write permissions', async () => {
|
||||
|
||||
@ -2,8 +2,6 @@ import { print } from 'graphql';
|
||||
import request from 'supertest';
|
||||
import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util';
|
||||
import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destroy-one-operation-factory.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { updateWorkspaceMemberRole } from 'test/integration/graphql/utils/update-workspace-member-role.util';
|
||||
import { createOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata-query-factory.util';
|
||||
import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata-query-factory.util';
|
||||
@ -11,7 +9,6 @@ import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/s
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
@ -21,15 +18,6 @@ describe('Granular settings permissions', () => {
|
||||
let originalMemberRoleId: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
// Enable Permissions V2
|
||||
const enablePermissionsV2Query = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsV2Query);
|
||||
|
||||
// Get the original Member role ID for restoration later
|
||||
const getRolesQuery = {
|
||||
query: `
|
||||
@ -135,15 +123,6 @@ describe('Granular settings permissions', () => {
|
||||
.post('/graphql')
|
||||
.set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
|
||||
.send(deleteRoleQuery);
|
||||
|
||||
// Disable Permissions V2
|
||||
const disablePermissionsV2Query = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsV2Query);
|
||||
});
|
||||
|
||||
describe('Data Model Permissions', () => {
|
||||
|
||||
@ -1,14 +1,11 @@
|
||||
import request from 'supertest';
|
||||
import { deleteOneRoleOperationFactory } from 'test/integration/graphql/utils/delete-one-role-operation-factory.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { createOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata.util';
|
||||
import { deleteOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { SettingPermissionType } from 'src/engine/metadata-modules/permissions/constants/setting-permission-type.constants';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
import { WORKSPACE_MEMBER_DATA_SEED_IDS } from 'src/engine/workspace-manager/dev-seeder/data/constants/workspace-member-data-seeds.constant';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
@ -38,14 +35,6 @@ describe('roles permissions', () => {
|
||||
let guestRoleId: string;
|
||||
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsV2Query = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsV2Query);
|
||||
|
||||
const query = {
|
||||
query: `
|
||||
query GetRoles {
|
||||
@ -73,16 +62,6 @@ describe('roles permissions', () => {
|
||||
).id;
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsV2Query = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsV2Query);
|
||||
});
|
||||
|
||||
describe('getRoles', () => {
|
||||
it('should allow admin to query getRoles', async () => {
|
||||
const query = {
|
||||
|
||||
@ -1,11 +1,9 @@
|
||||
import { gql } from 'graphql-tag';
|
||||
import request from 'supertest';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
|
||||
@ -35,14 +33,6 @@ describe('Security permissions', () => {
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IsPermissionsEnabled',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
|
||||
// Restore workspace state
|
||||
const restoreQuery = gql`
|
||||
mutation updateWorkspace {
|
||||
|
||||
@ -6,94 +6,13 @@ import { destroyOneOperationFactory } from 'test/integration/graphql/utils/destr
|
||||
import { makeGraphqlAPIRequestWithApiKey } from 'test/integration/graphql/utils/make-graphql-api-request-with-api-key.util';
|
||||
import { makeGraphqlAPIRequestWithGuestRole } from 'test/integration/graphql/utils/make-graphql-api-request-with-guest-role.util';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
import { updateOneOperationFactory } from 'test/integration/graphql/utils/update-one-operation-factory.util';
|
||||
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
describe('workflowsPermissions', () => {
|
||||
describe('createOne workflow', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const workflowId = randomUUID();
|
||||
const graphqlOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'workflow',
|
||||
gqlFields: WORKFLOW_GQL_FIELDS,
|
||||
data: {
|
||||
id: workflowId,
|
||||
name: 'Test Workflow',
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ createWorkflow: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(
|
||||
ErrorCode.FORBIDDEN,
|
||||
);
|
||||
});
|
||||
|
||||
it('should create a workflow when user has permission (admin role)', async () => {
|
||||
const workflowId = randomUUID();
|
||||
const graphqlOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'workflow',
|
||||
gqlFields: WORKFLOW_GQL_FIELDS,
|
||||
data: {
|
||||
id: workflowId,
|
||||
name: 'Test Workflow Admin',
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.createWorkflow).toBeDefined();
|
||||
expect(response.body.data.createWorkflow.id).toBe(workflowId);
|
||||
expect(response.body.data.createWorkflow.name).toBe(
|
||||
'Test Workflow Admin',
|
||||
);
|
||||
|
||||
// Clean up - delete the created workflow
|
||||
const destroyWorkflowOperation = destroyOneOperationFactory({
|
||||
objectMetadataSingularName: 'workflow',
|
||||
gqlFields: `
|
||||
id
|
||||
`,
|
||||
recordId: response.body.data.createWorkflow.id,
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(destroyWorkflowOperation);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
beforeAll(async () => {
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const workflowId = randomUUID();
|
||||
const graphqlOperation = createOneOperationFactory({
|
||||
@ -113,9 +32,7 @@ describe('workflowsPermissions', () => {
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(
|
||||
ErrorCode.FORBIDDEN,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should create a workflow when user has permission (admin role)', async () => {
|
||||
@ -161,8 +78,7 @@ describe('workflowsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.createWorkflow).toBeDefined();
|
||||
@ -183,82 +99,8 @@ describe('workflowsPermissions', () => {
|
||||
await makeGraphqlAPIRequest(destroyWorkflowOperation);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe('updateOne workflow', () => {
|
||||
describe('permissions V2 disabled', () => {
|
||||
const workflowId = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
const createWorkflowOperation = createOneOperationFactory({
|
||||
objectMetadataSingularName: 'workflow',
|
||||
gqlFields: WORKFLOW_GQL_FIELDS,
|
||||
data: {
|
||||
id: workflowId,
|
||||
name: 'Original Workflow Name',
|
||||
},
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createWorkflowOperation);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const destroyWorkflowOperation = destroyOneOperationFactory({
|
||||
objectMetadataSingularName: 'workflow',
|
||||
gqlFields: `
|
||||
id
|
||||
`,
|
||||
recordId: workflowId,
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(destroyWorkflowOperation);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
const graphqlOperation = updateOneOperationFactory({
|
||||
objectMetadataSingularName: 'workflow',
|
||||
gqlFields: WORKFLOW_GQL_FIELDS,
|
||||
recordId: workflowId,
|
||||
data: {
|
||||
name: 'Updated Workflow Name Guest',
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithGuestRole(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toStrictEqual({ updateWorkflow: null });
|
||||
expect(response.body.errors).toBeDefined();
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(
|
||||
ErrorCode.FORBIDDEN,
|
||||
);
|
||||
});
|
||||
|
||||
it('should update a workflow when user has permission (admin role)', async () => {
|
||||
const graphqlOperation = updateOneOperationFactory({
|
||||
objectMetadataSingularName: 'workflow',
|
||||
gqlFields: WORKFLOW_GQL_FIELDS,
|
||||
recordId: workflowId,
|
||||
data: {
|
||||
name: 'Updated Workflow Name Admin',
|
||||
},
|
||||
});
|
||||
|
||||
const response = await makeGraphqlAPIRequest(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.updateWorkflow).toBeDefined();
|
||||
expect(response.body.data.updateWorkflow.id).toBe(workflowId);
|
||||
expect(response.body.data.updateWorkflow.name).toBe(
|
||||
'Updated Workflow Name Admin',
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
describe('permissions V2 enabled', () => {
|
||||
const workflowId = randomUUID();
|
||||
|
||||
beforeAll(async () => {
|
||||
@ -272,14 +114,6 @@ describe('workflowsPermissions', () => {
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(createWorkflowOperation);
|
||||
|
||||
const enablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
true,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(enablePermissionsQuery);
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
@ -292,14 +126,6 @@ describe('workflowsPermissions', () => {
|
||||
});
|
||||
|
||||
await makeGraphqlAPIRequest(destroyWorkflowOperation);
|
||||
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_V2_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
});
|
||||
|
||||
it('should throw a permission error when user does not have permission (guest role)', async () => {
|
||||
@ -320,9 +146,7 @@ describe('workflowsPermissions', () => {
|
||||
expect(response.body.errors[0].message).toBe(
|
||||
PermissionsExceptionMessage.PERMISSION_DENIED,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(
|
||||
ErrorCode.FORBIDDEN,
|
||||
);
|
||||
expect(response.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
|
||||
});
|
||||
|
||||
it('should update a workflow when user has permission (admin role)', async () => {
|
||||
@ -355,8 +179,7 @@ describe('workflowsPermissions', () => {
|
||||
},
|
||||
});
|
||||
|
||||
const response =
|
||||
await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
|
||||
const response = await makeGraphqlAPIRequestWithApiKey(graphqlOperation);
|
||||
|
||||
expect(response.body.data).toBeDefined();
|
||||
expect(response.body.data.updateWorkflow).toBeDefined();
|
||||
@ -367,4 +190,3 @@ describe('workflowsPermissions', () => {
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@ -1,12 +1,10 @@
|
||||
import gql from 'graphql-tag';
|
||||
import request from 'supertest';
|
||||
import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
|
||||
import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
|
||||
|
||||
import { BillingPlanKey } from 'src/engine/core-modules/billing/enums/billing-plan-key.enum';
|
||||
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
|
||||
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
|
||||
import { SEED_APPLE_WORKSPACE_ID } from 'src/engine/workspace-manager/dev-seeder/core/utils/seed-workspaces.util';
|
||||
|
||||
const client = request(`http://localhost:${APP_PORT}`);
|
||||
|
||||
@ -35,14 +33,6 @@ describe('workspace permissions', () => {
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
const disablePermissionsQuery = updateFeatureFlagFactory(
|
||||
SEED_APPLE_WORKSPACE_ID,
|
||||
'IS_PERMISSIONS_ENABLED',
|
||||
false,
|
||||
);
|
||||
|
||||
await makeGraphqlAPIRequest(disablePermissionsQuery);
|
||||
|
||||
// Restore workspace state
|
||||
const restoreQuery = gql`
|
||||
mutation updateWorkspace {
|
||||
|
||||
@ -29,6 +29,9 @@ export const createCustomRoleWithObjectPermissions = async (options: {
|
||||
};
|
||||
|
||||
const response = await makeGraphqlAPIRequest(createRoleOperation);
|
||||
|
||||
expect(response.body.errors).toBeUndefined();
|
||||
expect(response.body.data.createOneRole).toBeDefined();
|
||||
const roleId = response.body.data.createOneRole.id;
|
||||
|
||||
// Get object metadata IDs for Person and Company
|
||||
|
||||
Reference in New Issue
Block a user