import request from 'supertest'; import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util'; import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util'; import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces'; import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util'; import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception'; const client = request(`http://localhost:${APP_PORT}`); describe('roles permissions', () => { beforeAll(async () => { const enablePermissionsQuery = updateFeatureFlagFactory( SEED_APPLE_WORKSPACE_ID, 'IsPermissionsEnabled', true, ); await makeGraphqlAPIRequest(enablePermissionsQuery); }); afterAll(async () => { const disablePermissionsQuery = updateFeatureFlagFactory( SEED_APPLE_WORKSPACE_ID, 'IsPermissionsEnabled', false, ); await makeGraphqlAPIRequest(disablePermissionsQuery); }); describe('getRoles', () => { it('should allow admin to query getRoles', async () => { const query = { query: ` query GetRoles { getRoles { label workspaceMembers { id name { firstName lastName } } } } `, }; const resp = await client .post('/graphql') .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`) .send(query); expect(resp.status).toBe(200); expect(resp.body.errors).toBeUndefined(); expect(resp.body.data.getRoles).toHaveLength(3); expect(resp.body.data.getRoles).toEqual([ { label: 'Guest', workspaceMembers: [ { id: '20202020-1553-45c6-a028-5a9064cce07f', name: { firstName: 'Phil', lastName: 'Schiler', }, }, ], }, { label: 'Admin', workspaceMembers: [ { id: '20202020-0687-4c41-b707-ed1bfca972a7', name: { firstName: 'Tim', lastName: 'Apple', }, }, ], }, { label: 'Member', workspaceMembers: [ { id: '20202020-77d5-4cb6-b60a-f4a835a85d61', name: { firstName: 'Jony', lastName: 'Ive', }, }, ], }, ]); }); it('should throw a permission error when user does not have permission (member role)', async () => { const query = { query: ` query GetRoles { getRoles { label workspaceMembers { id name { firstName lastName } } } } `, }; await client .post('/graphql') .set('Authorization', `Bearer ${MEMBER_ACCESS_TOKEN}`) .send(query) .expect(200) .expect((res) => { expect(res.body.data).toBeNull(); expect(res.body.errors).toBeDefined(); expect(res.body.errors[0].message).toBe( PermissionsExceptionMessage.PERMISSION_DENIED, ); expect(res.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); }); }); describe('updateWorkspaceMemberRole', () => { it('should throw a permission error when user does not have permission (member role)', async () => { const query = { query: ` mutation UpdateWorkspaceMemberRole { updateWorkspaceMemberRole(workspaceMemberId: "test-workspace-member-id", roleId: "test-role-id") { id } } `, }; await client .post('/graphql') .set('Authorization', `Bearer ${MEMBER_ACCESS_TOKEN}`) .send(query) .expect(200) .expect((res) => { expect(res.body.data).toBeNull(); expect(res.body.errors).toBeDefined(); expect(res.body.errors[0].message).toBe( PermissionsExceptionMessage.PERMISSION_DENIED, ); expect(res.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN); }); }); }); });