861face2a8
Closes https://github.com/twentyhq/core-team-issues/issues/393 - enforcing object-records permission checks in resolvers for now. we will move the logic to a lower level asap - add integration tests that will still be useful when we have moved the logic - introduce guest seeded role to test limited permissions on object-records
22 lines
533 B
TypeScript
22 lines
533 B
TypeScript
import { ASTNode, print } from 'graphql';
|
|
import request from 'supertest';
|
|
|
|
type GraphqlOperation = {
|
|
query: ASTNode;
|
|
variables?: Record<string, unknown>;
|
|
};
|
|
|
|
export const makeGraphqlAPIRequestWithGuestRole = (
|
|
graphqlOperation: GraphqlOperation,
|
|
) => {
|
|
const client = request(`http://localhost:${APP_PORT}`);
|
|
|
|
return client
|
|
.post('/graphql')
|
|
.set('Authorization', `Bearer ${GUEST_ACCESS_TOKEN}`)
|
|
.send({
|
|
query: print(graphqlOperation.query),
|
|
variables: graphqlOperation.variables || {},
|
|
});
|
|
};
|