mukeshs/twenty_crm
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
650f8f596327d1a5c1abfa162557563ab8229461
twenty_crm/packages/twenty-server/test/integration/graphql/suites/settings-permissions/data-model.integration-spec.ts

245 lines
8.7 KiB
TypeScript
Raw Blame History

import { createOneFieldMetadataQueryFactory } from 'test/integration/metadata/suites/field-metadata/utils/create-one-field-metadata-query-factory.util';
import { createOneFieldMetadata } from 'test/integration/metadata/suites/field-metadata/utils/create-one-field-metadata.util';
import { deleteOneFieldMetadataQueryFactory } from 'test/integration/metadata/suites/field-metadata/utils/delete-one-field-metadata-query-factory.util';
import { updateOneFieldMetadataQueryFactory } from 'test/integration/metadata/suites/field-metadata/utils/update-one-field-metadata-query-factory.util';
import { createOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata-query-factory.util';
import { createOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/create-one-object-metadata.util';
import { deleteOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata-query-factory.util';
import { deleteOneObjectMetadata } from 'test/integration/metadata/suites/object-metadata/utils/delete-one-object-metadata.util';
import { updateOneObjectMetadataQueryFactory } from 'test/integration/metadata/suites/object-metadata/utils/update-one-object-metadata-query-factory.util';
import { makeMetadataAPIRequestWithMemberRole } from 'test/integration/metadata/suites/utils/make-metadata-api-request-with-member-role.util';
import { FieldMetadataType } from 'twenty-shared/types';
import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
describe('datamodel permissions', () => {
describe('fieldMetadata', () => {
let listingObjectId = '';
let testFieldId = '';
beforeAll(async () => {
const { data } = await createOneObjectMetadata({
input: {
nameSingular: 'listing',
namePlural: 'listings',
labelSingular: 'Listing',
labelPlural: 'Listings',
icon: 'IconBuildingSkyscraper',
},
});
listingObjectId = data.createOneObject.id;
const { data: createdFieldData } = await createOneFieldMetadata({
input: {
name: 'house',
type: FieldMetadataType.TEXT,
label: 'House',
objectMetadataId: listingObjectId,
},
});
testFieldId = createdFieldData.createOneField.id;
});
afterAll(async () => {
await deleteOneObjectMetadata({
input: { idToDelete: listingObjectId },
});
});
describe('createOne', () => {
it('should throw a permission error when user does not have permission (member role)', async () => {
// Arrange
const FIELD_NAME = 'testFieldForCreateOne';
const createFieldInput = {
name: FIELD_NAME,
label: 'Test Field For CreateOne',
type: FieldMetadataType.TEXT,
objectMetadataId: listingObjectId,
};
// Act
const graphqlOperation = createOneFieldMetadataQueryFactory({
input: createFieldInput,
gqlFields: `
id
name
`,
});
const response =
await makeMetadataAPIRequestWithMemberRole(graphqlOperation);
// Assert
expect(response.body.data).toBeNull();
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
});
describe('updateOne', () => {
it('should throw a permission error when user does not have permission (member role)', async () => {
// Arrange
const updateFieldInput = {
name: 'updatedName',
label: 'Updated Name',
};
const graphqlOperation = updateOneFieldMetadataQueryFactory({
input: { idToUpdate: testFieldId, updatePayload: updateFieldInput },
gqlFields: `
id
name
`,
});
const response =
await makeMetadataAPIRequestWithMemberRole(graphqlOperation);
// Assert
expect(response.body.data).toBeNull();
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
});
describe('deleteOne', () => {
it('should throw a permission error when user does not have permission (member role)', async () => {
// Arrange
const graphqlOperation = deleteOneFieldMetadataQueryFactory({
input: { idToDelete: testFieldId },
});
const response =
await makeMetadataAPIRequestWithMemberRole(graphqlOperation);
// Assert
expect(response.body.data).toBeNull();
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
});
});
describe('objectMetadata', () => {
describe('createOne', () => {
it('should throw a permission error when user does not have permission (member role)', async () => {
// Arrange
const graphqlOperation = createOneObjectMetadataQueryFactory({
gqlFields: `
id
`,
input: {
labelPlural: 'Test Objects',
labelSingular: 'Test Object',
namePlural: 'testObjects',
nameSingular: 'testObject',
},
});
const response =
await makeMetadataAPIRequestWithMemberRole(graphqlOperation);
// Assert
expect(response.body.data).toBeNull();
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
});
describe('update and delete a custom object', () => {
let listingObjectId = '';
beforeAll(async () => {
const { data } = await createOneObjectMetadata({
input: {
labelPlural: 'Listings',
labelSingular: 'Listing',
namePlural: 'listings',
nameSingular: 'listing',
icon: 'IconBuildingSkyscraper',
},
});
listingObjectId = data.createOneObject.id;
});
afterAll(async () => {
await deleteOneObjectMetadata({
input: { idToDelete: listingObjectId },
});
});
describe('updateOne', () => {
it('should throw a permission error when user does not have permission (member role)', async () => {
// Arrange
const graphqlOperation = updateOneObjectMetadataQueryFactory({
gqlFields: `
id
`,
input: {
idToUpdate: listingObjectId,
updatePayload: {
labelPlural: 'Updated Test Objects',
labelSingular: 'Updated Test Object',
},
},
});
const response =
await makeMetadataAPIRequestWithMemberRole(graphqlOperation);
// Assert
expect(response.body.data).toBeNull();
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
});
describe('deleteOne', () => {
it('should throw a permission error when user does not have permission (member role)', async () => {
// Arrange
const graphqlOperation = deleteOneObjectMetadataQueryFactory({
input: { idToDelete: listingObjectId },
});
const response =
await makeMetadataAPIRequestWithMemberRole(graphqlOperation);
// Assert
expect(response.body.data).toBeNull();
expect(response.body.errors).toBeDefined();
expect(response.body.errors[0].message).toBe(
PermissionsExceptionMessage.PERMISSION_DENIED,
);
expect(response.body.errors[0].extensions.code).toBe(
ErrorCode.FORBIDDEN,
);
});
});
});
});
});
Reference in New Issue View Git Blame Copy Permalink