mirror of
https://github.com/ToolJet/ToolJet
synced 2026-05-24 09:28:31 +00:00
7023f72d1d
* create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * Feature: User access permission group usage (#883) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * revise migrations * hide roles usage * setup group permissions for apps and users * fix defaultChecked * fix update permission checkbox * fix casl ability check to have params passed * fix casl apps abilities to check with app specific permission * add ability to delete groups * conditionally render edit and delete options for all and admin users * fix user role to group migration * revise group management pages to disallow updating default group * move manage users and groups to navbar dropdown * show only addable apps and users on dropdowns * rename header as profile settings * scope addable apps and users by organization * scope viewable apps on homepage * hide manage groups link from non admins * make permissions to be used with radio input * add loading state for add apps/users buttons * revise unit tests * revise migrations * fix e2e tests * comment out dead code * fix seeds script * handle folder count * captalize error toast * hide manage users dropdown for non admins * show fobidden error on blank homepage * fix folder app count * fix invalid state set * make group name clickable for edit instead * users with edit permission can deploy apps * not show edit link on homepage if user dont have update permission * remove unused entity from merge * remove roles usage from manage org users page * fix folder count and blank slate on homepage * disable add buttons if there is no selections * humanize default groups on view * make app added onto groups have read permission by default * not show app menu if user is not admin * remove admin users from group user addition dropdown * create default permissions for app cloned * fix querying index page without page params * fix admin scoped out from group add * remove apps from header * fix invitation url not shown * scope admin deletion check by org * scope public apps by organization * add specs for group permissions e2e * removed unused entity and add group permissions spec * remove console logs * remove unused permission * scope public app count by org * remove console log * refactor manage group permission resources component * update group permssion in org scope
124 lines
3.8 KiB
TypeScript
124 lines
3.8 KiB
TypeScript
import * as request from 'supertest';
|
|
import { INestApplication } from '@nestjs/common';
|
|
import { authHeaderForUser, clearDB, createApplication, createUser, createNestAppInstance } from '../test.helper';
|
|
|
|
describe('app_users controller', () => {
|
|
let app: INestApplication;
|
|
|
|
beforeEach(async () => {
|
|
await clearDB();
|
|
});
|
|
|
|
beforeAll(async () => {
|
|
app = await createNestAppInstance();
|
|
});
|
|
|
|
it('should allow only authenticated users to create new app users', async () => {
|
|
await request(app.getHttpServer()).post('/app_users').expect(401);
|
|
});
|
|
|
|
xit('should be able to create a new app user if admin of same organization', async () => {
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
const developerUserData = await createUser(app, {
|
|
email: 'dev@tooljet.io',
|
|
groups: ['all_users', 'developer'],
|
|
organization: adminUserData.organization,
|
|
});
|
|
const application = await createApplication(app, {
|
|
user: adminUserData.user,
|
|
});
|
|
|
|
const response = await request(app.getHttpServer())
|
|
.post(`/app_users`)
|
|
.set('Authorization', authHeaderForUser(adminUserData.user))
|
|
.send({
|
|
app_id: application.id,
|
|
org_user_id: developerUserData.orgUser.id,
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
|
|
expect(response.statusCode).toBe(201);
|
|
});
|
|
|
|
it('should not be able to create new app user if admin of another organization', async () => {
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
const developerUserData = await createUser(app, {
|
|
email: 'dev@tooljet.io',
|
|
groups: ['all_users', 'developer'],
|
|
organization: adminUserData.organization,
|
|
});
|
|
const anotherOrgAdminUserData = await createUser(app, {
|
|
email: 'another@tooljet.io',
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
const application = await createApplication(app, {
|
|
name: 'name',
|
|
user: adminUserData.user,
|
|
});
|
|
|
|
const response = await request(app.getHttpServer())
|
|
.post(`/app_users`)
|
|
.set('Authorization', authHeaderForUser(anotherOrgAdminUserData.user))
|
|
.send({
|
|
app_id: application.id,
|
|
org_user_id: adminUserData.orgUser.id,
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
|
|
expect(response.statusCode).toBe(403);
|
|
});
|
|
|
|
it('should not allow developers and viewers to create app users', async () => {
|
|
const adminUserData = await createUser(app, {
|
|
email: 'admin@tooljet.io',
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
const application = await createApplication(app, {
|
|
name: 'name',
|
|
user: adminUserData.user,
|
|
});
|
|
|
|
const developerUserData = await createUser(app, {
|
|
email: 'dev@tooljet.io',
|
|
groups: ['all_users', 'developer'],
|
|
organization: adminUserData.organization,
|
|
});
|
|
const viewerUserData = await createUser(app, {
|
|
email: 'viewer@tooljet.io',
|
|
groups: ['all_users', 'viewer'],
|
|
organization: adminUserData.organization,
|
|
});
|
|
|
|
let response = await request(app.getHttpServer())
|
|
.post(`/app_users/`)
|
|
.set('Authorization', authHeaderForUser(developerUserData.user))
|
|
.send({
|
|
app_id: application.id,
|
|
org_user_id: viewerUserData.orgUser.id,
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
expect(response.statusCode).toBe(403);
|
|
|
|
response = response = await request(app.getHttpServer())
|
|
.post(`/app_users/`)
|
|
.set('Authorization', authHeaderForUser(viewerUserData.user))
|
|
.send({
|
|
app_id: application.id,
|
|
org_user_id: developerUserData.orgUser.id,
|
|
groups: ['all_users', 'admin'],
|
|
});
|
|
|
|
await application.reload();
|
|
});
|
|
|
|
afterAll(async () => {
|
|
await app.close();
|
|
});
|
|
});
|