Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-22 22:17:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
ToolJet/server/test/controllers/apps.e2e-spec.ts
Arpit f0a403e619
Release : Appbuilder - appdefinition architecture revamp (#7448) 
* importing service: updated

* import service, categorize and update events with associations

* fix: deleting events associated with pages on page delete

* handle app version: creation, updates, switching versions from app builder

* on version switch: no updates should be triggeted to server

* versioning for query events

* fixes: new components db transaction fails for newly created pages

* fixes: query chaining with events

* map older query ids to new for event action: run query

* fixes: multi-editor support

* fixes/multi-editor: users should be able to edit different version of the app at real time without sync

* minor fixes

* fixes: undo/redo savings with latest app def updates

* fixes: execution of page switch action

* fixes: csa events

* fixes: csa selection dropdown

* fixes: on csa action changed, the action params should also be updated correctly

* fixes: event rendering actions

* fixes: table event - row hovered

* fixes: table event - on search

* fixes: table event - onNewRowsAdded

* fixes: table event - onBulkUpdate

* fixes: table column updates

* fixes: table column updates to component definition

* re-order events

* handle adding widgets to sub containers

* fixes: csa for modals

* fixes: deletes children components on deleting parent

* fixes: components with default children

* fixed events for imported app

* gs- crash fix

* fixes: global settings UI

* fixes: header and user

* fixes: page switch event

* fixes: adapts to new event manager ui

* import app

* add event index for creating app versions

* fixes: table rendering on viewer

* fixes: event execution for viewer

* fixes: loading app with slug

* fixes: Page side bar is not rendered in viewer

* fixes: version manager ui for released versions

* fixes: tabs default children saving

* fixes: app resource mapping for parent-child components

* fixes: duplicate pages

* fixes: page load events for viewer

* fixes: enable and disable pages

* fixes: hide and show pages

* fixes: on maintaince toggle button

* fixes: new version child components are not tied to its parent

* fixes: redo breaks- on deleting a component and undo then redo (editor)

* new export schema and handling apps impport with new and older schemas

* table events: column and actions events

* fixes: query confirmations popup

* fixes: copy/paste

* fixes: cut/paste

* fixes: event mapping for newer versions for new components, pages and queries id

* fixes: app resource mapping for imported apps

* fixes: cascade events for table actions and colulmns

* Migrates the existing JSON-based app definition schema to a structured table-based architecture. This enhancement introduces component and page-specific permissions, improves data organization, and enables fine-grained access control. Additionally, it adds the 'globalSettings' column to the 'appVersion' table.

* cleanup

* fixes: enable and disable pages

* fixes: hide/show page and set saving state for cloning pages

* cleanup

* fixes: page disable menu

* fixes: migrations for data query events

* fixes: switching app version from version creation modal results in editor loading state

* fixes: setting up the page title

* fixes: Page duplication has same page handler name.

* fixes: updating general styles of a component

* fixes: delete component should trigger confirmations box for one widget and for multiple should process deletion

* fixes: CSA for button(component) does not work for page event handler.

* fixes: component name update [calendar]

* fixes: Duplicating pages do not create child components

* improves copy-paste mechanism of widgets

* fix: calendar subcontainer components comes out of the parent container on copy/paste

* fix:Form properties, no option for selecting submit button.

* fixes: Dark mode issue with event handler.

* fixes: display preferences for components

* fixes:have to select the selected version again to create a new

* fixes: Pages menu is not getting disabled when enabled and vice-versa

* fixes: correct naming of duplicating pages

* fixes: 2 action button even with no event attached to one, it gets attached to both.

* fixes: event deletion for action btn removal

* fixes: Keyboard action to move component is not saving

* reduce outbound calls when widget re-positioned with keyboard

* fixes: Not able to delete component from Inspector

* fixes: cloning of widgets

* fixes: Request confirmation before query run toggle is not visible on viewer mode. (can't run query if confirmation toggle is on)

* fixes: event sorting

* fixes: events mapping for versioning: queries and components

* fixes: importing app bug - query running issue when importing apps

* [appdef-2.0] fixes: event action linking for imported apps (#7627)

* fixes: event action linking for imported apps

* cleanup

* fixes: Toggling display preferences is not saving for components. (#7629)

* fixes: dnd issue for mobile view (#7632)

* default page menu settings should be true

* [appdef-2] event manager selector bug (#7631)

* fixes: on selecting query - 3 outbound calls are done to the server, and event manager re-renders 3times resulting in flikering ui

* reduces outbound calls for updating csa actions to 1

* [appdef] - copy associated events for cloned components (#7634)

* fixes: Copying  component is not coping the events associated with the component.

* cleanup

* [appdef-2] : Fixes frontend issues (#7636)

* Fix UI issues

* Fix Scrollbar is not available after we pin the inspector.

* Fix button  jumping places if switched from extended monitor to laptop.

* Fix white background around canvas

* fixes: Component inspector go blank after switching to different pages after dropping components (#7637)

* fixes: general properties of widgets are not getting saved (#7638)

* fixes: selecting the components via selecto (#7653)

* fixes: multiple undo-redo simlut. (#7656)

* fixes: copy associated events for cloned queries (#7657)

* Fixes not able toggle of Listview pagination toggle (#7701)

* Fix UI issues

* Fix Scrollbar is not available after we pin the inspector.

* Fix button  jumping places if switched from extended monitor to laptop.

* fix enable pagination not getting toggled in listview

* Fix form children not being displayed

* fixes: dnd fix for widgets dropped inside subcontainer (#7691)

* [Appdef-2] copy-paste, cut and  clone fix for widgets (#7687)

* fixes: copy/cut/paste and cloning of widgets

* cleanup

* can copy/paste-clone in listview

* fixes: on mulit-widget selected via mouse area selection: widget manager should be rendered (#7688)

* fixes: on deleting tabs widgets should delete its children (#7692)

* fixes: column data generated from restapi does not render correct columns in viewer (#7695)

* [appdef-2] fixes: multiple query confirmations trigger (#7704)

* fixes: multiple query confirmations trigger

* fixes: multiple outbound calls in the inital load, run queries on app load with confirmations:editor&viewer

* fixes: correct confirmations list to the stote

* [appdef-2] fixes:Event handler are running twice for page load (#7705)

* fixes:Event handler are running twice for page load(eg- add 2 show alert and change the page).

* fixes: for viewer page events

* fixes: container widget is not getting saved on drop (#7718)

* fixes: Create app version from is empty if we delete another version. (#7720)

* [appdef-2] fixes: on versioned app (switching or creating) version, the componet layout is wrongly updated to the container dnd (#7721)

* fixes: on versioned app (switching or creating) version, the component layout is wrongly updated to the container dnd

* fixes: container widget is not saving

* fixes: triggering confirmation box for every query with on load trigger (#7728)

* Fixes canvas background and go to app crashing (#7725)

* Fix UI issues

* Fix Scrollbar is not available after we pin the inspector.

* Fix button  jumping places if switched from extended monitor to laptop.

* fix enable pagination not getting toggled in listview

* Fix form children not being displayed

* Fix Go to app is crashing the application.

* Fix fx for canvas background color is not working.

* fixes: cloned/copied table with actions (#7758)

* fixes: calendar and form widgets (#7735)

* fixes: rendering of components in viewer for mobile (#7759)

* fixes: toggling, resizing, dropping widgets in both display preferences (#7760)

* fixes: page switch action via runjs actions (#7762)

* fixes: component validations do not get saved (#7766)

* [appdef-2] subcontainer dnd height outbound fix (#7767)

* fixes: listview children can be dragged outside its outbound limit

* cleanup

* fixes: widget inspector going to empty component (#7768)

* fixes: goToApp not running from runjs in viewer mode (#7770)

* fixes: multi-components cloning or copy/paste have same name (#7761)

* Fix disabled page is being displayed on switch page event dropdown (#7769)

* Fix kanban rendering leading to infinite look

* Fix disabled page is being displayed on switch page event dropdown

* Fix Kanban widget getting into infinite loop (#7808)

* Fix kanban rendering leading to infinite look

* Fix disabled page is being displayed on switch page event dropdown

* Fix kanban getting into infinite loop

* adds support of constants to current state of the ediotr (#7821)

* removes loader added for testing (#7822)

* [appdef] fixes - dnd container cloning edge cases (#7820)

* fixes: copy/pasting components updating wrong display preferences

* fixes: copy/pasting tabs and cloning components inside tabs

* fixes: duplication of calendar component bug

* if components in subcontainer(children) are selected via selecto along with its parent, children should not be going through duplication

* if components in subcontainer(children) are selected via selecto along with its parent, children should not be going through duplication

* fixes: Resolving App Version and Timestamp Update Challenges (#7863)

* Fixes query confirmation issue on viewer (#7862)

* [appdef ]fixes: components copied from template app to a new page or app do not render in canvas (#7867)

* fixes: components copied from template app to a new page or app does not render in canvas

* fixes: table crash on coping from other pages with columns

* adds the column exists check

* fixes: tables crash for imported apps with auto generated cols

* appdefinition refactor/cleanup (#7872)

* cleanup controllers and request calls from frontend

* removing unwanted console logs and unused variables

* revering v1 apis og

* adding length validation for page dto

* adding dtos for components

* updated dtos for components and pages

* added dto for event handlers

* fixes event handler dto

* fixes: page dto

* adds/fixes event handlers creating dtp

* fixes: event handler service and dtos

* [appdef] fixes: Creating page not changing the slug (#7873)

* fixes: Creating page not changing the slug

* removes extra whitespace

* [appdef] fixes: on importing a exported app child components are not present in the parent component (#7864)

* fixes: on importing a exported app child components are not present in the parent component

* handles parent component mapping for tabs and calendar component

* handles parent component mapping for tabs and calendar component for new versions

* [appdef] api endpoint fixes (#7888)

* fixes: moved fetching app version to v2 api

* fixes: app slug api

* Fixes CurrentUser & Mode not present in globals in inspector (#7812)

* Fix current user not being present in inspector

* Add Mode in globas in inspector

* Fix creating page not changing the slug.

* Revert "Fix creating page not changing the slug."

This reverts commit 0ff9c18ab8.

* Fixes  on adding query params in event handler, breaking the app (#7889)

* Fix on version change if left sidebar is open canvas not scrolling right

* Fix on adding query params in event handler, breaking the app

* Fix

* Fix on version change if left sidebar is open canvas not scrolling right (#7884)

* fixes: fixes on on app load switch page action via run queires (#7858)

* fixes: fixes on on app load switch page action via run queires

* Fix

* refactor

* Fix on load event not appearing on viewer

---------

Co-authored-by: Nakul Nagargade <nakul@tooljet.com>

* [appdef] fixes: event actions mapping for import-export (#7895)

* fixes: event actions mapping for import-export

* fixes: updates organisation id

* fixes: templates event mapping

* do not app again for not normalized apps

* [appdef]migrations fix (#7910)

* fixes: page attributes

* fixes: table action and column events for imported apps (prev) and app migrations

* adds processDataInBatches

* fixes: app data migrations

* create a new queryBuilder instance for each batch to ensure that there's no interference between batches

* fix: app migration

* cleanup

* cleanup

* fixes: table column data not updated on boxes changes in container (#7919)

* fixes: creating all pages from all versions (#7905)

* Fix state not changing in chart (#7900)

* Fix in chart, toggles are not working

* Update Chart.jsx

---------

Co-authored-by: Arpit <arpitnath42@gmail.com>

* fix event param not updating (#7902)

* [appdef] Pages attributes are missing on versioning or imported app (#7904)

* fixes: on creating new version pages attributes are not copied

* fixes: on importing apps with  pages attributes are not copied

* fixes: component double duplication issues

* fixes: deleting children components via selecto (#7915)

* fixes: component deletion fixes

* fixes: cloning components to a new version should also create associated events

* fixes: creating components on cloning with general styles or properties

* fixes: creatinng general properties on version

* fixes: imported app

* fixes added to app migrations

* fixes: mobile view

* fixes: Created a new version with multiple pages from second page, the new version shows the homepage with second page URL

* fixes: table crash due to columnDeletionHistory saved as an object instead of an array

* fixes: on creating new version, data_queries should be created (#7975)

* [appdef] fixes: migrations  (#7951)

* refactor migrations with batching

* event actions: switch page should be mapped to correct new page id

* fixes: importing json-schema app with multiple version: same components do not get render in the canvas

* fixes: import/export of legecy apps

* event actions mapping to correct page ids: migrations

* fixes: migrations  children not rendered in subcontainer components

* adapts to main/viewer changes

* fixes: viewer with #6698

* fixes: viewer route

* fixes: page switch via validateRoutes

* fixes: on delete version fetchApp fails

* handle error on saving changes

* skip name opts

* typo fix

* Instead of relying on the schema, we choose to use the Tooljet version as the determining factor for decoupling import flows

* fixes: slug updates from global settings

* fixes: slug app link (#8008)

* fixes: on version changed the preview link should also update (#8009)

* fixes: on cut and paste events should not cascade (#8010)

* fixes: query options to new mapped ids

* [appdef] fixes: cloning apps (#8012)

* fixes: cloning apps

* fixes: slug status from share modal

* fixes: query confirmations list on viewer (#8017)

* undo-fix

* fixes: updates current state with page data on creating new page

* Fix failing specs (#8031)

* [appdef] fixes : ghost child components are being created on imported/cloned apps and while migrating (#8026)

* fixes: ignore ghost components while importing

* added the fix in migrations

* fixes: adding other components

* fixes: table column resizes

* updates layout dto

* update component dto

* fixes: tabs children are not rendered as the are not in their repsective parent container (#8036)

* moving editorFunc to Editor.jsx

* cleanup

* fixes: e2e test for clone

* cleanup

* fixes: toggle maintaince

* bumping version

* multi-edit: ymap-fix-1

* Revert "multi-edit: ymap-fix-1"

This reverts commit 8b799c3c51.

* [appdef] fixes: viewer route: keeps on reloading for private apps (#8051)

* fixes: viewer route: keeps on reloading for pribate apps

* should return the response

* test: ymap updates-1

* fixes: v1 apps with dq queries resuts in app crash

* Updated import spec

* Revert "Updated import spec"

This reverts commit 802136cdc3.

* Fixed failed platform test cases for app desinition re-design (#8053)

* Fix failed platform test cases

* Modify user permission test cases

* fixes: trial-5: fixing vanishing of components

* Revert "fixes: trial-5: fixing vanishing of components"

This reverts commit a22aec12c7.

* fixes: trail-6: fix

* fixes: trail-7: fix

* Revert "fixes: trail-7: fix"

This reverts commit 08f373c415.

* Revert "fixes: trail-6: fix"

This reverts commit c4e19b5d05.

* multi-edit: ymap-fix

* Revert "multi-edit: ymap-fix"

This reverts commit 92f49c0cde.

* fixes: multi-user updates: adding or removing

* event handlers sycned for multi-user

* should take slug instead of appid if slug is present

* updating adding ymap logic

* versioning with multi-user

* fixes: saving issue

* dont skip ymap

* adds delay to ymap

* ymap-update-order-fixed

* ymap-update-order-fixed-1.1

* ymap-update-order-fixed-1.2

* test=fix

* Updated import spec (#8061)

* cleanup

* lint fixed

* fixes: cloning apps with tabs

* veiwer on event should return

* fixes: event should map with show/hide modal component id

* Fix failing appbuilder specs (#8117)

* cherrypicked ee/00195c064

* bumping version to v2.24.0

* fixed modal actionid typo

* fixes: slugs issues for released an public apps (#8119)

* Fix failed test cases (#8121)

* reverting global slug input

* fixes: versioning with cloned page and ghost components (#8122)

---------

Co-authored-by: Nakul Nagargade <133095394+nakulnagargade@users.noreply.github.com>
Co-authored-by: Kavin Venkatachalam <50441969+kavinvenkatachalam@users.noreply.github.com>
Co-authored-by: Nakul Nagargade <nakul@tooljet.com>
Co-authored-by: Midhun Kumar E <midhun752@gmail.com>
Co-authored-by: nandinisaha13 <nandinisaha13@gmail.com>
Co-authored-by: Mekhla Asopa <dadhichmekhla@gmail.com>
Co-authored-by: Ajith KV <ajith.jaban@gmail.com>
Co-authored-by: Mekhla Asopa <59684099+Mekhla-Asopa@users.noreply.github.com>
2023-11-08 11:09:47 +05:30

2274 lines
84 KiB
TypeScript
Raw Blame History

import * as request from 'supertest';
import { INestApplication } from '@nestjs/common';
import {
clearDB,
createApplication,
createUser,
createNestAppInstance,
createApplicationVersion,
createDataQuery,
createDataSource,
createAppGroupPermission,
createAppEnvironments,
createDataSourceOption,
generateAppDefaults,
authenticateUser,
logoutUser,
getAllEnvironments,
} from '../test.helper';
import { App } from 'src/entities/app.entity';
import { AppVersion } from 'src/entities/app_version.entity';
import { DataQuery } from 'src/entities/data_query.entity';
import { DataSource } from 'src/entities/data_source.entity';
import { AppUser } from 'src/entities/app_user.entity';
import { getManager, getRepository } from 'typeorm';
import { GroupPermission } from 'src/entities/group_permission.entity';
import { AppGroupPermission } from 'src/entities/app_group_permission.entity';
import { Folder } from 'src/entities/folder.entity';
import { FolderApp } from 'src/entities/folder_app.entity';
import { Credential } from 'src/entities/credential.entity';
import { defaultAppEnvironments } from 'src/helpers/utils.helper';
describe('apps controller', () => {
let app: INestApplication;
beforeEach(async () => {
await clearDB();
});
beforeAll(async () => {
app = await createNestAppInstance();
});
describe('GET /api/apps/:id', () => {
it('should allow only authenticated users to update app params', async () => {
await request(app.getHttpServer()).put('/api/apps/uuid').expect(401);
});
});
describe('POST /api/apps', () => {
describe('authorization', () => {
it('should be able to create app if user has admin group', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
await createApplicationVersion(app, application);
const appName = 'My app';
for (const userData of [viewerUserData, developerUserData]) {
const response = await request(app.getHttpServer())
.post(`/api/apps`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie'])
.send({
name: appName,
});
expect(response.statusCode).toBe(403);
}
const response = await request(app.getHttpServer())
.post(`/api/apps`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
name: appName,
});
expect(response.statusCode).toBe(201);
expect(response.body.name).toContain('My app');
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
});
it('should create app with default values', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app);
await createAppEnvironments(app, adminUserData.organization.id);
const appName = 'My app';
const response = await request(app.getHttpServer())
.post(`/api/apps`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', loggedUser.tokenCookie)
.send({
name: appName,
});
expect(response.statusCode).toBe(201);
expect(response.body.name).toContain('My app');
const appId = response.body.id;
const application = await App.findOneOrFail({ where: { id: appId } });
expect(application.name).toContain('My app');
expect(application.id).toBe(application.slug);
// await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
});
describe('GET /api/apps', () => {
describe('authorization', () => {
it('should allow only authenticated users to fetch apps', async () => {
await request(app.getHttpServer()).get('/api/apps').expect(401);
});
});
describe('without folder', () => {
it('should return all permissible apps with metadata', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const allUserGroup = await getManager().findOneOrFail(GroupPermission, {
where: {
group: 'all_users',
organization: adminUserData.organization,
},
});
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const anotherApplication = await createApplication(app, {
name: 'Another organization App',
user: anotherOrgAdminUserData.user,
});
const nonPermissibleApp = await createApplication(
app,
{
name: 'Non Permissible App',
user: adminUserData.user,
},
false
);
await getManager().update(AppGroupPermission, { appId: nonPermissibleApp.id }, { read: false });
const publicApp = await createApplication(
app,
{
name: 'Public App',
user: adminUserData.user,
isPublic: true,
},
false
);
await getManager().update(AppGroupPermission, { appId: publicApp.id }, { read: false });
const ownedApp = await createApplication(
app,
{
name: 'Owned App',
user: developerUserData.user,
},
false
);
const appNotInFolder = await createApplication(
app,
{
name: 'App not in folder',
user: adminUserData.user,
},
false
);
await getManager().update(
AppGroupPermission,
{ app: appNotInFolder, groupPermissionId: allUserGroup },
{ read: true }
);
const appInFolder = await createApplication(
app,
{
name: 'App in folder',
user: adminUserData.user,
},
false
);
await getManager().update(
AppGroupPermission,
{ app: appInFolder, groupPermissionId: allUserGroup },
{ read: true }
);
const folder = await getManager().save(Folder, {
name: 'Folder',
organizationId: adminUserData.organization.id,
});
await getManager().save(FolderApp, {
app: appInFolder,
folder: folder,
});
let response = await request(app.getHttpServer())
.get(`/api/apps`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
let { meta, apps } = response.body;
let appNames = apps.map((app) => app.name);
expect(new Set(appNames)).toEqual(
new Set([publicApp.name, ownedApp.name, appNotInFolder.name, appInFolder.name])
);
expect(meta).toEqual({
total_pages: 1,
total_count: 4,
folder_count: 0,
current_page: 1,
});
response = await request(app.getHttpServer())
.get(`/api/apps?searchKey=public`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
({ meta, apps } = response.body);
appNames = apps.map((app) => app.name);
expect(new Set(appNames)).toEqual(new Set([publicApp.name]));
expect(meta).toEqual({
total_pages: 1,
total_count: 1,
folder_count: 0,
current_page: 1,
});
response = await request(app.getHttpServer())
.get(`/api/apps`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
({ meta, apps } = response.body);
appNames = apps.map((app) => app.name);
expect(new Set(appNames)).toEqual(new Set([anotherApplication.name]));
expect(meta).toEqual({
total_pages: 1,
total_count: 1,
folder_count: 0,
current_page: 1,
});
response = await request(app.getHttpServer())
.get(`/api/apps?searchKey=another`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
({ meta, apps } = response.body);
appNames = apps.map((app) => app.name);
expect(new Set(appNames)).toEqual(new Set([anotherApplication.name]));
expect(meta).toEqual({
total_pages: 1,
total_count: 1,
folder_count: 0,
current_page: 1,
});
response = await request(app.getHttpServer())
.get(`/api/apps?searchKey=public`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
({ meta, apps } = response.body);
appNames = apps.map((app) => app.name);
expect(apps).toEqual([]);
expect(meta).toEqual({
total_pages: 0,
total_count: 0,
folder_count: 0,
current_page: 1,
});
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
await logoutUser(
app,
anotherOrgAdminUserData['tokenCookie'],
anotherOrgAdminUserData.user.defaultOrganizationId
);
});
});
describe('with folder', () => {
it('should return all permissible apps with metadata within folder', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const folder = await getManager().save(Folder, {
name: 'Folder',
organizationId: adminUserData.organization.id,
});
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
await createApplication(app, {
name: 'Another organization App',
user: anotherOrgAdminUserData.user,
});
const nonPermissibleApp = await createApplication(
app,
{
name: 'Non Permissible App',
user: adminUserData.user,
},
false
);
await getManager().update(AppGroupPermission, { appId: nonPermissibleApp.id }, { read: false });
const publicApp = await createApplication(
app,
{
name: 'Public App',
user: adminUserData.user,
isPublic: true,
},
false
);
await getManager().update(AppGroupPermission, { appId: publicApp.id }, { read: false });
await createApplication(
app,
{
name: 'Owned App',
user: developerUserData.user,
},
false
);
const appNotInfolder = await createApplication(
app,
{
name: 'App not in folder',
user: adminUserData.user,
},
false
);
await getManager().update(AppGroupPermission, { appId: appNotInfolder.id }, { read: true });
const appInFolder = await createApplication(
app,
{
name: 'App in folder',
user: adminUserData.user,
},
false
);
await getManager().update(AppGroupPermission, { appId: appInFolder.id }, { read: true });
await getManager().save(FolderApp, {
app: appInFolder,
folder: folder,
});
const publicAppInFolder = await createApplication(
app,
{
name: 'Public App in Folder',
user: adminUserData.user,
isPublic: true,
},
false
);
await getManager().update(AppGroupPermission, { appId: publicAppInFolder.id }, { read: false });
await getManager().save(FolderApp, {
app: publicAppInFolder,
folder: folder,
});
const nonPermissibleAppInFolder = await createApplication(
app,
{
name: 'Non permissible App in folder',
user: adminUserData.user,
},
false
);
await getManager().update(AppGroupPermission, { appId: nonPermissibleAppInFolder.id }, { read: false });
await getManager().save(FolderApp, {
app: nonPermissibleAppInFolder,
folder: folder,
});
let response = await request(app.getHttpServer())
.get(`/api/apps`)
.query({ folder: folder.id, page: 1 })
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
let { meta, apps } = response.body;
let appNames = apps.map((app) => app.name);
expect(new Set(appNames)).toEqual(new Set([appInFolder.name, publicAppInFolder.name]));
expect(meta).toEqual({
total_pages: 1,
total_count: 5,
folder_count: 2,
current_page: 1,
});
response = await request(app.getHttpServer())
.get(`/api/apps?searchKey=public app in`)
.query({ folder: folder.id, page: 1 })
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
({ meta, apps } = response.body);
appNames = apps.map((app) => app.name);
expect(new Set(appNames)).toEqual(new Set([publicAppInFolder.name]));
expect(meta).toEqual({
total_pages: 1,
total_count: 1,
folder_count: 1,
current_page: 1,
});
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
});
});
describe('POST /api/v2/resources/clone', () => {
it('should be able to clone the app if user group is admin', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'App to clone',
user: adminUserData.user,
});
await createApplicationVersion(app, application);
const payload = {
app: [{ id: application.id, name: `${application.name}_Copy` }],
organization_id: application.organizationId,
};
let response = await request(app.getHttpServer())
.post('/api/v2/resources/clone')
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send(payload);
expect(response.statusCode).toBe(201);
expect(response.body.success).toBe(true);
const appId = response.body['imports']['app'][0]['id'];
const clonedApplication = await App.findOneOrFail({ where: { id: appId } });
expect(clonedApplication.name).toContain('App to clone');
response = await request(app.getHttpServer())
.post('/api/v2/resources/clone')
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie'])
.send(payload);
expect(response.statusCode).toBe(403);
response = await request(app.getHttpServer())
.post('/api/v2/resources/clone')
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie'])
.send(payload);
expect(response.statusCode).toBe(403);
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
it('should not be able to clone the app if app is of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/clone`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', loggedUser.tokenCookie)
.send({ name: 'name_Copy' });
expect(response.statusCode).toBe(403);
await logoutUser(app, loggedUser.tokenCookie, anotherOrgAdminUserData.user.defaultOrganizationId);
});
});
describe('PUT /api/apps/:id', () => {
it('should be able to update name of the app if admin of same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app);
const application = await createApplication(app, {
user: adminUserData.user,
});
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', loggedUser.tokenCookie)
.send({ app: { name: 'new name' } });
expect(response.statusCode).toBe(200);
await application.reload();
expect(application.name).toBe('new name');
await logoutUser(app, loggedUser.tokenCookie, adminUserData.user.defaultOrganizationId);
});
it('should not be able to update name of the app if admin of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', loggedUser.tokenCookie)
.send({ app: { name: 'new name' } });
expect(response.statusCode).toBe(403);
await application.reload();
expect(application.name).toBe('name');
await logoutUser(app, loggedUser.tokenCookie, anotherOrgAdminUserData.user.defaultOrganizationId);
});
it('should not allow custom groups without app create permission to change the name of apps', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
let loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
let response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie'])
.send({ app: { name: 'new name' } });
expect(response.statusCode).toBe(403);
response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}`)
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie'])
.send({ app: { name: 'new name' } });
expect(response.statusCode).toBe(403);
await application.reload();
expect(application.name).toBe('name');
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
});
describe('DELETE delete app', () => {
it('should be possible for the admin to delete an app, cascaded with its versions, queries, data sources and comments', async () => {
const admin = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app);
admin['tokenCookie'] = loggedUser.tokenCookie;
const { user } = await createUser(app, {
firstName: 'mention',
lastName: 'user',
email: 'user@tooljet.io',
groups: ['all_users'],
organization: admin.organization,
});
const application = await createApplication(app, {
name: 'AppTObeDeleted',
user: admin.user,
});
const version = await createApplicationVersion(app, application);
const dataSource = await createDataSource(app, {
appVersion: version,
kind: 'test_kind',
name: 'test_name',
});
const dataQuery = await createDataQuery(app, {
dataSource,
});
const threadResponse = await request(app.getHttpServer())
.post(`/api/threads`)
.set('tj-workspace-id', admin.user.defaultOrganizationId)
.set('Cookie', admin['tokenCookie'])
.send({
appId: application.id,
appVersionsId: version.id,
x: 54.72136222910217,
y: 405,
});
expect(threadResponse.statusCode).toBe(201);
const thread = threadResponse.body;
const commentsResponse = await request(app.getHttpServer())
.post(`/api/comments`)
.set('tj-workspace-id', admin.user.defaultOrganizationId)
.set('Cookie', admin['tokenCookie'])
.send({
threadId: thread.id,
comment: '(@mention user) ',
appVersionsId: version.id,
mentionedUsers: [user.id],
});
expect(commentsResponse.statusCode).toBe(201);
const response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}`)
.set('tj-workspace-id', admin.user.defaultOrganizationId)
.set('Cookie', admin['tokenCookie']);
expect(response.statusCode).toBe(200);
await expect(App.findOneOrFail({ where: { id: application.id } })).rejects.toThrow(expect.any(Error));
await expect(AppVersion.findOneOrFail({ where: { id: version.id } })).rejects.toThrow(expect.any(Error));
await expect(DataQuery.findOneOrFail({ where: { id: dataQuery.id } })).rejects.toThrow(expect.any(Error));
await expect(DataSource.findOneOrFail({ where: { id: dataSource.id } })).rejects.toThrow(expect.any(Error));
await expect(AppUser.findOneOrFail({ where: { appId: application.id } })).rejects.toThrow(expect.any(Error));
await logoutUser(app, admin['tokenCookie'], admin.user.defaultOrganizationId);
});
it('should be possible for app creator to delete an app', async () => {
const developer = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
});
const loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developer['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'AppTObeDeleted',
user: developer.user,
});
await createApplicationVersion(app, application);
await createDataQuery(app, { application, kind: 'test_kind' });
await createDataSource(app, {
application,
kind: 'test_kind',
name: 'test_name',
});
const response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}`)
.set('tj-workspace-id', developer.user.defaultOrganizationId)
.set('Cookie', developer['tokenCookie']);
expect(response.statusCode).toBe(200);
await expect(App.findOneOrFail({ where: { id: application.id } })).rejects.toThrow(expect.any(Error));
await logoutUser(app, developer['tokenCookie'], developer.user.defaultOrganizationId);
});
it('should not be possible for non admin to delete an app', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
const loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await expect(App.findOneOrFail({ where: { id: application.id } })).resolves;
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
});
describe('GET /api/apps/:id/users', () => {
it('should allow only authenticated users to access app users endpoint', async () => {
await request(app.getHttpServer()).get('/api/apps/uuid/users').expect(401);
});
});
// TODO: Remove deprecated endpoint
describe('/api/apps/:id/users', () => {
xit('should not be able to fetch app users if admin of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/users`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await logoutUser(app, anotherOrgAdminUserData['tokenCookie'], anotherOrgAdminUserData.user.defaultOrganizationId);
});
xit('should be able to fetch app users if group is admin/developer/viewer of same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
for (const userData of [adminUserData, developerUserData, viewerUserData]) {
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/users`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie']);
expect(response.statusCode).toBe(200);
expect(response.body.users.length).toBe(1);
}
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
});
});
describe('GET /api/apps/:id/versions', () => {
describe('authorization', () => {
it('should be able to fetch app versions with app read permission group', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const defaultUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
defaultUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
await createApplicationVersion(app, application);
const allUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: {
group: 'all_users',
},
});
await createAppGroupPermission(app, application, allUserGroup.id, {
read: true,
update: false,
delete: false,
});
for (const userData of [adminUserData, defaultUserData]) {
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie']);
expect(response.statusCode).toBe(200);
expect(response.body.versions.length).toBe(1);
}
});
it('should be able to fetch app versions only for specific environment', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const defaultUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
defaultUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const appEnvironments = await getAllEnvironments(app, organization.id);
const versionsEnvironmentMapping = [];
appEnvironments.map(async (env) => {
const version = await createApplicationVersion(app, application, { currentEnvironmentId: env.id });
versionsEnvironmentMapping.push({
[env.id]: [version.id],
});
});
for (const userData of [adminUserData, defaultUserData]) {
for (const item of versionsEnvironmentMapping) {
const envId = Object.keys(item)[0];
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/versions?environment_id=${envId}`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie']);
expect(response.statusCode).toBe(200);
expect(response.body.versions.length).toBe(1);
}
}
});
});
describe('POST /api/apps/:id/versions', () => {
describe('authorization', () => {
it('should not be able to fetch app versions if user of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await logoutUser(app, loggedUser.tokenCookie, anotherOrgAdminUserData.user.defaultOrganizationId);
});
it('should be able to create a new app version if group is admin or has app update permission group in same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
// setup app permissions for developer
const developerUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: {
group: 'developer',
},
});
await createAppGroupPermission(app, application, developerUserGroup.id, {
read: false,
update: true,
delete: false,
});
for (const [index, userData] of [adminUserData, developerUserData].entries()) {
const response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie'])
.send({
versionName: `v_${index}`,
versionFromId: version.id,
});
expect(response.statusCode).toBe(201);
}
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
it('should be able to create a new app version from existing version', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const v1 = await createApplicationVersion(app, application, {
name: 'v1',
definition: { foo: 'bar' },
});
const response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
versionName: 'v2',
versionFromId: v1.id,
});
expect(response.statusCode).toBe(201);
const v2 = await getManager().findOneOrFail(AppVersion, {
where: { name: 'v2' },
});
expect(v2.definition).toEqual(v1.definition);
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
it('should not be able to create app versions if user of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie'])
.send({
versionName: 'v0',
});
expect(response.statusCode).toBe(403);
await logoutUser(
app,
anotherOrgAdminUserData['tokenCookie'],
anotherOrgAdminUserData.user.defaultOrganizationId
);
});
it('should not be able to create app versions if user does not have app create permission group', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie'])
.send({
versionName: 'v0',
});
expect(response.statusCode).toBe(403);
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
});
});
describe('Data source and query versioning', () => {
it('should be able create data sources and queries for each version creation', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const appEnvironments = await createAppEnvironments(app, adminUserData.user.organizationId);
const application = await createApplication(
app,
{
user: adminUserData.user,
},
false
);
//create first version and default app environments
const version = await createApplicationVersion(app, application);
const dataSource = await createDataSource(app, {
name: 'name',
kind: 'postgres',
appVersion: version,
});
await createDataSourceOption(app, {
dataSource,
environmentId: appEnvironments[0].id,
options: [],
});
await createDataQuery(app, {
dataSource,
kind: 'restapi',
options: { method: 'get' },
});
const manager = getManager();
let dataSources = await manager.find(DataSource);
let dataQueries = await manager.find(DataQuery, { relations: ['dataSource'] });
expect(dataSources).toHaveLength(1);
expect(dataQueries).toHaveLength(1);
// first version creation associates existing data sources and queries to it
expect(dataSources.map((s) => s.appVersionId).includes(version.id)).toBeTruthy();
expect(dataQueries.map((q) => q.dataSource.appVersionId).includes(version.id)).toBeTruthy();
// subsequent version creation will copy and create new data sources and queries from previous version
const version2 = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
versionName: 'v2',
versionFromId: version.id,
});
dataSources = await manager.find(DataSource);
dataQueries = await manager.find(DataQuery, { relations: ['dataSource'] });
expect(dataSources).toHaveLength(2);
expect(dataQueries).toHaveLength(2);
expect(dataSources.map((s) => s.appVersionId).includes(version2.body.id)).toBeTruthy();
expect(dataQueries.map((q) => q.dataSource.appVersionId).includes(version2.body.id)).toBeTruthy();
const version3 = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
versionName: 'v3',
versionFromId: version2.body.id,
});
dataSources = await manager.find(DataSource);
dataQueries = await manager.find(DataQuery, { relations: ['dataSource'] });
expect(dataSources).toHaveLength(3);
expect(dataQueries).toHaveLength(3);
expect(dataSources.map((s) => s.appVersionId).includes(version3.body.id)).toBeTruthy();
expect(dataQueries.map((q) => q.dataSource.appVersionId).includes(version3.body.id)).toBeTruthy();
// creating a new version from a non existing version id will throw error when more than 1 versions exist
await createDataSource(app, {
name: 'name',
kind: 'postgres',
application: application,
user: adminUserData.user,
});
await createDataQuery(app, {
application,
dataSource,
kind: 'restapi',
options: { method: 'get' },
});
const version4 = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
versionName: 'v4',
versionFromId: 'a77b051a-dd48-4633-a01f-089a845d5f88',
});
expect(version4.statusCode).toBe(500);
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
//will fix this
it('creates new credentials and copies cipher text on data source', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const { application, appVersion: initialVersion } = await generateAppDefaults(app, adminUserData.user, {
dsOptions: [{ key: 'foo', value: 'bar', encrypted: 'true' }],
});
let credentials = await getManager().find(Credential);
const credential = credentials[0];
credential.valueCiphertext = 'strongPassword';
await getManager().save(credential);
let response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
versionName: 'v1',
});
expect(response.statusCode).toBe(400);
expect(response.body.message).toBe('Version from should not be empty');
response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
versionName: 'v1',
versionFromId: initialVersion.id,
});
expect(response.statusCode).toBe(201);
response = await request(app.getHttpServer())
.post(`/api/apps/${application.id}/versions`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
versionName: 'v2',
versionFromId: response.body.id,
});
const dataSources = await getManager().find(DataSource);
const dataQueries = await getManager().find(DataQuery);
expect(dataSources).toHaveLength(3);
expect(dataQueries).toHaveLength(3);
credentials = await getManager().find(Credential);
expect([...new Set(credentials.map((c) => c.valueCiphertext))]).toEqual(['strongPassword']);
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
});
});
//deleted the definifion spec while with no versionFrom it will return 500 from server
});
describe('DELETE /api/apps/:id/versions/:versionId', () => {
describe('authorization', () => {
it('should not be able to delete app versions if user of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await logoutUser(
app,
anotherOrgAdminUserData['tokenCookie'],
anotherOrgAdminUserData.user.defaultOrganizationId
);
});
it('should be able to delete an app version if group is admin or has app update permission group in same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const version1 = await createApplicationVersion(app, application);
const version2 = await createApplicationVersion(app, application, { name: 'v2', definition: null });
// setup app permissions for developer
const developerUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: {
group: 'developer',
},
});
await createAppGroupPermission(app, application, developerUserGroup.id, {
read: false,
update: true,
delete: false,
});
let response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}/versions/${version1.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie']);
expect(response.statusCode).toBe(200);
response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}/versions/${version2.id}`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
it('should not be able to delete app versions if user does not have app update permission group', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users'],
organization: adminUserData.organization,
});
const loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
});
it('should not be able to delete released app version', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
await createApplicationVersion(app, application, { name: 'v2', definition: null });
await getManager().update(App, { id: application.id }, { currentVersionId: version.id });
const response = await request(app.getHttpServer())
.delete(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie']);
expect(response.statusCode).toBe(400);
expect(response.body.message).toBe('You cannot delete a released version');
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
});
});
describe('GET /api/apps/:id/versions/:version_id', () => {
describe('authorization', () => {
it('should be able to get app version by users having app read permission within same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
const allUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: {
group: 'all_users',
},
});
await createAppGroupPermission(app, application, allUserGroup.id, {
read: true,
update: false,
delete: false,
});
for (const userData of [adminUserData, developerUserData]) {
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie']);
expect(response.statusCode).toBe(200);
}
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
it('should not be able to get app versions if user of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await logoutUser(
app,
anotherOrgAdminUserData['tokenCookie'],
anotherOrgAdminUserData.user.defaultOrganizationId
);
});
});
describe('PUT /api/apps/:id/versions/:version_id', () => {
it('should be able to update app version if has group admin or app update permission group in same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app, 'admin@tooljet.io');
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
// setup app permissions for developer
const developerUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: { group: 'developer' },
});
await createAppGroupPermission(app, application, developerUserGroup.id, {
read: false,
update: true,
delete: false,
});
let count = 0;
for (const userData of [adminUserData, developerUserData]) {
count++;
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie'])
.send({
name: 'test' + count,
definition: { components: {} },
});
expect(response.statusCode).toBe(200);
await version.reload();
}
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
});
it('should be able to update the current version without new definition changes, even it is a released versions', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'admin@tooljet.io');
const application = await createApplication(app, {
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
let response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', loggedUser['tokenCookie'])
.send({ appName: 'new', current_version_id: version.id });
expect(response.statusCode).toBe(200);
response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', loggedUser['tokenCookie'])
.send({ is_user_switched_version: true });
expect(response.statusCode).toBe(200);
});
it('should not be able to update app version if no app create permission within same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const viewerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users'],
organization: adminUserData.organization,
});
const loggedUser = await authenticateUser(app, 'dev@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie'])
.send({
name: 'test',
definition: { components: {} },
});
expect(response.statusCode).toBe(403);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
});
it('should not be able to update app versions if user of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie'])
.send({
name: 'test',
definition: { components: {} },
});
expect(response.statusCode).toBe(403);
await logoutUser(
app,
anotherOrgAdminUserData['tokenCookie'],
anotherOrgAdminUserData.user.defaultOrganizationId
);
});
it('should not be able to update app versions if the version is already released', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
await getManager().update(App, application, { currentVersionId: version.id });
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
name: 'test',
definition: { components: {} },
});
expect(response.statusCode).toBe(400);
expect(response.body.message).toBe('You cannot update a released version');
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
it('should be able to release the app if the version is promoted to production', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
user: adminUserData.user,
});
const version = await createApplicationVersion(app, application);
const environments = await getAllEnvironments(app, adminUserData.organization.id);
for (const appEnvironment of defaultAppEnvironments) {
const currentEnv = environments.find((env) => env.name === appEnvironment.name);
if (!appEnvironment.isDefault) {
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/versions/${version.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({
currentEnvironmentId: currentEnv.id,
});
expect(response.statusCode).toBe(200);
} else {
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', loggedUser.tokenCookie)
.send({ app: { currentVersionId: version.id } });
expect(response.statusCode).toBe(200);
}
}
});
});
});
/*
Viewing app on app viewer
All org users can launch an app
Public apps can be launched by anyone ( even unauthenticated users )
By view app endpoint, we assume the apps/slugs/:id endpoint
*/
describe('GET /api/apps/slugs/:slug', () => {
it('should be able to fetch app using slug if has read permission within an organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
slug: 'foo',
});
await createApplicationVersion(app, application);
// setup app permissions for developer
const developerUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: {
group: 'developer',
},
});
await createAppGroupPermission(app, application, developerUserGroup.id, {
read: true,
update: true,
delete: false,
});
// setup app permissions for viewer
const viewerUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: {
group: 'viewer',
},
});
await createAppGroupPermission(app, application, viewerUserGroup.id, {
read: true,
update: false,
delete: false,
});
for (const userData of [adminUserData, developerUserData, viewerUserData]) {
const response = await request(app.getHttpServer())
.get('/api/apps/slugs/foo')
.set('Cookie', userData['tokenCookie']);
expect(response.statusCode).toBe(200);
}
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
});
it('should not be able to fetch app using slug if member of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
slug: 'foo',
});
await createApplicationVersion(app, application);
const response = await request(app.getHttpServer())
.get('/api/apps/slugs/foo')
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(401);
await logoutUser(app, anotherOrgAdminUserData['tokenCookie'], anotherOrgAdminUserData.user.defaultOrganizationId);
});
it('should be able to fetch app using slug if a public app ( even if unauthenticated )', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
slug: 'foo',
isPublic: true,
});
await createApplicationVersion(app, application);
const response = await request(app.getHttpServer()).get('/api/apps/slugs/foo');
expect(response.statusCode).toBe(200);
});
});
describe('GET /api/apps/:id/export', () => {
it('should be able to export app if user has create permission within an organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
slug: 'foo',
});
await createApplicationVersion(app, application);
// setup app permissions for developer
const developerUserGroup = await getRepository(GroupPermission).findOneOrFail({
where: {
group: 'developer',
},
});
developerUserGroup.appCreate = true;
await developerUserGroup.save();
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/export`)
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
for (const userData of [adminUserData, developerUserData]) {
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/export`)
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie']);
expect(response.statusCode).toBe(200);
expect(response.body.appV2.id).toBe(application.id);
expect(response.body.appV2.name).toBe(application.name);
expect(response.body.appV2.isPublic).toBe(application.isPublic);
expect(response.body.appV2.organizationId).toBe(application.organizationId);
}
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
});
it('should not be able to export app if member of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
slug: 'foo',
});
const response = await request(app.getHttpServer())
.get(`/api/apps/${application.id}/export`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie']);
expect(response.statusCode).toBe(403);
await logoutUser(app, anotherOrgAdminUserData['tokenCookie'], anotherOrgAdminUserData.user.defaultOrganizationId);
});
it('should not be able to export app if it is a public app for an unauthenticated user', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
slug: 'foo',
isPublic: true,
});
const response = await request(app.getHttpServer()).get(`/api/apps/${application.id}/export`);
expect(response.statusCode).toBe(401);
});
});
describe('POST /api/apps/import', () => {
it('should be able to import app only if user has admin group', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
let loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const organization = adminUserData.organization;
const developerUserData = await createUser(app, {
email: 'developer@tooljet.io',
groups: ['all_users', 'developer'],
organization,
});
loggedUser = await authenticateUser(app, 'developer@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
await createApplicationVersion(app, application);
for (const userData of [viewerUserData, developerUserData]) {
const response = await request(app.getHttpServer())
.post('/api/apps/import')
.set('tj-workspace-id', userData.user.defaultOrganizationId)
.set('Cookie', userData['tokenCookie'])
.send({ app: application, name: 'name' });
expect(response.statusCode).toBe(403);
}
const response = await request(app.getHttpServer())
.post('/api/apps/import')
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({ app: application, name: 'Imported App' });
expect(response.statusCode).toBe(201);
const importedApp = await getManager().find(App, {
name: response.body.name,
});
expect(importedApp).toHaveLength(1);
});
});
describe('PUT /api/apps/:id/icons', () => {
it('should be able to update icon of the app if admin of same organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
user: adminUserData.user,
});
const loggedUser = await authenticateUser(app);
adminUserData['tokenCookie'] = loggedUser.tokenCookie;
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/icons`)
.set('tj-workspace-id', adminUserData.user.defaultOrganizationId)
.set('Cookie', adminUserData['tokenCookie'])
.send({ icon: 'new-icon-name' });
expect(response.statusCode).toBe(200);
await application.reload();
expect(application.icon).toBe('new-icon-name');
await logoutUser(app, adminUserData['tokenCookie'], adminUserData.user.defaultOrganizationId);
});
it('should not be able to update icon of the app if admin of another organization', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const anotherOrgAdminUserData = await createUser(app, {
email: 'another@tooljet.io',
groups: ['all_users', 'admin'],
});
const loggedUser = await authenticateUser(app, 'another@tooljet.io');
anotherOrgAdminUserData['tokenCookie'] = loggedUser.tokenCookie;
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/icons`)
.set('tj-workspace-id', anotherOrgAdminUserData.user.defaultOrganizationId)
.set('Cookie', anotherOrgAdminUserData['tokenCookie'])
.send({ icon: 'new-icon-name' });
expect(response.statusCode).toBe(403);
await application.reload();
expect(application.icon).toBe(null);
await logoutUser(app, anotherOrgAdminUserData['tokenCookie'], anotherOrgAdminUserData.user.defaultOrganizationId);
});
it('should not allow custom groups without app create permission to change the name of apps', async () => {
const adminUserData = await createUser(app, {
email: 'admin@tooljet.io',
groups: ['all_users', 'admin'],
});
const application = await createApplication(app, {
name: 'name',
user: adminUserData.user,
});
const developerUserData = await createUser(app, {
email: 'dev@tooljet.io',
groups: ['all_users', 'developer'],
organization: adminUserData.organization,
});
let loggedUser = await authenticateUser(app, 'dev@tooljet.io');
developerUserData['tokenCookie'] = loggedUser.tokenCookie;
const viewerUserData = await createUser(app, {
email: 'viewer@tooljet.io',
groups: ['all_users', 'viewer'],
organization: adminUserData.organization,
});
loggedUser = await authenticateUser(app, 'viewer@tooljet.io');
viewerUserData['tokenCookie'] = loggedUser.tokenCookie;
let response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/icons`)
.set('tj-workspace-id', developerUserData.user.defaultOrganizationId)
.set('Cookie', developerUserData['tokenCookie'])
.send({ icon: 'new-icon' });
expect(response.statusCode).toBe(403);
response = await request(app.getHttpServer())
.put(`/api/apps/${application.id}/icons`)
.set('tj-workspace-id', viewerUserData.user.defaultOrganizationId)
.set('Cookie', viewerUserData['tokenCookie'])
.send({ icon: 'new-icon' });
expect(response.statusCode).toBe(403);
await application.reload();
expect(application.icon).toBe(null);
await logoutUser(app, developerUserData['tokenCookie'], developerUserData.user.defaultOrganizationId);
await logoutUser(app, viewerUserData['tokenCookie'], viewerUserData.user.defaultOrganizationId);
});
});
afterAll(async () => {
await app.close();
});
});
Reference in a new issue View git blame Copy permalink