mirror of
https://github.com/CommunitySolidServer/CommunitySolidServer.git
synced 2024-10-03 14:55:10 +00:00
feat: Create OperationMetadataCollector to handle operation metadata
This commit is contained in:
Joachim Van Herwegen
@@ -1,71 +1,56 @@
|
||||
import { CredentialGroup } from '../../../src/authentication/Credentials';
|
||||
import type { AuthorizerInput } from '../../../src/authorization/Authorizer';
|
||||
import { PermissionBasedAuthorizer } from '../../../src/authorization/PermissionBasedAuthorizer';
|
||||
import type { PermissionReader } from '../../../src/authorization/PermissionReader';
|
||||
import { WebAclAuthorization } from '../../../src/authorization/WebAclAuthorization';
|
||||
import { AccessMode } from '../../../src/ldp/permissions/Permissions';
|
||||
import { ForbiddenHttpError } from '../../../src/util/errors/ForbiddenHttpError';
|
||||
import { UnauthorizedHttpError } from '../../../src/util/errors/UnauthorizedHttpError';
|
||||
|
||||
describe('A PermissionBasedAuthorizer', (): void => {
|
||||
let input: AuthorizerInput;
|
||||
let authorization: WebAclAuthorization;
|
||||
let reader: jest.Mocked<PermissionReader>;
|
||||
let authorizer: PermissionBasedAuthorizer;
|
||||
|
||||
beforeEach(async(): Promise<void> => {
|
||||
input = {
|
||||
identifier: { path: 'http://test.com/foo' },
|
||||
modes: new Set<AccessMode>(),
|
||||
permissionSet: {},
|
||||
credentials: {},
|
||||
};
|
||||
|
||||
authorization = new WebAclAuthorization({}, {});
|
||||
|
||||
reader = {
|
||||
canHandle: jest.fn(),
|
||||
handle: jest.fn().mockResolvedValue({}),
|
||||
} as any;
|
||||
|
||||
authorizer = new PermissionBasedAuthorizer(reader);
|
||||
authorizer = new PermissionBasedAuthorizer();
|
||||
});
|
||||
|
||||
it('can handle any input supported by its reader.', async(): Promise<void> => {
|
||||
it('can handle any input.', async(): Promise<void> => {
|
||||
await expect(authorizer.canHandle(input)).resolves.toBeUndefined();
|
||||
|
||||
reader.canHandle.mockRejectedValue(new Error('bad request'));
|
||||
await expect(authorizer.canHandle(input)).rejects.toThrow('bad request');
|
||||
});
|
||||
|
||||
it('allows access if the permissions are matched by the reader output.', async(): Promise<void> => {
|
||||
input.modes = new Set([ AccessMode.read, AccessMode.write ]);
|
||||
reader.handle.mockResolvedValueOnce({
|
||||
input.permissionSet = {
|
||||
[CredentialGroup.public]: { read: true, write: false },
|
||||
[CredentialGroup.agent]: { write: true },
|
||||
});
|
||||
Object.assign(authorization.everyone, { read: true, write: false });
|
||||
Object.assign(authorization.user, { write: true });
|
||||
await expect(authorizer.handle(input)).resolves.toEqual(authorization);
|
||||
};
|
||||
await expect(authorizer.handle(input)).resolves.toBeUndefined();
|
||||
});
|
||||
|
||||
it('throws an UnauthorizedHttpError when an unauthenticated request has no access.', async(): Promise<void> => {
|
||||
input.modes = new Set([ AccessMode.read, AccessMode.write ]);
|
||||
reader.handle.mockResolvedValueOnce({
|
||||
input.permissionSet = {
|
||||
[CredentialGroup.public]: { read: true, write: false },
|
||||
});
|
||||
};
|
||||
await expect(authorizer.handle(input)).rejects.toThrow(UnauthorizedHttpError);
|
||||
});
|
||||
|
||||
it('throws a ForbiddenHttpError when an authenticated request has no access.', async(): Promise<void> => {
|
||||
input.credentials = { agent: { webId: 'http://test.com/#me' }};
|
||||
input.modes = new Set([ AccessMode.read, AccessMode.write ]);
|
||||
reader.handle.mockResolvedValueOnce({
|
||||
input.permissionSet = {
|
||||
[CredentialGroup.public]: { read: true, write: false },
|
||||
});
|
||||
};
|
||||
await expect(authorizer.handle(input)).rejects.toThrow(ForbiddenHttpError);
|
||||
});
|
||||
|
||||
it('defaults to empty permissions for the Authorization.', async(): Promise<void> => {
|
||||
await expect(authorizer.handle(input)).resolves.toEqual(authorization);
|
||||
await expect(authorizer.handle(input)).resolves.toBeUndefined();
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
import { WebAclAuthorization } from '../../../src/authorization/WebAclAuthorization';
|
||||
import { RepresentationMetadata } from '../../../src/ldp/representation/RepresentationMetadata';
|
||||
import { ACL, AUTH } from '../../../src/util/Vocabularies';
|
||||
import 'jest-rdf';
|
||||
|
||||
describe('A WebAclAuthorization', (): void => {
|
||||
let authorization: WebAclAuthorization;
|
||||
let metadata: RepresentationMetadata;
|
||||
|
||||
beforeEach(async(): Promise<void> => {
|
||||
authorization = new WebAclAuthorization(
|
||||
{
|
||||
read: false,
|
||||
append: false,
|
||||
write: false,
|
||||
control: false,
|
||||
},
|
||||
{
|
||||
read: false,
|
||||
append: false,
|
||||
write: false,
|
||||
control: false,
|
||||
},
|
||||
);
|
||||
|
||||
metadata = new RepresentationMetadata();
|
||||
});
|
||||
|
||||
it('adds no metadata if there are no permissions.', async(): Promise<void> => {
|
||||
expect(authorization.addMetadata(metadata)).toBeUndefined();
|
||||
expect(metadata.quads()).toHaveLength(0);
|
||||
});
|
||||
|
||||
it('adds corresponding acl metadata for all permissions present.', async(): Promise<void> => {
|
||||
authorization.user.read = true;
|
||||
authorization.user.write = true;
|
||||
authorization.everyone.read = true;
|
||||
expect(authorization.addMetadata(metadata)).toBeUndefined();
|
||||
expect(metadata.quads()).toHaveLength(3);
|
||||
expect(metadata.getAll(AUTH.terms.userMode)).toEqualRdfTermArray([ ACL.terms.Read, ACL.terms.Write ]);
|
||||
expect(metadata.get(AUTH.terms.publicMode)).toEqualRdfTerm(ACL.terms.Read);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user