Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Extract set of required modes instead of PermissionSet

Browse Source
This commit is contained in:
Joachim Van Herwegen
2021-09-27 14:00:29 +02:00
parent ba1886ab85
commit e8dedf5c23
40 changed files with 183 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/integration/config/ldp-with-auth.json
View File

@@ -13,7 +13,7 @@
"files-scs:config/ldp/handler/default.json",
"files-scs:config/ldp/metadata-parser/default.json",
"files-scs:config/ldp/metadata-writer/default.json",
"files-scs:config/ldp/permissions/acl.json",
"files-scs:config/ldp/modes/acl.json",
"files-scs:config/storage/key-value/memory.json",
"files-scs:config/storage/middleware/default.json",
"files-scs:config/util/auxiliary/acl.json",

2
test/integration/config/run-with-redlock.json
View File

@@ -13,7 +13,7 @@
"files-scs:config/ldp/handler/default.json",
"files-scs:config/ldp/metadata-parser/default.json",
"files-scs:config/ldp/metadata-writer/default.json",
"files-scs:config/ldp/permissions/acl.json",
"files-scs:config/ldp/modes/acl.json",
"files-scs:config/storage/backend/memory.json",
"files-scs:config/storage/key-value/memory.json",
"files-scs:config/storage/middleware/default.json",

2
test/integration/config/server-dynamic-unsafe.json
View File

@@ -18,7 +18,7 @@
"files-scs:config/ldp/handler/default.json",
"files-scs:config/ldp/metadata-parser/default.json",
"files-scs:config/ldp/metadata-writer/default.json",
"files-scs:config/ldp/permissions/acl.json",
"files-scs:config/ldp/modes/acl.json",
"files-scs:config/storage/backend/dynamic.json",
"files-scs:config/storage/key-value/memory.json",
"files-scs:config/storage/middleware/default.json",

2
test/integration/config/server-memory.json
View File

@@ -17,7 +17,7 @@
"files-scs:config/ldp/handler/default.json",
"files-scs:config/ldp/metadata-parser/default.json",
"files-scs:config/ldp/metadata-writer/default.json",
"files-scs:config/ldp/permissions/acl.json",
"files-scs:config/ldp/modes/acl.json",
"files-scs:config/storage/backend/memory.json",
"files-scs:config/storage/key-value/resource-store.json",
"files-scs:config/storage/middleware/default.json",

2
test/integration/config/server-subdomains-unsafe.json
View File

@@ -18,7 +18,7 @@
"files-scs:config/ldp/handler/default.json",
"files-scs:config/ldp/metadata-parser/default.json",
"files-scs:config/ldp/metadata-writer/default.json",
"files-scs:config/ldp/permissions/acl.json",
"files-scs:config/ldp/modes/acl.json",
"files-scs:config/storage/key-value/memory.json",
"files-scs:config/storage/middleware/default.json",
"files-scs:config/util/auxiliary/acl.json",

2
test/integration/config/server-without-auth.json
View File

@@ -13,7 +13,7 @@
"files-scs:config/ldp/handler/default.json",
"files-scs:config/ldp/metadata-parser/default.json",
"files-scs:config/ldp/metadata-writer/default.json",
"files-scs:config/ldp/permissions/acl.json",
"files-scs:config/ldp/modes/acl.json",
"files-scs:config/storage/backend/memory.json",
"files-scs:config/storage/key-value/memory.json",
"files-scs:config/storage/middleware/default.json",

2
test/integration/config/setup-memory.json
View File

@@ -18,7 +18,7 @@
"files-scs:config/ldp/handler/default.json",
"files-scs:config/ldp/metadata-parser/default.json",
"files-scs:config/ldp/metadata-writer/default.json",
"files-scs:config/ldp/permissions/acl.json",
"files-scs:config/ldp/modes/acl.json",
"files-scs:config/storage/backend/memory.json",
"files-scs:config/storage/key-value/resource-store.json",
"files-scs:config/storage/middleware/default.json",

6
test/unit/authentication/UnionCredentialsExtractor.test.ts
View File

@@ -1,12 +1,12 @@
import { CredentialGroup } from '../../../src/authentication/Credentials';
import type { Credentials } from '../../../src/authentication/Credentials';
import type { CredentialSet } from '../../../src/authentication/Credentials';
import type { CredentialsExtractor } from '../../../src/authentication/CredentialsExtractor';
import { UnionCredentialsExtractor } from '../../../src/authentication/UnionCredentialsExtractor';
import type { HttpRequest } from '../../../src/server/HttpRequest';
describe('A UnionCredentialsExtractor', (): void => {
const agent: Credentials = { [CredentialGroup.agent]: { webId: 'http://test.com/#me' }};
const everyone: Credentials = { [CredentialGroup.public]: {}};
const agent: CredentialSet = { [CredentialGroup.agent]: { webId: 'http://test.com/#me' }};
const everyone: CredentialSet = { [CredentialGroup.public]: {}};
const request: HttpRequest = {} as any;
let extractors: jest.Mocked<CredentialsExtractor>[];
let extractor: UnionCredentialsExtractor;

33
test/unit/authorization/AuxiliaryAuthorizer.test.ts
View File

@@ -1,7 +1,7 @@
import type { Authorizer } from '../../../src/authorization/Authorizer';
import { AuxiliaryAuthorizer } from '../../../src/authorization/AuxiliaryAuthorizer';
import type { AuxiliaryIdentifierStrategy } from '../../../src/ldp/auxiliary/AuxiliaryIdentifierStrategy';
import type { PermissionSet } from '../../../src/ldp/permissions/PermissionSet';
import { AccessMode } from '../../../src/ldp/permissions/PermissionSet';
import type { ResourceIdentifier } from '../../../src/ldp/representation/ResourceIdentifier';
import { NotImplementedHttpError } from '../../../src/util/errors/NotImplementedHttpError';
@@ -10,18 +10,13 @@ describe('An AuxiliaryAuthorizer', (): void => {
const credentials = {};
const associatedIdentifier = { path: 'http://test.com/foo' };
const auxiliaryIdentifier = { path: 'http://test.com/foo.dummy' };
let permissions: PermissionSet;
let modes: Set<AccessMode>;
let source: Authorizer;
let strategy: AuxiliaryIdentifierStrategy;
let authorizer: AuxiliaryAuthorizer;
beforeEach(async(): Promise<void> => {
permissions = {
read: true,
write: true,
append: true,
control: false,
};
modes = new Set([ AccessMode.read, AccessMode.write, AccessMode.append ]);
source = {
canHandle: jest.fn(),
@@ -38,39 +33,39 @@ describe('An AuxiliaryAuthorizer', (): void => {
});
it('can handle auxiliary resources if the source supports the associated resource.', async(): Promise<void> => {
await expect(authorizer.canHandle({ identifier: auxiliaryIdentifier, credentials, permissions }))
await expect(authorizer.canHandle({ identifier: auxiliaryIdentifier, credentials, modes }))
.resolves.toBeUndefined();
expect(source.canHandle).toHaveBeenLastCalledWith(
{ identifier: associatedIdentifier, credentials, permissions },
{ identifier: associatedIdentifier, credentials, modes },
);
await expect(authorizer.canHandle({ identifier: associatedIdentifier, credentials, permissions }))
await expect(authorizer.canHandle({ identifier: associatedIdentifier, credentials, modes }))
.rejects.toThrow(NotImplementedHttpError);
source.canHandle = jest.fn().mockRejectedValue(new Error('no source support'));
await expect(authorizer.canHandle({ identifier: auxiliaryIdentifier, credentials, permissions }))
await expect(authorizer.canHandle({ identifier: auxiliaryIdentifier, credentials, modes }))
.rejects.toThrow('no source support');
});
it('handles resources by sending the updated parameters to the source.', async(): Promise<void> => {
await expect(authorizer.handle({ identifier: auxiliaryIdentifier, credentials, permissions }))
await expect(authorizer.handle({ identifier: auxiliaryIdentifier, credentials, modes }))
.resolves.toBeUndefined();
expect(source.handle).toHaveBeenLastCalledWith(
{ identifier: associatedIdentifier, credentials, permissions },
{ identifier: associatedIdentifier, credentials, modes },
);
// Safety checks are not present when calling `handle`
await expect(authorizer.handle({ identifier: associatedIdentifier, credentials, permissions }))
await expect(authorizer.handle({ identifier: associatedIdentifier, credentials, modes }))
.rejects.toThrow(NotImplementedHttpError);
});
it('combines both checking and handling when calling handleSafe.', async(): Promise<void> => {
await expect(authorizer.handleSafe({ identifier: auxiliaryIdentifier, credentials, permissions }))
await expect(authorizer.handleSafe({ identifier: auxiliaryIdentifier, credentials, modes }))
.resolves.toBeUndefined();
expect(source.handleSafe).toHaveBeenLastCalledWith(
{ identifier: associatedIdentifier, credentials, permissions },
{ identifier: associatedIdentifier, credentials, modes },
);
await expect(authorizer.handleSafe({ identifier: associatedIdentifier, credentials, permissions }))
await expect(authorizer.handleSafe({ identifier: associatedIdentifier, credentials, modes }))
.rejects.toThrow(NotImplementedHttpError);
source.handleSafe = jest.fn().mockRejectedValue(new Error('no source support'));
await expect(authorizer.handleSafe({ identifier: auxiliaryIdentifier, credentials, permissions }))
await expect(authorizer.handleSafe({ identifier: auxiliaryIdentifier, credentials, modes }))
.rejects.toThrow('no source support');
});
});

3
test/unit/authorization/PathBasedAuthorizer.test.ts
View File

@@ -1,5 +1,6 @@
import type { Authorizer, AuthorizerInput } from '../../../src/authorization/Authorizer';
import { PathBasedAuthorizer } from '../../../src/authorization/PathBasedAuthorizer';
import { AccessMode } from '../../../src/ldp/permissions/PermissionSet';
import { NotImplementedHttpError } from '../../../src/util/errors/NotImplementedHttpError';
describe('A PathBasedAuthorizer', (): void => {
@@ -11,7 +12,7 @@ describe('A PathBasedAuthorizer', (): void => {
beforeEach(async(): Promise<void> => {
input = {
identifier: { path: `${baseUrl}first` },
permissions: { read: true, append: false, write: false, control: false },
modes: new Set([ AccessMode.read ]),
credentials: {},
};

36
test/unit/authorization/WebAclAuthorizer.test.ts
View File

@@ -5,7 +5,7 @@ import type { AccessChecker } from '../../../src/authorization/access-checkers/A
import { WebAclAuthorization } from '../../../src/authorization/WebAclAuthorization';
import { WebAclAuthorizer } from '../../../src/authorization/WebAclAuthorizer';
import type { AuxiliaryIdentifierStrategy } from '../../../src/ldp/auxiliary/AuxiliaryIdentifierStrategy';
import type { PermissionSet } from '../../../src/ldp/permissions/PermissionSet';
import { AccessMode } from '../../../src/ldp/permissions/PermissionSet';
import type { Representation } from '../../../src/ldp/representation/Representation';
import type { ResourceIdentifier } from '../../../src/ldp/representation/ResourceIdentifier';
import type { ResourceStore } from '../../../src/storage/ResourceStore';
@@ -31,19 +31,14 @@ describe('A WebAclAuthorizer', (): void => {
} as any;
let store: jest.Mocked<ResourceStore>;
const identifierStrategy = new SingleRootIdentifierStrategy('http://test.com/');
let permissions: PermissionSet;
let modes: Set<AccessMode>;
let credentials: CredentialSet;
let identifier: ResourceIdentifier;
let authorization: WebAclAuthorization;
let accessChecker: jest.Mocked<AccessChecker>;
beforeEach(async(): Promise<void> => {
permissions = {
read: true,
append: false,
write: true,
control: false,
};
modes = new Set([ AccessMode.read, AccessMode.write ]);
credentials = { [CredentialGroup.public]: {}, [CredentialGroup.agent]: {}};
identifier = { path: 'http://test.com/foo' };
authorization = new WebAclAuthorization(
@@ -73,7 +68,7 @@ describe('A WebAclAuthorizer', (): void => {
});
it('handles all non-acl inputs.', async(): Promise<void> => {
await expect(authorizer.canHandle({ identifier, credentials, permissions })).resolves.toBeUndefined();
await expect(authorizer.canHandle({ identifier, credentials, modes })).resolves.toBeUndefined();
await expect(authorizer.canHandle({ identifier: aclStrategy.getAuxiliaryIdentifier(identifier) } as any))
.rejects.toThrow(NotImplementedHttpError);
});
@@ -89,7 +84,7 @@ describe('A WebAclAuthorizer', (): void => {
]) } as Representation);
Object.assign(authorization.everyone, { read: true, write: true, append: true, control: false });
Object.assign(authorization.user, { read: true, write: true, append: true, control: false });
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
await expect(authorizer.handle({ identifier, modes, credentials })).resolves.toEqual(authorization);
});
it('allows access if the acl file allows all agents.', async(): Promise<void> => {
@@ -102,7 +97,7 @@ describe('A WebAclAuthorizer', (): void => {
]) } as Representation);
Object.assign(authorization.everyone, { read: true, write: true, append: true });
Object.assign(authorization.user, { read: true, write: true, append: true });
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
await expect(authorizer.handle({ identifier, modes, credentials })).resolves.toEqual(authorization);
});
it('allows access if there is a parent acl file allowing all agents.', async(): Promise<void> => {
@@ -122,7 +117,7 @@ describe('A WebAclAuthorizer', (): void => {
});
Object.assign(authorization.everyone, { read: true, write: true, append: true });
Object.assign(authorization.user, { read: true, write: true, append: true });
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
await expect(authorizer.handle({ identifier, modes, credentials })).resolves.toEqual(authorization);
});
it('throws a ForbiddenHttpError if access is not granted and credentials have a WebID.', async(): Promise<void> => {
@@ -132,7 +127,7 @@ describe('A WebAclAuthorizer', (): void => {
quad(nn('auth'), nn(`${acl}accessTo`), nn(identifier.path)),
]) } as Representation);
credentials.agent = { webId: 'http://test.com/alice/profile/card#me' };
await expect(authorizer.handle({ identifier, permissions, credentials })).rejects.toThrow(ForbiddenHttpError);
await expect(authorizer.handle({ identifier, modes, credentials })).rejects.toThrow(ForbiddenHttpError);
});
it('throws an UnauthorizedHttpError if access is not granted there are no credentials.', async(): Promise<void> => {
@@ -142,30 +137,25 @@ describe('A WebAclAuthorizer', (): void => {
quad(nn('auth'), nn(`${rdf}type`), nn(`${acl}Authorization`)),
quad(nn('auth'), nn(`${acl}accessTo`), nn(identifier.path)),
]) } as Representation);
await expect(authorizer.handle({ identifier, permissions, credentials })).rejects.toThrow(UnauthorizedHttpError);
await expect(authorizer.handle({ identifier, modes, credentials })).rejects.toThrow(UnauthorizedHttpError);
});
it('re-throws ResourceStore errors as internal errors.', async(): Promise<void> => {
store.getRepresentation.mockRejectedValue(new Error('TEST!'));
const promise = authorizer.handle({ identifier, permissions, credentials });
const promise = authorizer.handle({ identifier, modes, credentials });
await expect(promise).rejects.toThrow(`Error reading ACL for ${identifier.path}: TEST!`);
await expect(promise).rejects.toThrow(InternalServerError);
});
it('errors if the root container has no corresponding acl document.', async(): Promise<void> => {
store.getRepresentation.mockRejectedValue(new NotFoundHttpError());
const promise = authorizer.handle({ identifier, permissions, credentials });
const promise = authorizer.handle({ identifier, modes, credentials });
await expect(promise).rejects.toThrow('No ACL document found for root container');
await expect(promise).rejects.toThrow(ForbiddenHttpError);
});
it('allows an agent to append if they have write access.', async(): Promise<void> => {
permissions = {
read: false,
write: false,
append: true,
control: false,
};
modes = new Set([ AccessMode.append ]);
store.getRepresentation.mockResolvedValue({ data: guardedStreamFrom([
quad(nn('auth'), nn(`${rdf}type`), nn(`${acl}Authorization`)),
quad(nn('auth'), nn(`${acl}accessTo`), nn(identifier.path)),
@@ -173,6 +163,6 @@ describe('A WebAclAuthorizer', (): void => {
]) } as Representation);
Object.assign(authorization.everyone, { write: true, append: true });
Object.assign(authorization.user, { write: true, append: true });
await expect(authorizer.handle({ identifier, permissions, credentials })).resolves.toEqual(authorization);
await expect(authorizer.handle({ identifier, modes, credentials })).resolves.toEqual(authorization);
});
});

12
test/unit/ldp/AuthenticatedLdpHandler.test.ts
View File

@@ -5,7 +5,7 @@ import { AuthenticatedLdpHandler } from '../../../src/ldp/AuthenticatedLdpHandle
import { ResetResponseDescription } from '../../../src/ldp/http/response/ResetResponseDescription';
import type { ResponseDescription } from '../../../src/ldp/http/response/ResponseDescription';
import type { Operation } from '../../../src/ldp/operations/Operation';
import type { PermissionSet } from '../../../src/ldp/permissions/PermissionSet';
import { AccessMode } from '../../../src/ldp/permissions/PermissionSet';
import type { RepresentationPreferences } from '../../../src/ldp/representation/RepresentationPreferences';
import * as LogUtil from '../../../src/logging/LogUtil';
import type { HttpRequest } from '../../../src/server/HttpRequest';
@@ -17,7 +17,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
const preferences: RepresentationPreferences = { type: { 'text/turtle': 0.9 }};
let operation: Operation;
const credentials: CredentialSet = {};
const permissions: PermissionSet = { read: true, write: false, append: false, control: false };
const modes: Set<AccessMode> = new Set([ AccessMode.read ]);
const authorization: Authorization = { addMetadata: jest.fn() };
const result: ResponseDescription = new ResetResponseDescription();
const errorResult: ResponseDescription = { statusCode: 500 };
@@ -32,7 +32,7 @@ describe('An AuthenticatedLdpHandler', (): void => {
handleSafe: jest.fn().mockResolvedValue(operation),
} as any,
credentialsExtractor: { handleSafe: jest.fn().mockResolvedValue(credentials) } as any,
permissionsExtractor: { handleSafe: jest.fn().mockResolvedValue(permissions) } as any,
modesExtractor: { handleSafe: jest.fn().mockResolvedValue(modes) } as any,
authorizer: { handleSafe: jest.fn().mockResolvedValue(authorization) } as any,
operationHandler: { handleSafe: jest.fn().mockResolvedValue(result) } as any,
errorHandler: { handleSafe: jest.fn().mockResolvedValue(errorResult) } as any,
@@ -63,11 +63,11 @@ describe('An AuthenticatedLdpHandler', (): void => {
expect(args.requestParser.handleSafe).toHaveBeenLastCalledWith(request);
expect(args.credentialsExtractor.handleSafe).toHaveBeenCalledTimes(1);
expect(args.credentialsExtractor.handleSafe).toHaveBeenLastCalledWith(request);
expect(args.permissionsExtractor.handleSafe).toHaveBeenCalledTimes(1);
expect(args.permissionsExtractor.handleSafe).toHaveBeenLastCalledWith(operation);
expect(args.modesExtractor.handleSafe).toHaveBeenCalledTimes(1);
expect(args.modesExtractor.handleSafe).toHaveBeenLastCalledWith(operation);
expect(args.authorizer.handleSafe).toHaveBeenCalledTimes(1);
expect(args.authorizer.handleSafe)
.toHaveBeenLastCalledWith({ credentials, identifier: { path: 'identifier' }, permissions });
.toHaveBeenLastCalledWith({ credentials, identifier: { path: 'identifier' }, modes });
expect(operation.authorization).toBe(authorization);
expect(args.operationHandler.handleSafe).toHaveBeenCalledTimes(1);
expect(args.operationHandler.handleSafe).toHaveBeenLastCalledWith(operation);

16
test/unit/ldp/permissions/AclPermissionsExtractor.test.ts → test/unit/ldp/permissions/AclModesExtractor.test.ts
View File

@@ -1,15 +1,16 @@
import type { AuxiliaryIdentifierStrategy } from '../../../../src/ldp/auxiliary/AuxiliaryIdentifierStrategy';
import { AclPermissionsExtractor } from '../../../../src/ldp/permissions/AclPermissionsExtractor';
import { AclModesExtractor } from '../../../../src/ldp/permissions/AclModesExtractor';
import { AccessMode } from '../../../../src/ldp/permissions/PermissionSet';
import { NotImplementedHttpError } from '../../../../src/util/errors/NotImplementedHttpError';
describe('An AclPermissionsExtractor', (): void => {
let extractor: AclPermissionsExtractor;
describe('An AclModesExtractor', (): void => {
let extractor: AclModesExtractor;
beforeEach(async(): Promise<void> => {
const aclStrategy = {
isAuxiliaryIdentifier: (id): boolean => id.path.endsWith('.acl'),
} as AuxiliaryIdentifierStrategy;
extractor = new AclPermissionsExtractor(aclStrategy);
extractor = new AclModesExtractor(aclStrategy);
});
it('can only handle acl files.', async(): Promise<void> => {
@@ -20,11 +21,6 @@ describe('An AclPermissionsExtractor', (): void => {
});
it('returns control permissions.', async(): Promise<void> => {
await expect(extractor.handle()).resolves.toEqual({
read: false,
write: false,
append: false,
control: true,
});
await expect(extractor.handle()).resolves.toEqual(new Set([ AccessMode.control ]));
});
});

44
test/unit/ldp/permissions/MethodPermissionsExtractor.test.ts → test/unit/ldp/permissions/MethodModesExtractor.test.ts
View File

@@ -1,9 +1,10 @@
import type { Operation } from '../../../../src/ldp/operations/Operation';
import { MethodPermissionsExtractor } from '../../../../src/ldp/permissions/MethodPermissionsExtractor';
import { MethodModesExtractor } from '../../../../src/ldp/permissions/MethodModesExtractor';
import { AccessMode } from '../../../../src/ldp/permissions/PermissionSet';
import { NotImplementedHttpError } from '../../../../src/util/errors/NotImplementedHttpError';
describe('A MethodPermissionsExtractor', (): void => {
const extractor = new MethodPermissionsExtractor();
describe('A MethodModesExtractor', (): void => {
const extractor = new MethodModesExtractor();
it('can handle HEAD/GET/POST/PUT/DELETE.', async(): Promise<void> => {
await expect(extractor.canHandle({ method: 'HEAD' } as Operation)).resolves.toBeUndefined();
@@ -15,47 +16,24 @@ describe('A MethodPermissionsExtractor', (): void => {
});
it('requires read for HEAD operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'HEAD' } as Operation)).resolves.toEqual({
read: true,
append: false,
write: false,
control: false,
});
await expect(extractor.handle({ method: 'HEAD' } as Operation)).resolves.toEqual(new Set([ AccessMode.read ]));
});
it('requires read for GET operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'GET' } as Operation)).resolves.toEqual({
read: true,
append: false,
write: false,
control: false,
});
await expect(extractor.handle({ method: 'GET' } as Operation)).resolves.toEqual(new Set([ AccessMode.read ]));
});
it('requires append for POST operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'POST' } as Operation)).resolves.toEqual({
read: false,
append: true,
write: false,
control: false,
});
await expect(extractor.handle({ method: 'POST' } as Operation)).resolves.toEqual(new Set([ AccessMode.append ]));
});
it('requires write for PUT operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'PUT' } as Operation)).resolves.toEqual({
read: false,
append: true,
write: true,
control: false,
});
await expect(extractor.handle({ method: 'PUT' } as Operation))
.resolves.toEqual(new Set([ AccessMode.append, AccessMode.write ]));
});
it('requires write for DELETE operations.', async(): Promise<void> => {
await expect(extractor.handle({ method: 'DELETE' } as Operation)).resolves.toEqual({
read: false,
append: true,
write: true,
control: false,
});
await expect(extractor.handle({ method: 'DELETE' } as Operation))
.resolves.toEqual(new Set([ AccessMode.append, AccessMode.write ]));
});
});

42
test/unit/ldp/permissions/SparqlPatchPermissionsExtractor.test.ts → test/unit/ldp/permissions/SparqlPatchModesExtractor.test.ts
View File

@@ -1,11 +1,12 @@
import { Factory } from 'sparqlalgebrajs';
import type { SparqlUpdatePatch } from '../../../../src/ldp/http/SparqlUpdatePatch';
import type { Operation } from '../../../../src/ldp/operations/Operation';
import { SparqlPatchPermissionsExtractor } from '../../../../src/ldp/permissions/SparqlPatchPermissionsExtractor';
import { AccessMode } from '../../../../src/ldp/permissions/PermissionSet';
import { SparqlPatchModesExtractor } from '../../../../src/ldp/permissions/SparqlPatchModesExtractor';
import { NotImplementedHttpError } from '../../../../src/util/errors/NotImplementedHttpError';
describe('A SparqlPatchPermissionsExtractor', (): void => {
const extractor = new SparqlPatchPermissionsExtractor();
describe('A SparqlPatchModesExtractor', (): void => {
const extractor = new SparqlPatchModesExtractor();
const factory = new Factory();
it('can only handle (composite) SPARQL DELETE/INSERT PATCH operations.', async(): Promise<void> => {
@@ -37,12 +38,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
method: 'PATCH',
body: { algebra: factory.createNop() },
} as unknown as Operation;
await expect(extractor.handle(operation)).resolves.toEqual({
read: false,
append: false,
write: false,
control: false,
});
await expect(extractor.handle(operation)).resolves.toEqual(new Set());
});
it('requires append for INSERT operations.', async(): Promise<void> => {
@@ -52,12 +48,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
]) },
} as unknown as Operation;
await expect(extractor.handle(operation)).resolves.toEqual({
read: false,
append: true,
write: false,
control: false,
});
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append ]));
});
it('requires write for DELETE operations.', async(): Promise<void> => {
@@ -67,12 +58,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
]) },
} as unknown as Operation;
await expect(extractor.handle(operation)).resolves.toEqual({
read: false,
append: true,
write: true,
control: false,
});
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append, AccessMode.write ]));
});
it('requires append for composite operations with an insert.', async(): Promise<void> => {
@@ -82,12 +68,7 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
]) ]) },
} as unknown as Operation;
await expect(extractor.handle(operation)).resolves.toEqual({
read: false,
append: true,
write: false,
control: false,
});
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append ]));
});
it('requires write for composite operations with a delete.', async(): Promise<void> => {
@@ -100,11 +81,6 @@ describe('A SparqlPatchPermissionsExtractor', (): void => {
factory.createPattern(factory.createTerm('<s>'), factory.createTerm('<p>'), factory.createTerm('<o>')),
]) ]) },
} as unknown as Operation;
await expect(extractor.handle(operation)).resolves.toEqual({
read: false,
append: true,
write: true,
control: false,
});
await expect(extractor.handle(operation)).resolves.toEqual(new Set([ AccessMode.append, AccessMode.write ]));
});
});