Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
CommunitySolidServer/test/unit/authorization/OwnerPermissionReader.test.ts
Joachim Van Herwegen a47f5236ef feat: Full rework of account management 
Complete rewrite of the account management and related systems.
Makes the architecture more modular,
allowing for easier extensions and configurations.
2023-10-06 11:04:40 +02:00

98 lines
4.1 KiB
TypeScript
Raw Blame History

import type { Credentials } from '../../../src/authentication/Credentials';
import { OwnerPermissionReader } from '../../../src/authorization/OwnerPermissionReader';
import { AclMode } from '../../../src/authorization/permissions/AclPermissionSet';
import type { AccessMap } from '../../../src/authorization/permissions/Permissions';
import type { AuxiliaryIdentifierStrategy } from '../../../src/http/auxiliary/AuxiliaryIdentifierStrategy';
import type { ResourceIdentifier } from '../../../src/http/representation/ResourceIdentifier';
import type { Account } from '../../../src/identity/interaction/account/util/Account';
import type { AccountStore } from '../../../src/identity/interaction/account/util/AccountStore';
import type { WebIdStore } from '../../../src/identity/interaction/webid/util/WebIdStore';
import { SingleRootIdentifierStrategy } from '../../../src/util/identifiers/SingleRootIdentifierStrategy';
import { IdentifierMap, IdentifierSetMultiMap } from '../../../src/util/map/IdentifierMap';
import { createAccount } from '../../util/AccountUtil';
import { compareMaps } from '../../util/Util';
describe('An OwnerPermissionReader', (): void => {
const owner = 'http://example.com/alice/profile/card#me';
const podBaseUrl = 'http://example.com/alice/';
let credentials: Credentials;
let identifier: ResourceIdentifier;
let requestedModes: AccessMap;
let account: Account;
let accountStore: jest.Mocked<AccountStore>;
let webIdStore: jest.Mocked<WebIdStore>;
let aclStrategy: jest.Mocked<AuxiliaryIdentifierStrategy>;
const identifierStrategy = new SingleRootIdentifierStrategy('http://example.com/');
let reader: OwnerPermissionReader;
beforeEach(async(): Promise<void> => {
credentials = { agent: { webId: owner }};
identifier = { path: `${podBaseUrl}.acl` };
requestedModes = new IdentifierSetMultiMap([[ identifier, AclMode.control ]]) as any;
account = createAccount();
account.pods[podBaseUrl] = 'url';
account.webIds[owner] = 'url';
webIdStore = {
get: jest.fn().mockResolvedValue([ account.id ]),
} as any;
accountStore = {
get: jest.fn().mockResolvedValue(account),
} as any;
aclStrategy = {
isAuxiliaryIdentifier: jest.fn((id): boolean => id.path.endsWith('.acl')),
} as any;
reader = new OwnerPermissionReader(webIdStore, accountStore, aclStrategy, identifierStrategy);
});
it('returns empty permissions for non-ACL resources.', async(): Promise<void> => {
identifier.path = podBaseUrl;
compareMaps(await reader.handle({ credentials, requestedModes }), new IdentifierMap());
});
it('returns empty permissions if there is no agent WebID.', async(): Promise<void> => {
credentials = {};
compareMaps(await reader.handle({ credentials, requestedModes }), new IdentifierMap());
});
it('returns empty permissions if the agent has no account.', async(): Promise<void> => {
webIdStore.get.mockResolvedValueOnce([]);
compareMaps(await reader.handle({ credentials, requestedModes }), new IdentifierMap());
});
it('returns empty permissions if no account was found for the stored ID.', async(): Promise<void> => {
accountStore.get.mockResolvedValueOnce(undefined);
compareMaps(await reader.handle({ credentials, requestedModes }), new IdentifierMap());
});
it('returns empty permissions if the account has no pod.', async(): Promise<void> => {
delete account.pods[podBaseUrl];
compareMaps(await reader.handle({ credentials, requestedModes }), new IdentifierMap());
});
it('returns empty permissions if the target identifier is not in the pod.', async(): Promise<void> => {
identifier.path = 'http://somewhere.else/.acl';
compareMaps(await reader.handle({ credentials, requestedModes }), new IdentifierMap());
});
it('returns full permissions if the owner is accessing an ACL resource in their pod.', async(): Promise<void> => {
compareMaps(await reader.handle({ credentials, requestedModes }), new IdentifierMap([[
identifier,
{
read: true,
write: true,
append: true,
create: true,
delete: true,
control: true,
},
]]));
});
});
Reference in New Issue View Git Blame Copy Permalink