Skip to content

Commit

Permalink
test: acceptance params
Browse files Browse the repository at this point in the history 
Signed-off-by: Gilles Vieira <[email protected]>
  • Loading branch information
@sandalfon
sandalfon committed Dec 5, 2024
1 parent bd39ded commit 890df7f
Show file tree
Hide file tree
Showing 2 changed files with 264 additions and 1 deletion.
263 changes: 263 additions & 0 deletions tests/acceptance/application/query_test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ describe('Acceptance | query', function () {
afterEach(async function () {
await knexAPI('query_access').delete();
await knexAPI('user-logins').delete();
await knexAPI('query_param_access').delete();
await knexAPI('catalog_query_params').delete();
await knexAPI('users').delete();
await knexAPI('catalog_queries').delete();
});
Expand Down Expand Up @@ -130,6 +132,267 @@ describe('Acceptance | query', function () {
});
});

context('when user use params', function () {
context('when user does not have access to param', function () {
it('should return a proper error with status code 422', async function () {
// given
const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af';
const otherUserId = '26f6efcc-ce13-4b20-b6ea-5bebae6115ae';

await knexAPI('users').insert({
id: otherUserId,
username: 'gigi_lamorosa',
label: 'Gigi l\'amorosa',
hashed_password: 'coucou',
});

await knexAPI('catalog_queries').insert({
id: queryId,
sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`,
name: 'foo',
});
await knexAPI('query_access').insert({
query_id: queryId,
user_id: userId,
});
await knexAPI('catalog_query_params').insert({
id: 1,
catalog_query_id: queryId,
name: 'acamdemie',
type: 'string',
mandatory: true,
});
await knexAPI('query_param_access').insert({
id: queryId,
user_id: otherUserId,
query_param_id: 1,
value: 'Bordeaux',
});

const payload = {
queryId,
params: <any>[{ name: 'academie', value: 'Paris' }],
};

// when
const server = await createServer();
const response = await server.inject({
method: 'POST',
url: '/query',
payload,
headers: { authorization: headers },
});
// then
expect(response.statusCode).to.equal(422);
expect(JSON.parse(response.payload)).to.deep.equal({
status: 'failure',
messages: ['User is not allowed to run this query'],
});
});
});
context('when user has access to param', function () {
it('should return a proper payload response with status code 200', async function () {
// given
const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af';

await knexAPI('catalog_queries').insert({
id: queryId,
sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`,
name: 'foo',
});
await knexAPI('query_access').insert({
query_id: queryId,
user_id: userId,
});
await knexAPI('catalog_query_params').insert({
id: 1,
catalog_query_id: queryId,
name: 'academie',
type: 'string',
mandatory: true,
});
await knexAPI('query_param_access').insert({
id: queryId,
user_id: userId,
query_param_id: 1,
value: 'Bordeaux',
});

const payload = {
queryId,
params: <any>[{ name: 'academie', value: 'Bordeaux' }],
};

// when
const server = await createServer();
const response = await server.inject({
method: 'POST',
url: '/query',
payload,
headers: { authorization: headers },
});

// then
expect(response.statusCode).to.equal(200);
expect(JSON.parse(response.payload)).to.deep.equal({
status: 'success',
data: [{ count: 1 }],
messages: [],
});
});
});
context('when user does not have access to value', function () {
it('should return a proper error with status code 422', async function () {
// given
const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af';

await knexAPI('catalog_queries').insert({
id: queryId,
sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`,
name: 'foo',
});
await knexAPI('query_access').insert({
query_id: queryId,
user_id: userId,
});
await knexAPI('catalog_query_params').insert({
id: 1,
catalog_query_id: queryId,
name: 'academie',
type: 'string',
mandatory: true,
});
await knexAPI('query_param_access').insert({
id: queryId,
user_id: userId,
query_param_id: 1,
value: 'Bordeaux',
});

const payload = {
queryId,
params: <any>[{ name: 'academie', value: 'Paris' }],
};

// when
const server = await createServer();
const response = await server.inject({
method: 'POST',
url: '/query',
payload,
headers: { authorization: headers },
});

// then
expect(response.statusCode).to.equal(422);
expect(JSON.parse(response.payload)).to.deep.equal({
status: 'failure',
messages: ['No access to requested params'],
});
});
});
context('when user does not have access to wildcard', function () {
it('should return a proper error with status code 403', async function () {
// given
const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af';

await knexAPI('catalog_queries').insert({
id: queryId,
sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`,
name: 'foo',
});
await knexAPI('query_access').insert({
query_id: queryId,
user_id: userId,
});
await knexAPI('catalog_query_params').insert({
id: 1,
catalog_query_id: queryId,
name: 'academie',
type: 'string',
mandatory: true,
});
await knexAPI('query_param_access').insert({
id: queryId,
user_id: userId,
query_param_id: 1,
value: 'Bordeaux',
});

const payload = {
queryId,
params: <any>[{ name: 'academie', value: 'Paris' }],
};

// when
const server = await createServer();
const response = await server.inject({
method: 'POST',
url: '/query',
payload,
headers: { authorization: headers },
});

// then
expect(response.statusCode).to.equal(422);
expect(JSON.parse(response.payload)).to.deep.equal({
status: 'failure',
messages: ['No access to requested params'],
});
});
});
context('when user has access to wildcard', function () {
it('should return a proper payload response with status code 200', async function () {
// given
const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af';

await knexAPI('catalog_queries').insert({
id: queryId,
sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`,
name: 'foo',
});
await knexAPI('query_access').insert({
query_id: queryId,
user_id: userId,
});
await knexAPI('catalog_query_params').insert({
id: 1,
catalog_query_id: queryId,
name: 'academie',
type: 'string',
mandatory: true,
});
await knexAPI('query_param_access').insert({
id: queryId,
user_id: userId,
query_param_id: 1,
value: '*',
});

const payload = {
queryId,
params: <any>[{ name: 'academie', value: 'Bordeaux' }],
};

// when
const server = await createServer();
const response = await server.inject({
method: 'POST',
url: '/query',
payload,
headers: { authorization: headers },
});

// then
expect(response.statusCode).to.equal(200);
expect(JSON.parse(response.payload)).to.deep.equal({
status: 'success',
data: [{ count: 1 }],
messages: [],
});
});
});
});
context('when user request response in csv', function () {
it('should return a csv response with status code 200', async function () {
// given
Expand Down
2 changes: 1 addition & 1 deletion tests/unit/domain/models/QueryAccess_test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ describe('Unit | Domain | Models | QueryAccess', function () {
});
});

context('when userCommandParams is wildcard', function () {
context('when userCommandParams has access to all values', function () {
it('should return true', function () {
// given
const queryAccess: QueryAccess = {
Expand Down

0 comments on commit 890df7f

Please sign in to comment.