From 890df7fa6eed6294784288ea3678b88830854edd Mon Sep 17 00:00:00 2001 From: Gilles Vieira Date: Thu, 5 Dec 2024 09:59:46 +0100 Subject: [PATCH] test: acceptance params Signed-off-by: Gilles Vieira --- tests/acceptance/application/query_test.ts | 263 +++++++++++++++++++ tests/unit/domain/models/QueryAccess_test.ts | 2 +- 2 files changed, 264 insertions(+), 1 deletion(-) diff --git a/tests/acceptance/application/query_test.ts b/tests/acceptance/application/query_test.ts index 3f8ad4d..c3eebb8 100644 --- a/tests/acceptance/application/query_test.ts +++ b/tests/acceptance/application/query_test.ts @@ -24,6 +24,8 @@ describe('Acceptance | query', function () { afterEach(async function () { await knexAPI('query_access').delete(); await knexAPI('user-logins').delete(); + await knexAPI('query_param_access').delete(); + await knexAPI('catalog_query_params').delete(); await knexAPI('users').delete(); await knexAPI('catalog_queries').delete(); }); @@ -130,6 +132,267 @@ describe('Acceptance | query', function () { }); }); + context('when user use params', function () { + context('when user does not have access to param', function () { + it('should return a proper error with status code 422', async function () { + // given + const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af'; + const otherUserId = '26f6efcc-ce13-4b20-b6ea-5bebae6115ae'; + + await knexAPI('users').insert({ + id: otherUserId, + username: 'gigi_lamorosa', + label: 'Gigi l\'amorosa', + hashed_password: 'coucou', + }); + + await knexAPI('catalog_queries').insert({ + id: queryId, + sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`, + name: 'foo', + }); + await knexAPI('query_access').insert({ + query_id: queryId, + user_id: userId, + }); + await knexAPI('catalog_query_params').insert({ + id: 1, + catalog_query_id: queryId, + name: 'acamdemie', + type: 'string', + mandatory: true, + }); + await knexAPI('query_param_access').insert({ + id: queryId, + user_id: otherUserId, + query_param_id: 1, + value: 'Bordeaux', + }); + + const payload = { + queryId, + params: [{ name: 'academie', value: 'Paris' }], + }; + + // when + const server = await createServer(); + const response = await server.inject({ + method: 'POST', + url: '/query', + payload, + headers: { authorization: headers }, + }); + // then + expect(response.statusCode).to.equal(422); + expect(JSON.parse(response.payload)).to.deep.equal({ + status: 'failure', + messages: ['User is not allowed to run this query'], + }); + }); + }); + context('when user has access to param', function () { + it('should return a proper payload response with status code 200', async function () { + // given + const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af'; + + await knexAPI('catalog_queries').insert({ + id: queryId, + sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`, + name: 'foo', + }); + await knexAPI('query_access').insert({ + query_id: queryId, + user_id: userId, + }); + await knexAPI('catalog_query_params').insert({ + id: 1, + catalog_query_id: queryId, + name: 'academie', + type: 'string', + mandatory: true, + }); + await knexAPI('query_param_access').insert({ + id: queryId, + user_id: userId, + query_param_id: 1, + value: 'Bordeaux', + }); + + const payload = { + queryId, + params: [{ name: 'academie', value: 'Bordeaux' }], + }; + + // when + const server = await createServer(); + const response = await server.inject({ + method: 'POST', + url: '/query', + payload, + headers: { authorization: headers }, + }); + + // then + expect(response.statusCode).to.equal(200); + expect(JSON.parse(response.payload)).to.deep.equal({ + status: 'success', + data: [{ count: 1 }], + messages: [], + }); + }); + }); + context('when user does not have access to value', function () { + it('should return a proper error with status code 422', async function () { + // given + const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af'; + + await knexAPI('catalog_queries').insert({ + id: queryId, + sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`, + name: 'foo', + }); + await knexAPI('query_access').insert({ + query_id: queryId, + user_id: userId, + }); + await knexAPI('catalog_query_params').insert({ + id: 1, + catalog_query_id: queryId, + name: 'academie', + type: 'string', + mandatory: true, + }); + await knexAPI('query_param_access').insert({ + id: queryId, + user_id: userId, + query_param_id: 1, + value: 'Bordeaux', + }); + + const payload = { + queryId, + params: [{ name: 'academie', value: 'Paris' }], + }; + + // when + const server = await createServer(); + const response = await server.inject({ + method: 'POST', + url: '/query', + payload, + headers: { authorization: headers }, + }); + + // then + expect(response.statusCode).to.equal(422); + expect(JSON.parse(response.payload)).to.deep.equal({ + status: 'failure', + messages: ['No access to requested params'], + }); + }); + }); + context('when user does not have access to wildcard', function () { + it('should return a proper error with status code 403', async function () { + // given + const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af'; + + await knexAPI('catalog_queries').insert({ + id: queryId, + sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`, + name: 'foo', + }); + await knexAPI('query_access').insert({ + query_id: queryId, + user_id: userId, + }); + await knexAPI('catalog_query_params').insert({ + id: 1, + catalog_query_id: queryId, + name: 'academie', + type: 'string', + mandatory: true, + }); + await knexAPI('query_param_access').insert({ + id: queryId, + user_id: userId, + query_param_id: 1, + value: 'Bordeaux', + }); + + const payload = { + queryId, + params: [{ name: 'academie', value: 'Paris' }], + }; + + // when + const server = await createServer(); + const response = await server.inject({ + method: 'POST', + url: '/query', + payload, + headers: { authorization: headers }, + }); + + // then + expect(response.statusCode).to.equal(422); + expect(JSON.parse(response.payload)).to.deep.equal({ + status: 'failure', + messages: ['No access to requested params'], + }); + }); + }); + context('when user has access to wildcard', function () { + it('should return a proper payload response with status code 200', async function () { + // given + const queryId = '26f6efcc-ce13-4b20-b6ea-5bebae6115af'; + + await knexAPI('catalog_queries').insert({ + id: queryId, + sql_query: `SELECT COUNT(*) as count FROM public.data_ref_academies where nom = {{ academie }}`, + name: 'foo', + }); + await knexAPI('query_access').insert({ + query_id: queryId, + user_id: userId, + }); + await knexAPI('catalog_query_params').insert({ + id: 1, + catalog_query_id: queryId, + name: 'academie', + type: 'string', + mandatory: true, + }); + await knexAPI('query_param_access').insert({ + id: queryId, + user_id: userId, + query_param_id: 1, + value: '*', + }); + + const payload = { + queryId, + params: [{ name: 'academie', value: 'Bordeaux' }], + }; + + // when + const server = await createServer(); + const response = await server.inject({ + method: 'POST', + url: '/query', + payload, + headers: { authorization: headers }, + }); + + // then + expect(response.statusCode).to.equal(200); + expect(JSON.parse(response.payload)).to.deep.equal({ + status: 'success', + data: [{ count: 1 }], + messages: [], + }); + }); + }); + }); context('when user request response in csv', function () { it('should return a csv response with status code 200', async function () { // given diff --git a/tests/unit/domain/models/QueryAccess_test.ts b/tests/unit/domain/models/QueryAccess_test.ts index d7487c9..06d8f8f 100644 --- a/tests/unit/domain/models/QueryAccess_test.ts +++ b/tests/unit/domain/models/QueryAccess_test.ts @@ -59,7 +59,7 @@ describe('Unit | Domain | Models | QueryAccess', function () { }); }); - context('when userCommandParams is wildcard', function () { + context('when userCommandParams has access to all values', function () { it('should return true', function () { // given const queryAccess: QueryAccess = {