diff --git a/packages/server-core/src/http/controllers/core/analysis-permission/utils/validation.ts b/packages/server-core/src/http/controllers/core/analysis-permission/utils/validation.ts index c0b5ce668..dbca1209b 100644 --- a/packages/server-core/src/http/controllers/core/analysis-permission/utils/validation.ts +++ b/packages/server-core/src/http/controllers/core/analysis-permission/utils/validation.ts @@ -80,23 +80,28 @@ export async function runAnalysisPermissionValidation( throw e; } + // todo: this is not possible right now :/ + /* const data = buildAbilityFromPermission(permission); const ability = useRequestEnv(req, 'abilities'); if (!ability.has(data)) { throw new ForbiddenError(`You don't own the permission ${data.name}`); } + */ - try { - const policy = await authup.policy.getOne(result.data.policy_id); + if (result.data.policy_id) { + try { + const policy = await authup.policy.getOne(result.data.policy_id); - result.data.policy = policy; - result.data.policy_id = policy.id; - } catch (e) { - if (isClientErrorWithStatusCode(e, 404)) { - throw new BadRequestError(buildHTTPValidationErrorMessage('permission_id')); - } + result.data.policy = policy; + result.data.policy_id = policy.id; + } catch (e) { + if (isClientErrorWithStatusCode(e, 404)) { + throw new BadRequestError(buildHTTPValidationErrorMessage('permission_id')); + } - throw e; + throw e; + } } } diff --git a/packages/server-core/test/unit/http/analysis-permission.spec.ts b/packages/server-core/test/unit/http/analysis-permission.spec.ts new file mode 100644 index 000000000..fef5ec639 --- /dev/null +++ b/packages/server-core/test/unit/http/analysis-permission.spec.ts @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2021-2024. + * Author Peter Placzek (tada5hi) + * For the full copyright and license information, + * view the LICENSE file that was distributed with this source code. + */ + +import { extendObject } from '@authup/kit'; +import type { AnalysisPermission } from '@privateaim/core-kit'; +import { isAuthupClientUsable, useAuthupClient } from '@privateaim/server-kit'; +import { + createTestSuite, + expectPropertiesEqualToSrc, + removeDateProperties, +} from '../../utils'; +import { + createTestNode, createTestProject, +} from '../../utils/domains'; + +describe('src/controllers/core/analysis-permission', () => { + const suite = createTestSuite(); + + beforeAll(async () => { + await suite.up(); + }); + + afterAll(async () => { + await suite.down(); + }); + + const attributes : Partial = { + permission_id: '667672f6-1c6b-468f-947f-6370cf18454c', + }; + + it('should create resource', async () => { + const client = suite.client(); + + const project = await client.project.create(createTestProject()); + expect(project.id).toBeDefined(); + + const node = await client.node.create(createTestNode()); + expect(node.id).toBeDefined(); + + // todo: maybe create authup policy + if (isAuthupClientUsable()) { + const authup = useAuthupClient(); + + const permission = await authup.permission.create({ name: 'analysis_permission' }); + attributes.permission_id = permission.id; + } + + const analysisPermission = await client.analysisPermission.create(attributes); + extendObject(attributes, removeDateProperties(analysisPermission)); + }); + + it('should read collection', async () => { + const client = suite.client(); + const { data } = await client.analysisPermission.getMany(); + expect(data.length).toBeGreaterThanOrEqual(1); + }); + + it('should read resource', async () => { + const client = suite.client(); + + const data = await client.analysisPermission.getOne(attributes.id); + expectPropertiesEqualToSrc(attributes, data); + }); + + it('should delete resource', async () => { + const client = suite.client(); + + await client.analysisPermission.delete(attributes.id); + }); +}); diff --git a/packages/server-core/test/unit/http/analysis-permission.ts b/packages/server-core/test/unit/http/analysis-permission.ts deleted file mode 100644 index 0eb5a262d..000000000 --- a/packages/server-core/test/unit/http/analysis-permission.ts +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2021-2024. - * Author Peter Placzek (tada5hi) - * For the full copyright and license information, - * view the LICENSE file that was distributed with this source code. - */ - -import { extendObject } from '@authup/kit'; -import type { AnalysisPermission } from '@privateaim/core-kit'; -import { isAuthupClientUsable, useAuthupClient } from '@privateaim/server-kit'; -import { - dropTestDatabase, expectPropertiesEqualToSrc, removeDateProperties, useSuperTest, useTestDatabase, -} from '../../utils'; -import { - createSuperTestAnalysis, - createSuperTestProject, -} from '../../utils/domains'; - -describe('src/controllers/core/analysis-permission', () => { - const superTest = useSuperTest(); - - beforeAll(async () => { - await useTestDatabase(); - }); - - afterAll(async () => { - await dropTestDatabase(); - }); - - const attributes : Partial = { - permission_id: '667672f6-1c6b-468f-947f-6370cf18454c', - }; - - it('should create resource', async () => { - const project = await createSuperTestProject(superTest); - expect(project.body.id).toBeDefined(); - - const analysis = await createSuperTestAnalysis(superTest, { - project_id: project.body.id, - }); - expect(analysis.body.id).toBeDefined(); - attributes.analysis_id = analysis.body.id; - - // todo: maybe create authup policy - - if (isAuthupClientUsable()) { - const authup = useAuthupClient(); - const permission = await authup.permission.create({ name: 'analysis_permission' }); - attributes.permission_id = permission.id; - } - - const response = await superTest - .post('/analysis-permissions') - .auth('admin', 'start123') - .send(attributes); - - expect(response.status).toEqual(201); - expect(response.body).toBeDefined(); - - delete response.body.analysis; - delete response.body.node; - - extendObject(attributes, removeDateProperties(response.body)); - }); - - it('should read collection', async () => { - const response = await superTest - .get('/analysis-permissions') - .auth('admin', 'start123'); - - expect(response.status).toEqual(200); - expect(response.body).toBeDefined(); - expect(response.body.data).toBeDefined(); - expect(response.body.data.length).toBeGreaterThanOrEqual(1); - }); - - it('should read resource', async () => { - const response = await superTest - .get(`/analysis-permissions/${attributes.id}`) - .auth('admin', 'start123'); - - expect(response.status).toEqual(200); - expect(response.body).toBeDefined(); - - expectPropertiesEqualToSrc(attributes, response.body); - }); - - it('should delete resource', async () => { - const response = await superTest - .delete(`/analysis-permissions/${attributes.id}`) - .auth('admin', 'start123'); - - expect(response.status).toEqual(202); - }); -});