From 714be28acb61ec0e6753aba30873986bbbf6a31a Mon Sep 17 00:00:00 2001
From: Gregor <gregor@martynus.net>
Date: Mon, 12 Sep 2016 23:26:30 -0700
Subject: [PATCH] test(store): POST db/_all_docs is still just a read

---
 test/unit/config/store-pre-auth-hook-test.js | 50 ++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/test/unit/config/store-pre-auth-hook-test.js b/test/unit/config/store-pre-auth-hook-test.js
index 59e9ac1..0ffd79e 100644
--- a/test/unit/config/store-pre-auth-hook-test.js
+++ b/test/unit/config/store-pre-auth-hook-test.js
@@ -242,6 +242,56 @@ test('store pre auth hook not public access & session found', function (t) {
   })
 })
 
+test('store pre auth hook read-only byy users for POST db/_all_docs', function (t) {
+  var findSessionStub = simple.stub().resolveWith({
+    id: 'session123',
+    account: {
+      id: 'account123',
+      roles: []
+    }
+  })
+  var hasAccessStub = simple.stub().callFn(function (name, options) {
+    if (options.role) {
+      return Promise.resolve(true) // accessiable to signed in user
+    }
+
+    return Promise.resolve(false) // not public access
+  })
+  var serverStub = {
+    plugins: {
+      account: {
+        api: {
+          sessions: {
+            find: findSessionStub
+          }
+        }
+      },
+      store: {
+        api: {
+          hasAccess: hasAccessStub
+        }
+      }
+    }
+  }
+  var request = {
+    method: 'post',
+    path: '/hoodie/store/api/user%2F456/_all_docs',
+    headers: {
+      authorization: 'Session session123'
+    },
+    connection: {
+      server: serverStub
+    }
+  }
+
+  t.plan(1)
+  preAuthHook(request, {
+    continue: function () {
+      t.pass('all good')
+    }
+  })
+})
+
 test('store pre auth hook unauthorized error', function (t) {
   var session = {
     session: {