Skip to content

Commit 042d49a

Browse files
mailmesriza98mailmesriza98
committed
added data levels constants and tests
1 parent 4f13cad commit 042d49a

File tree

6 files changed

+56
-128
lines changed

6 files changed

+56
-128
lines changed

constants/userDataLevels.js

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
const ACCESS_LEVEL = {
2+
PUBLIC: "public",
3+
INTERNAL: "internal",
4+
PRIVATE: "private",
5+
CONFIDENTIAL: "confidential",
6+
};
7+
8+
const ROLE_LEVEL = {
9+
private: ["super_user"],
10+
internal: ["super_user"],
11+
confidential: ["super_user"],
12+
};
13+
14+
const ROLE_ACCESS = {
15+
public: ["email", "phone", "chaincode"],
16+
internal: ["phone", "chaincode"],
17+
private: ["chaincode"],
18+
confidential: [],
19+
};
20+
21+
module.exports = { ACCESS_LEVEL, ROLE_ACCESS, ROLE_LEVEL };

constants/users.js

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,6 @@ const profileStatus = {
44
NOT_APPROVED: "NOT APPROVED",
55
};
66

7-
const USER_SENSITIVE_DATA = ["phone", "email", "chaincode", "tokens"];
8-
97
const USER_STATUS = {
108
OOO: "ooo",
119
IDLE: "idle",
@@ -23,5 +21,4 @@ module.exports = {
2321
profileStatus,
2422
USER_STATUS,
2523
ALLOWED_FILTER_PARAMS,
26-
USER_SENSITIVE_DATA,
2724
};

services/dataAccessLayer.js

Lines changed: 8 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,6 @@
11
const userQuery = require("../models/users");
22
const members = require("../models/members");
3-
const { USER_SENSITIVE_DATA } = require("../constants/users");
4-
const ACCESS_LEVEL = {
5-
PUBLIC: "public",
6-
INTERNAL: "internal",
7-
PRIVATE: "private",
8-
CONFIDENTIAL: "confidential",
9-
};
3+
const { ROLE_LEVEL, ROLE_ACCESS, ACCESS_LEVEL } = require("../constants/userDataLevels");
104

115
const retrieveUsers = async ({
126
id = null,
@@ -83,42 +77,20 @@ const retrieveUsersWithRole = async (role) => {
8377
return users;
8478
};
8579

86-
const removeSensitiveInfo = function (obj) {
87-
for (let i = 0; i < USER_SENSITIVE_DATA.length; i++) {
88-
if (Object.prototype.hasOwnProperty.call(obj, USER_SENSITIVE_DATA[i])) {
89-
delete obj[USER_SENSITIVE_DATA[i]];
90-
}
91-
}
92-
};
93-
94-
const privilegedAccess = (user, data, level) => {
95-
if ("email" in data) {
96-
user.email = data.email;
97-
}
98-
if (level === ACCESS_LEVEL.PRIVATE || level === ACCESS_LEVEL.CONFIDENTIAL) {
99-
if ("phone" in data) {
100-
user.phone = data.phone;
101-
}
102-
}
103-
if (level === ACCESS_LEVEL.CONFIDENTIAL) {
104-
if ("chaincode" in data) {
105-
user.chaincode = data.chaincode;
80+
const removeSensitiveInfo = function (obj, level = ACCESS_LEVEL.PUBLIC) {
81+
for (let i = 0; i < ROLE_ACCESS[level].length; i++) {
82+
if (Object.prototype.hasOwnProperty.call(obj, ROLE_ACCESS[level][i])) {
83+
delete obj[ROLE_ACCESS[level][i]];
10684
}
10785
}
108-
return user;
10986
};
11087

11188
const levelSpecificAccess = (user, level = ACCESS_LEVEL.PUBLIC, role = null) => {
112-
const unFilteredData = JSON.parse(JSON.stringify(user));
113-
removeSensitiveInfo(user);
114-
if (level === ACCESS_LEVEL.PUBLIC) {
89+
if (level === ACCESS_LEVEL.PUBLIC || ROLE_LEVEL[level].includes(role)) {
90+
removeSensitiveInfo(user, level);
11591
return user;
11692
}
117-
if (role === null || !role.super_user) {
118-
return "unauthorized";
119-
}
120-
121-
return privilegedAccess(user, unFilteredData, level);
93+
return "unauthorized";
12294
};
12395

12496
module.exports = {
@@ -128,7 +100,5 @@ module.exports = {
128100
retrieveMembers,
129101
retrieveUsersWithRole,
130102
retreiveFilteredUsers,
131-
privilegedAccess,
132103
levelSpecificAccess,
133-
ACCESS_LEVEL,
134104
};

test/integration/users.test.js

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -290,7 +290,6 @@ describe("Users", function () {
290290
expect(res.body.users).to.be.a("array");
291291
expect(res.body.users[0]).to.not.have.property("phone");
292292
expect(res.body.users[0]).to.not.have.property("email");
293-
expect(res.body.users[0]).to.not.have.property("tokens");
294293
expect(res.body.users[0]).to.not.have.property("chaincode");
295294

296295
return done();
@@ -315,7 +314,6 @@ describe("Users", function () {
315314
});
316315
expect(res.body.users[0]).to.not.have.property("phone");
317316
expect(res.body.users[0]).to.not.have.property("email");
318-
expect(res.body.users[0]).to.not.have.property("tokens");
319317
expect(res.body.users[0]).to.not.have.property("chaincode");
320318
return done();
321319
});
@@ -341,7 +339,6 @@ describe("Users", function () {
341339
expect(res.body.users.length).to.equal(1);
342340
expect(res.body.users[0]).to.not.have.property("phone");
343341
expect(res.body.users[0]).to.not.have.property("email");
344-
expect(res.body.users[0]).to.not.have.property("tokens");
345342
expect(res.body.users[0]).to.not.have.property("chaincode");
346343
return done();
347344
});
@@ -552,7 +549,6 @@ describe("Users", function () {
552549
expect(res.body).to.be.a("object");
553550
expect(res.body).to.not.have.property("phone");
554551
expect(res.body).to.not.have.property("email");
555-
expect(res.body).to.not.have.property("tokens");
556552
expect(res.body).to.not.have.property("chaincode");
557553
return done();
558554
});
@@ -597,7 +593,6 @@ describe("Users", function () {
597593
expect(res.body.user).to.be.a("object");
598594
expect(res.body.user).to.not.have.property("phone");
599595
expect(res.body.user).to.not.have.property("email");
600-
expect(res.body.user).to.not.have.property("tokens");
601596
expect(res.body.user).to.not.have.property("chaincode");
602597
return done();
603598
});
@@ -639,7 +634,6 @@ describe("Users", function () {
639634
expect(res.body.user).to.be.a("object");
640635
expect(res.body.user).to.not.have.property("phone");
641636
expect(res.body.user).to.not.have.property("email");
642-
expect(res.body.user).to.not.have.property("tokens");
643637
expect(res.body.user).to.not.have.property("chaincode");
644638
return done();
645639
});

test/integration/usersFilter.test.js

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -365,7 +365,6 @@ describe("Filter Users", function () {
365365
res.body.users.forEach((user) => {
366366
expect(user).to.not.have.property("phone");
367367
expect(user).to.not.have.property("email");
368-
expect(user).to.not.have.property("tokens");
369368
});
370369
return done();
371370
});

test/unit/services/dataAccessLayer.test.js

Lines changed: 27 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -12,17 +12,17 @@ const {
1212
retrieveUsersWithRole,
1313
retrieveMembers,
1414
retreiveFilteredUsers,
15-
privilegedAccess,
1615
levelSpecificAccess,
17-
ACCESS_LEVEL,
1816
} = require("../../../services/dataAccessLayer");
1917

18+
const { ROLE_ACCESS, ACCESS_LEVEL } = require("../../../constants/userDataLevels");
19+
2020
const userData = require("../../fixtures/user/user")();
21-
const { USER_SENSITIVE_DATA } = require("../../../constants/users");
2221

2322
chai.use(chaiHttp);
2423
const expect = chai.expect;
2524
let fetchUserStub;
25+
2626
describe("Data Access Layer", function () {
2727
describe("retrieveUsers", function () {
2828
it("should fetch a single user by ID and remove sensitive info", async function () {
@@ -31,7 +31,7 @@ describe("Data Access Layer", function () {
3131
const result = await retrieveUsers({ id: userData[12].id });
3232
removeSensitiveInfo(userData[12]);
3333
expect(result.user).to.deep.equal(userData[12]);
34-
USER_SENSITIVE_DATA.forEach((key) => {
34+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
3535
expect(result.user).to.not.have.property(key);
3636
});
3737
});
@@ -41,7 +41,7 @@ describe("Data Access Layer", function () {
4141
const result = await retrieveUsers({ username: userData[12].username });
4242
removeSensitiveInfo(userData[12]);
4343
expect(result.user).to.deep.equal(userData[12]);
44-
USER_SENSITIVE_DATA.forEach((key) => {
44+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
4545
expect(result.user).to.not.have.property(key);
4646
});
4747
});
@@ -53,7 +53,7 @@ describe("Data Access Layer", function () {
5353
removeSensitiveInfo(userData[12]);
5454
result.forEach((user) => {
5555
expect(user).to.deep.equal(userData[12]);
56-
USER_SENSITIVE_DATA.forEach((key) => {
56+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
5757
expect(user).to.not.have.property(key);
5858
});
5959
});
@@ -67,7 +67,7 @@ describe("Data Access Layer", function () {
6767
removeSensitiveInfo(userData[12]);
6868
result.users.forEach((user) => {
6969
expect(user).to.deep.equal(userData[12]);
70-
USER_SENSITIVE_DATA.forEach((key) => {
70+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
7171
expect(user).to.not.have.property(key);
7272
});
7373
});
@@ -77,7 +77,7 @@ describe("Data Access Layer", function () {
7777
const userdata = userData[12];
7878
await retrieveUsers({ userdata });
7979
removeSensitiveInfo(userData[12]);
80-
USER_SENSITIVE_DATA.forEach((key) => {
80+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
8181
expect(userdata).to.not.have.property(key);
8282
});
8383
});
@@ -90,7 +90,7 @@ describe("Data Access Layer", function () {
9090
const result = await retrieveDiscordUsers();
9191
result.forEach((user) => {
9292
expect(user).to.deep.equal(userData[12]);
93-
USER_SENSITIVE_DATA.forEach((key) => {
93+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
9494
expect(user).to.not.have.property(key);
9595
});
9696
});
@@ -105,7 +105,7 @@ describe("Data Access Layer", function () {
105105
const result = await retrieveUsersWithRole(query);
106106
result.forEach((user) => {
107107
expect(user).to.deep.equal(userData[12]);
108-
USER_SENSITIVE_DATA.forEach((key) => {
108+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
109109
expect(user).to.not.have.property(key);
110110
});
111111
});
@@ -119,7 +119,7 @@ describe("Data Access Layer", function () {
119119
const result = await retrieveMembers();
120120
result.forEach((user) => {
121121
expect(user).to.deep.equal(userData[12]);
122-
USER_SENSITIVE_DATA.forEach((key) => {
122+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
123123
expect(user).to.not.have.property(key);
124124
});
125125
});
@@ -134,7 +134,7 @@ describe("Data Access Layer", function () {
134134
const result = await retreiveFilteredUsers(query);
135135
result.forEach((user) => {
136136
expect(user).to.deep.equal(userData[12]);
137-
USER_SENSITIVE_DATA.forEach((key) => {
137+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
138138
expect(user).to.not.have.property(key);
139139
});
140140
});
@@ -143,90 +143,37 @@ describe("Data Access Layer", function () {
143143

144144
describe("removeSensitiveInfo", function () {
145145
it("should remove sensitive information from the users object", function () {
146-
removeSensitiveInfo(userData);
147-
USER_SENSITIVE_DATA.forEach((key) => {
146+
removeSensitiveInfo(userData[12]);
147+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
148148
expect(userData[12]).to.not.have.property(key);
149149
});
150150
});
151151
});
152152

153-
describe("privilegedAccess", function () {
154-
it("should return default user fields if email does not exist in userdata and INTERNAL access requested", function () {
155-
const data = {};
156-
const result = privilegedAccess(userData[11], data, ACCESS_LEVEL.INTERNAL);
157-
expect(result.email).to.equal(undefined);
158-
});
159-
160-
it("should set only email for INTERNAL access if email exists", function () {
161-
const data = {
162-
email: "[email protected]",
163-
};
164-
const result = privilegedAccess(userData[11], data, ACCESS_LEVEL.INTERNAL);
165-
expect(result).to.have.property("email");
166-
});
167-
168-
it("should set email and phone for PRIVATE access if email and phone exists", function () {
169-
const data = {
170-
email: "[email protected]",
171-
phone: "1234567890",
172-
};
173-
const result = privilegedAccess(userData[11], data, ACCESS_LEVEL.PRIVATE);
174-
expect(result).to.have.property("email");
175-
expect(result).to.have.property("phone");
176-
});
177-
178-
it("should set email, phone, and chaincode for CONFIDENTIAL access if email,phone and chaincode exists", function () {
179-
const data = {
180-
email: "[email protected]",
181-
phone: "1234567890",
182-
chaincode: "abc7896",
183-
};
184-
const result = privilegedAccess(userData[11], data, ACCESS_LEVEL.CONFIDENTIAL);
185-
expect(result).to.have.property("email");
186-
expect(result).to.have.property("phone");
187-
expect(result).to.have.property("chaincode");
188-
});
189-
});
190-
191153
describe("levelSpecificAccess", function () {
192154
it("should return the user object for PUBLIC level after removing all sensitive info", function () {
193-
const result = levelSpecificAccess(userData[12], ACCESS_LEVEL.PUBLIC);
194-
USER_SENSITIVE_DATA.forEach((key) => {
155+
const result = levelSpecificAccess({ ...userData[12] }, ACCESS_LEVEL.PUBLIC);
156+
ROLE_ACCESS[ACCESS_LEVEL.PUBLIC].forEach((key) => {
195157
expect(result).to.not.have.property(key);
196158
});
197159
});
198160

199161
it('should return "unauthorized" for non-superuser role', function () {
200-
const unauthorizedRole = { role: { super_user: false } };
201-
const result = levelSpecificAccess(userData[12], ACCESS_LEVEL.PRIVATE, unauthorizedRole);
162+
const unauthorizedRole = "member";
163+
const result = levelSpecificAccess({ ...userData[12] }, ACCESS_LEVEL.PRIVATE, unauthorizedRole);
202164
expect(result).to.equal("unauthorized");
203165
});
204166

205-
it("should call privilegedAccess for INTERNAL level and super_user role", function () {
206-
userData[11].email = "[email protected]";
207-
const role = { super_user: true };
208-
const result = levelSpecificAccess(userData[11], ACCESS_LEVEL.INTERNAL, role);
167+
it("should keep sensitive info for valid role and level", function () {
168+
const user = { ...userData[12], email: "[email protected]", phone: "7890654329", chaincode: "78906" };
169+
const role = "super_user";
170+
const level = ACCESS_LEVEL.PRIVATE;
171+
const result = levelSpecificAccess(user, level, role);
172+
ROLE_ACCESS[level].forEach((key) => {
173+
expect(result).to.not.have.property(key);
174+
});
175+
expect(result).to.have.property("phone");
209176
expect(result).to.have.property("email");
210177
});
211-
212-
it("should call privilegedAccess for PRIVATE level and super_user role", function () {
213-
userData[11].email = "[email protected]";
214-
userData[11].phone = "8976509889";
215-
const role = { super_user: true };
216-
const user = levelSpecificAccess(userData[11], ACCESS_LEVEL.PRIVATE, role);
217-
expect(user).to.have.property("email");
218-
expect(user).to.have.property("phone");
219-
});
220-
221-
it("should call privilegedAccess for CONFIDENTIAL level and super_user role", function () {
222-
userData[11].email = "[email protected]";
223-
userData[11].phone = "8976509889";
224-
userData[11].chaincode = "1234567";
225-
const role = { super_user: true };
226-
const user = levelSpecificAccess(userData[11], ACCESS_LEVEL.CONFIDENTIAL, role);
227-
expect(user).to.have.property("email");
228-
expect(user).to.have.property("phone");
229-
expect(user).to.have.property("chaincode");
230-
});
231178
});
232179
});

0 commit comments

Comments
 (0)