Skip to content

Commit 0856c84

Browse files
kptdobekptdobe
committed
chore: back to green
1 parent e43b2a6 commit 0856c84

File tree

1 file changed

+21
-2
lines changed

1 file changed

+21
-2
lines changed

test/it/it-tests.js

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -62,13 +62,16 @@ export default (ctx) => describe('Integration Tests: it tests', function () {
6262
assert.strictEqual(resp.status, 200, `Expected 200 OK, got ${resp.status} - user: ${superUser.email}`);
6363

6464
const body = await resp.json();
65+
// check initial config is clean
6566
assert.strictEqual(body.total, 2, `Expected 2, got ${body.total}`);
6667
assert.strictEqual(body.data[0].path, 'CONFIG', `Expected CONFIG, got ${body.data[0].path}`);
6768
assert.strictEqual(body.data[0].groups, superUser.email, `Expected user email, got ${body.data[0].groups}`);
6869
assert.strictEqual(body.data[0].actions, 'write', `Expected write, got ${body.data[0].actions}`);
6970
assert.strictEqual(body.data[1].path, '/+**', `Expected /+**, got ${body.data[1].path}`);
7071
assert.strictEqual(body.data[1].groups, superUser.email, `Expected user email, got ${body.data[1].groups}`);
7172
assert.strictEqual(body.data[1].actions, 'write', `Expected write, got ${body.data[1].actions}`);
73+
assert.strictEqual(body[':type'], 'sheet', `Expected sheet, got ${body[':type']}`);
74+
assert.strictEqual(body[':sheetname'], 'permissions', `Expected permissions, got ${body[':sheetname']}`);
7275
});
7376

7477
it('[anonymous] cannot delete root folder', async () => {
@@ -334,6 +337,8 @@ export default (ctx) => describe('Integration Tests: it tests', function () {
334337
limit: newConfigData.length,
335338
offset: 0,
336339
data: newConfigData,
340+
':type': 'sheet',
341+
':sheetname': 'permissions',
337342
}));
338343
resp = await fetch(url, {
339344
method: 'POST',
@@ -354,6 +359,17 @@ export default (ctx) => describe('Integration Tests: it tests', function () {
354359
assert.strictEqual(resp.status, 200, `Expected 200 OK, got ${resp.status}`);
355360
});
356361

362+
it('[limited user] still cannot read page1', async () => {
363+
const {
364+
serverUrl, org, repo, limitedUser,
365+
} = ctx;
366+
const url = `${serverUrl}/source/${org}/${repo}/test-folder/page1.html`;
367+
const resp = await fetch(url, {
368+
headers: { Authorization: `Bearer ${limitedUser.accessToken}` },
369+
});
370+
assert.strictEqual(resp.status, 403, `Expected 403 Unauthorized, got ${resp.status} - user: ${limitedUser.email}`);
371+
});
372+
357373
it('[super user] should remove added entries to clean up the config', async () => {
358374
const {
359375
serverUrl, org, repo, superUser,
@@ -370,6 +386,8 @@ export default (ctx) => describe('Integration Tests: it tests', function () {
370386
limit: newConfigData.length,
371387
offset: 0,
372388
data: newConfigData,
389+
':type': 'sheet',
390+
':sheetname': 'permissions',
373391
}));
374392
resp = await fetch(url, {
375393
method: 'POST',
@@ -388,10 +406,11 @@ export default (ctx) => describe('Integration Tests: it tests', function () {
388406
assert.strictEqual(body.data[1].path, '/+**', `Expected /+**, got ${body.data[1].path}`);
389407
assert.strictEqual(body.data[1].groups, superUser.email, `Expected user email, got ${body.data[1].groups}`);
390408
assert.strictEqual(body.data[1].actions, 'write', `Expected write, got ${body.data[1].actions}`);
409+
assert.strictEqual(body[':type'], 'sheet', `Expected sheet, got ${body[':type']}`);
410+
assert.strictEqual(body[':sheetname'], 'permissions', `Expected permissions, got ${body[':sheetname']}`);
391411
});
392412

393-
// TODO: currently the auth session is stored in memory, so the limited user can still read page2
394-
it.skip('[limited user] cannot read page2 anymore', async () => {
413+
it('[limited user] cannot read page2 anymore', async () => {
395414
const {
396415
serverUrl, org, repo, limitedUser,
397416
} = ctx;

0 commit comments

Comments
 (0)