public folder unit tests [WIP]

Author: norrisng-bc

app/README.md

@@ -85,6 +85,7 @@ The following variables enable and enforce the use of OIDC Bearer Authentication
 | `bucket`          | `OBJECTSTORAGE_BUCKET`          |         | The object storage bucket name                                      |
 | `endpoint`        | `OBJECTSTORAGE_ENDPOINT`        |         | Object store URL. eg: `https://nrs.objectstore.gov.bc.ca`           |
 | `key`             | `OBJECTSTORAGE_KEY`             |         | The base path for storage location                                  |
+| `public`          | `OBJECTSTORAGE_PUBLIC           |         | Whether to make the storage location public                         |
 | `secretAccessKey` | `OBJECTSTORAGE_SECRETACCESSKEY` |         | The Secret Access Key for your S3 compatible object storage account |
 
 ### Server Variables

app/config/custom-environment-variables.json

@@ -30,6 +30,7 @@
     "enabled": "OBJECTSTORAGE_ENABLED",
     "endpoint": "OBJECTSTORAGE_ENDPOINT",
     "key": "OBJECTSTORAGE_KEY",
+    "public": "OBJECTSTORAGE_PUBLIC",
     "secretAccessKey": "OBJECTSTORAGE_SECRETACCESSKEY"
   },
   "server": {

app/src/middleware/authorization.js

@@ -198,11 +198,11 @@ const hasPermission = (permission) => {
         log.debug('Basic authTypes are always permitted', { function: 'hasPermission' });
       }
       // if reading a public object
-      else if (req.params.objectId && await isObjectPublic(req.currentObject) && permission === Permissions.READ) {
+      else if (req.params.objectId && await _isObjectPublic(req.currentObject) && permission === Permissions.READ) {
         log.debug('Read requests on public objects are always permitted', { function: 'hasPermission' });
       }
       // if reading a public bucket
-      else if (req.params.bucketId && await isBucketPublic(req.params.bucketId) && permission === Permissions.READ) {
+      else if (req.params.bucketId && await _isBucketPublic(req.params.bucketId) && permission === Permissions.READ) {
         log.debug('Read requests on public buckets are always permitted', { function: 'hasPermission' });
       }
       else if (!await _checkPermission(req, permission)) {
@@ -280,17 +280,17 @@ const checkElevatedUser = async (req, _res, next) => {
  * get public status from COMS database
  * checks current object and all parent folders
  */
-const isObjectPublic = async (currentObject) => {
+const _isObjectPublic = async (currentObject) => {
   if (currentObject.public) return true;
-  if (await isBucketPublic(currentObject.bucketId)) return true;
+  if (await _isBucketPublic(currentObject.bucketId)) return true;
   return false;
 };
 
 /**
  * get public status from COMS database
  * checks current folder and all parent folders
  */
-const isBucketPublic = async (bucketId) => {
+const _isBucketPublic = async (bucketId) => {
   const bucket = await bucketService.read(bucketId);
   if (bucket.public) return true;
   const parentBuckets = await bucketService.searchParentBuckets(bucket);
@@ -305,7 +305,7 @@ module.exports = {
   checkS3BasicAccess,
   currentObject,
   hasPermission,
-  isBucketPublic,
-  isObjectPublic,
+  _isObjectPublic,
+  _isBucketPublic,
   restrictNonIdirUserSearch,
 };

app/tests/unit/components/utils.spec.js

@@ -130,6 +130,7 @@ describe('getBucket', () => {
       .mockReturnValueOnce(cdata.public) // objectStorage.public
       .mockReturnValueOnce(cdata.secretAccessKey) // objectStorage.secretAccessKey
       .mockReturnValueOnce(cdata.region); // objectStorage.region
+    config.has.mockReturnValueOnce(true); // config.has(objectStorage.region)
 
     const result = await utils.getBucket();
 

app/tests/unit/middleware/authorization.spec.js

@@ -16,6 +16,8 @@ jest.mock('config');
 jest.mock('../../../src/components/utils');
 
 const checkPermissionSpy = jest.spyOn(mw, '_checkPermission');
+const isObjectPublicSpy = jest.spyOn(mw, '_isObjectPublic');
+const isBucketPublicSpy = jest.spyOn(mw, '_isBucketPublic');
 
 beforeEach(() => {
   jest.resetAllMocks();
@@ -409,7 +411,7 @@ describe('hasPermission', () => {
 
   // TODO: public folder feature - update tests
   //        (remove .skip() when done!)
-  describe.skip('given currentObject with public false and currentUser', () => {
+  describe('given currentObject with public false and currentUser', () => {
     beforeEach(() => {
       req.currentObject = {};
       req.currentUser = {};
@@ -451,3 +453,51 @@ describe('hasPermission', () => {
       });
   });
 });
+
+describe('isObjectPublic', () => {
+
+  beforeAll(() => {
+    isObjectPublicSpy.mockRestore();
+  });
+
+  // Test cases:
+  // currentObject.public = true, false
+  // _isBucketPublic = true, false
+
+  it('should return true when object is public and bucket is public', async () => {
+    // isBucketPublicSpy.mockResolvedValueOnce(true);
+    const result = await mw._isObjectPublic({ public: true });
+
+    expect(result).toEqual(true);
+    expect(isBucketPublicSpy).toHaveBeenCalledTimes(0);
+  });
+
+  it('should return true when object is public and bucket is not public', async () => {
+    // isBucketPublicSpy.mockResolvedValueOnce(false);
+    const result = await mw._isObjectPublic({ public: true });
+
+    expect(result).toEqual(true);
+    expect(isBucketPublicSpy).toHaveBeenCalledTimes(0);
+  });
+
+  it('should return true when object is not public and bucket is public', async () => {
+    isBucketPublicSpy.mockResolvedValueOnce(true);
+
+    const result = await mw._isObjectPublic({ public: false });
+
+    expect(result).toEqual(true);
+    expect(isBucketPublicSpy).toHaveBeenCalledTimes(1);
+  });
+
+  it('should return false when object is not public and bucket is not public', async () => {
+    isBucketPublicSpy.mockResolvedValueOnce(false);
+
+    const result = await mw._isObjectPublic({ public: false });
+
+    expect(result).toEqual(false);
+    expect(isBucketPublicSpy).toHaveBeenCalledTimes(1);
+  });
+
+
+
+});