Skip to content

Commit

Permalink
added api tests of new access checking endpoint for sample Auth and p…
Browse files Browse the repository at this point in the history 
…roposal Auth
  • Loading branch information
@Junjiequan
Junjiequan committed Jul 23, 2024
1 parent d723ac9 commit 5f3b02b
Show file tree
Hide file tree
Showing 2 changed files with 195 additions and 5 deletions.
118 changes: 113 additions & 5 deletions test/ProposalAuthorization.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,18 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0061: check admin access to proposal 1 should return true", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid1 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenAdminIngestor}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0070: full query for proposals for admin", async () => {
return request(appUrl)
.get("/api/v3/proposals/fullquery")
Expand All @@ -242,6 +254,18 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0081: check admin access to proposal 2 should return true", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid2 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenAdminIngestor}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0090: access proposal 3 as admin", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid3)
Expand All @@ -254,6 +278,18 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0091: check admin access to proposal 3 should return true", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid3 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenAdminIngestor}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0100: list of proposals for user 1", async () => {
return request(appUrl)
.get("/api/v3/proposals")
Expand All @@ -267,15 +303,27 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0110: access proposal 1 as user 1", async () => {
it("0110: access proposal 1 as user 1 should fail", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + 20170268)
.get("/api/v3/proposals/" + encodedProposalPid1)
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser1}` })
.expect("Content-Type", /json/)
.expect(TestData.AccessForbiddenStatusCode);
});

it("0111: check user 1 access to proposal 1 should return false", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid1 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser1}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(false);
});
});

it("0120: access proposal 2 as user 1", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid2)
Expand All @@ -288,7 +336,19 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0130: access proposal 3 as user 1", async () => {
it("0121: check user 1 access to proposal 2 should return true", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid2 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser1}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0130: access proposal 3 as user 1 should fail", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid3)
.set("Accept", "application/json")
Expand All @@ -297,6 +357,18 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
.expect(TestData.AccessForbiddenStatusCode);
});

it("0131: check user 1 access to proposal 3 should return false", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid3 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser1}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(false);
});
});

it("0140: full query for proposals for user 1", async () => {
return request(appUrl)
.get("/api/v3/proposals/fullquery")
Expand All @@ -323,7 +395,7 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0160: access proposal 1 as user 2", async () => {
it("0160: access proposal 1 as user 2 should fail", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid1)
.set("Accept", "application/json")
Expand All @@ -332,7 +404,19 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
.expect(TestData.AccessForbiddenStatusCode);
});

it("0160: access proposal 2 as user 2", async () => {
it("0161: check user 2 access to proposal 1 should return false", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid1 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser2}` })
.expect("Content-Type", /json/)
.expect(TestData.SuccessfulGetStatusCode)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(false);
});
});

it("0165: access proposal 2 as user 2", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid2)
.set("Accept", "application/json")
Expand All @@ -344,6 +428,18 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0166: check user 2 access to proposal 2 should return true", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid2 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser2}` })
.expect("Content-Type", /json/)
.expect(TestData.SuccessfulGetStatusCode)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0170: access proposal 3 as user 2", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid3)
Expand All @@ -356,6 +452,18 @@ describe("1400: ProposalAuthorization: Test access to proposal", () => {
});
});

it("0171: check user 2 access to proposal 3 should return true", async () => {
return request(appUrl)
.get("/api/v3/proposals/" + encodedProposalPid3 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser2}` })
.expect("Content-Type", /json/)
.expect(TestData.SuccessfulGetStatusCode)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0180: full query for proposals for user 2", async () => {
return request(appUrl)
.get("/api/v3/proposals/fullquery")
Expand Down
82 changes: 82 additions & 0 deletions test/SampleAuthorization.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1349,6 +1349,18 @@ describe("2250: Sample Authorization", () => {
});
});

it("0641: check Admin Ingestor access to public sample 1 should return true", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenAdminIngestor}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0645: fetch all attachments for sample 1 as Admin Ingestor", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/attachments")
Expand Down Expand Up @@ -1585,6 +1597,18 @@ describe("2250: Sample Authorization", () => {
.expect(TestData.CreationForbiddenStatusCode);
});

it("0731: check Sample Ingestor access to sample 1 should return false", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenSampleIngestor}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(false);
});
});

it("0735: fetch all attachments for sample 1 as Sample Ingestor, which should fail", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/attachments")
Expand All @@ -1605,6 +1629,18 @@ describe("2250: Sample Authorization", () => {
});
});

it("0741: check Sample Ingestor access to sample 2 should return true", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId2 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenSampleIngestor}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0745: fetch all attachments for sample 2 as Sample Ingestor", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId2 + "/attachments")
Expand Down Expand Up @@ -1769,6 +1805,18 @@ describe("2250: Sample Authorization", () => {
.expect(TestData.CreationForbiddenStatusCode);
});

it("0831: check User 1 access to sample 2 should return false", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser1}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(false);
});
});

it("0835: fetch all attachments for sample 1 as User 1, which should fail", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/attachments")
Expand Down Expand Up @@ -1805,6 +1853,18 @@ describe("2250: Sample Authorization", () => {
});
});

it("0851: check User 1 access to sample 3 should return true", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId3 + "/access")
.set("Accept", "application/json")
.set({ Authorization: `Bearer ${accessTokenUser1}` })
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("0855: fetch all attachments for sample 3 as User 1", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId3 + "/attachments")
Expand Down Expand Up @@ -2736,6 +2796,17 @@ describe("2250: Sample Authorization", () => {
.expect(TestData.AccessForbiddenStatusCode);
});

it("1331: check unauthenticated user access to sample 1 should return false", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/access")
.set("Accept", "application/json")
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(false);
});
});

it("1335: fetch all attachments for sample 1 as Unauthenticated User, which should fail", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId1 + "/attachments")
Expand Down Expand Up @@ -2866,6 +2937,17 @@ describe("2250: Sample Authorization", () => {
});
});

it("1421: check unauthenticated user access to public sample 10 should return true", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId10 + "/access")
.set("Accept", "application/json")
.expect(TestData.SuccessfulGetStatusCode)
.expect("Content-Type", /json/)
.then((res) => {
res.body.should.have.property("canAccess").and.be.equal(true);
});
});

it("1425: fetch all attachments for sample 10 as Unauthenticated User", async () => {
return request(appUrl)
.get("/api/v3/Samples/" + sampleId10 + "/attachments")
Expand Down

0 comments on commit 5f3b02b

Please sign in to comment.