chore: add specs

2025-12-10 11:24:35 +00:00 · 2022-06-28 06:50:35 +05:00
parent ca64c13909
commit 66a3537271
2 changed files with 93 additions and 11 deletions
--- a/api/src/routes/api/spec/permission.spec.ts
+++ b/api/src/routes/api/spec/permission.spec.ts
@@ -192,7 +192,69 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })

-    it('should respond with not found (404) if user is not found', async () => {
+    it('should respond with Bad Request if principal type is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalType: 'invalid'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"principalType" must be one of [user, group]')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if setting is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          setting: 'invalid'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if principalId is not a number', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalId: 'someCharacters'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"principalId" must be a number')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if adding permission for admin user', async () => {
+      const adminUser = await userController.createUser({
+        ...user,
+        username: 'adminUser',
+        isAdmin: true
+      })
+
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalId: adminUser.id
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('Can not add permission for admin user.')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Not Found (404) if user is not found', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
@@ -206,7 +268,7 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })

-    it('should respond with not found (404) if group is not found', async () => {
+    it('should respond with Not Found (404) if group is not found', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
@@ -220,17 +282,21 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })

-    it('should respond with Bad Request if principal type is not valid', async () => {
+    it('should respond with Conflict (409) if permission already exists', async () => {
+      await permissionController.createPermission({
+        ...permission,
+        principalId: dbUser.id
+      })
+
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
-        .send({
-          ...permission,
-          principalType: 'invalid'
-        })
-        .expect(400)
+        .send({ ...permission, principalId: dbUser.id })
+        .expect(409)

-      expect(res.text).toEqual('"principalType" must be one of [user, group]')
+      expect(res.text).toEqual(
+        'Permission already exists with provided URI and User.'
+      )
      expect(res.body).toEqual({})
    })
  })
@@ -295,12 +361,26 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })

+    it('should respond with Bad Request if setting is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          setting: 'invalid'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
+      expect(res.body).toEqual({})
+    })
+
    it('should respond with not found (404) if permission with provided id does not exists', async () => {
      const res = await request(app)
        .patch('/SASjsApi/permission/123')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
-          setting: 'deny'
+          setting: PermissionSetting.deny
        })
        .expect(404)

--- a/api/src/utils/validation.ts
+++ b/api/src/utils/validation.ts
@@ -101,7 +101,9 @@ export const registerPermissionValidation = (data: any): Joi.ValidationResult =>

 export const updatePermissionValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
-    setting: Joi.string().required()
+    setting: Joi.string()
+      .required()
+      .valid(...Object.values(PermissionSetting))
  }).validate(data)

 export const deployValidation = (data: any): Joi.ValidationResult =>