Skip to content

Commit

Permalink
hide response of group permission create (ToolJet#3820)
Browse files Browse the repository at this point in the history
  • Loading branch information
@gsmithun4
gsmithun4 authored Aug 19, 2022
1 parent ec4af90 commit e2854c7
Show file tree
Hide file tree
Showing 3 changed files with 121 additions and 23 deletions.
4 changes: 2 additions & 2 deletions server/src/controllers/group_permissions.controller.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ export class GroupPermissionsController {
@CheckPolicies((ability: AppAbility) => ability.can('accessGroupPermission', UserEntity))
@Post()
async create(@User() user, @Body() createGroupPermissionDto: CreateGroupPermissionDto) {
const groupPermission = await this.groupPermissionsService.create(user, createGroupPermissionDto.group);
return decamelizeKeys(groupPermission);
await this.groupPermissionsService.create(user, createGroupPermissionDto.group);
return;
}

@UseGuards(JwtAuthGuard, PoliciesGuard)
Expand Down
6 changes: 3 additions & 3 deletions server/src/services/group_permissions.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ export class GroupPermissionsService {
private usersService: UsersService
) {}

async create(user: User, group: string, manager?: EntityManager): Promise<GroupPermission> {
async create(user: User, group: string, manager?: EntityManager): Promise<void> {
if (!group || group === '') {
throw new BadRequestException('Cannot create group without name');
}
Expand All @@ -52,8 +52,8 @@ export class GroupPermissionsService {
throw new ConflictException('Group name already exist');
}

return await dbTransactionWrap(async (manager: EntityManager) => {
return manager.save(
await dbTransactionWrap(async (manager: EntityManager) => {
await manager.save(
manager.create(GroupPermission, {
organizationId: user.organizationId,
group: group,
Expand Down
134 changes: 116 additions & 18 deletions server/test/controllers/group_permissions.e2e-spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,18 @@ describe('group permissions controller', () => {
.send({ group: 'avengers' });

expect(response.statusCode).toBe(201);
expect(response.body.group).toBe('avengers');
expect(response.body.organization_id).toBe(organization.id);
expect(response.body.id).toBeDefined();
expect(response.body.created_at).toBeDefined();
expect(response.body.updated_at).toBeDefined();

const updatedGroup: GroupPermission = await getManager().findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

expect(updatedGroup.group).toBe('avengers');
expect(updatedGroup.organizationId).toBe(organization.id);
expect(updatedGroup.createdAt).toBeDefined();
expect(updatedGroup.updatedAt).toBeDefined();
});

it('should not allow to create system defined group names', async () => {
Expand Down Expand Up @@ -128,10 +135,17 @@ describe('group permissions controller', () => {
.set('Authorization', authHeaderForUser(adminUser))
.send({ group: 'avengers' });

const groupPermissionId = response.body.id;
expect(response.statusCode).toBe(201);

const updatedGroup: GroupPermission = await getManager().findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

response = await request(nestApp.getHttpServer())
.get(`/api/group_permissions/${groupPermissionId}`)
.get(`/api/group_permissions/${updatedGroup.id}`)
.set('Authorization', authHeaderForUser(adminUser));

expect(response.statusCode).toBe(200);
Expand Down Expand Up @@ -179,7 +193,7 @@ describe('group permissions controller', () => {

it('should allow admin to update a group name', async () => {
const {
organization: { adminUser },
organization: { adminUser, organization },
} = await setupOrganizations(nestApp);

const createResponse = await request(nestApp.getHttpServer())
Expand All @@ -189,21 +203,28 @@ describe('group permissions controller', () => {

expect(createResponse.statusCode).toBe(201);

let updatedGroup: GroupPermission = await getManager().findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

//update a group name
const updateResponse = await request(nestApp.getHttpServer())
.put(`/api/group_permissions/${createResponse.body.id}`)
.put(`/api/group_permissions/${updatedGroup.id}`)
.set('Authorization', authHeaderForUser(adminUser))
.send({ name: 'titans' });

expect(updateResponse.statusCode).toBe(200);

const updatedGroup = await getManager().findOne(GroupPermission, createResponse.body.id);
updatedGroup = await getManager().findOne(GroupPermission, updatedGroup.id);
expect(updatedGroup.group).toEqual('titans');
});

it('should not be able to update a group name with existing names', async () => {
const {
organization: { adminUser },
organization: { adminUser, organization },
} = await setupOrganizations(nestApp);

const createResponse = await request(nestApp.getHttpServer())
Expand All @@ -213,9 +234,16 @@ describe('group permissions controller', () => {

expect(createResponse.statusCode).toBe(201);

const updatedGroup: GroupPermission = await getManager().findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

//update a group name
const updateResponse = await request(nestApp.getHttpServer())
.put(`/api/group_permissions/${createResponse.body.id}`)
.put(`/api/group_permissions/${updatedGroup.id}`)
.set('Authorization', authHeaderForUser(adminUser))
.send({ name: 'All users' });

Expand All @@ -242,15 +270,24 @@ describe('group permissions controller', () => {

it('should allow admin to add and remove apps to group permission', async () => {
const {
organization: { adminUser, app },
organization: { adminUser, app, organization },
} = await setupOrganizations(nestApp);

let response = await request(nestApp.getHttpServer())
.post('/api/group_permissions')
.set('Authorization', authHeaderForUser(adminUser))
.send({ group: 'avengers' });

const groupPermissionId = response.body.id;
expect(response.statusCode).toBe(201);

const updatedGroup: GroupPermission = await getManager().findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

const groupPermissionId = updatedGroup.id;

response = await request(nestApp.getHttpServer())
.put(`/api/group_permissions/${groupPermissionId}`)
Expand Down Expand Up @@ -289,15 +326,21 @@ describe('group permissions controller', () => {

it('should allow admin to add and remove users to group permission', async () => {
const {
organization: { adminUser, defaultUser },
organization: { adminUser, defaultUser, organization },
} = await setupOrganizations(nestApp);

let response = await request(nestApp.getHttpServer())
.post('/api/group_permissions')
.set('Authorization', authHeaderForUser(adminUser))
.send({ group: 'avengers' });

const groupPermissionId = response.body.id;
const updatedGroup: GroupPermission = await getManager().findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});
const groupPermissionId = updatedGroup.id;

response = await request(nestApp.getHttpServer())
.put(`/api/group_permissions/${groupPermissionId}`)
Expand Down Expand Up @@ -401,7 +444,14 @@ describe('group permissions controller', () => {

expect(response.statusCode).toBe(201);

const groupPermissionId = response.body.id;
const updatedGroup: GroupPermission = await getManager().findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

const groupPermissionId = updatedGroup.id;

// add apps and users to group permission
response = await request(nestApp.getHttpServer())
Expand Down Expand Up @@ -500,7 +550,15 @@ describe('group permissions controller', () => {

expect(response.statusCode).toBe(201);

const groupPermissionId = response.body.id;
const manager = getManager();
const groupPermission: GroupPermission = await manager.findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

const groupPermissionId = groupPermission.id;

response = await request(nestApp.getHttpServer())
.get(`/api/group_permissions/${groupPermissionId}/addable_apps`)
Expand Down Expand Up @@ -702,6 +760,46 @@ describe('group permissions controller', () => {
});
});

describe('DELETE /group_permissions/:id', () => {
it('should not allow unauthenicated admin', async () => {
const {
organization: { defaultUser },
} = await setupOrganizations(nestApp);
const response = await request(nestApp.getHttpServer())
.del('/api/group_permissions/id')
.set('Authorization', authHeaderForUser(defaultUser))
.send({ read: true });

expect(response.statusCode).toBe(403);
});

it('should allow admin to delete group', async () => {
const {
organization: { adminUser, organization },
} = await setupOrganizations(nestApp);

await request(nestApp.getHttpServer())
.post('/api/group_permissions')
.set('Authorization', authHeaderForUser(adminUser))
.send({ group: 'avengers' });

const manager = getManager();
const groupPermission: GroupPermission = await manager.findOneOrFail(GroupPermission, {
where: {
organizationId: organization.id,
group: 'avengers',
},
});

const response = await request(nestApp.getHttpServer())
.del(`/api/group_permissions/${groupPermission.id}`)
.set('Authorization', authHeaderForUser(adminUser))
.send({ group: 'avengers' });

expect(response.statusCode).toBe(200);
});
});

async function setupOrganizations(nestApp) {
const adminUserData = await createUser(nestApp, {
email: 'admin@tooljet.io',
Expand Down

0 comments on commit e2854c7

Please sign in to comment.