Archived
1
0
Fork 0

Add user permissions check on pages

This commit is contained in:
Ethanell 2020-08-18 15:45:49 +02:00
parent 345a384f7b
commit a0027768f8
4 changed files with 137 additions and 16 deletions

View file

@ -3,9 +3,10 @@ function sessionCheck(permission) {
if (!req.session.user) { if (!req.session.user) {
req.session.lastUrl = req.originalUrl; req.session.lastUrl = req.originalUrl;
req.session.save(() => res.redirect("/login")); req.session.save(() => res.redirect("/login"));
} else if (req.session.user.permissions < permission) } else if (req.session.user.permissions < permission) {
res.status(403);
res.render("error", {message: "Permission denied !", "error": {}}); res.render("error", {message: "Permission denied !", "error": {}});
else } else
next(); next();
} }
} }

View file

@ -1,13 +1,7 @@
let expect = require("chai").expect; let expect = require("chai").expect;
let wipeDatabase = require("./utils/wipeDatabase");
async function wipeDatabase(models) {
for (let model in models) {
if (["sequelize", "Sequelize"].indexOf(model) < 0)
await models[model].destroy({where: {}});
}
}
async function databaseEnter() { async function databaseEnter() {
let models = require("../models"); let models = require("../models");
await models.sequelize.sync(); await models.sequelize.sync();

View file

@ -1,4 +1,42 @@
let request = require("supertest"); let request = require("supertest");
let wipeDatabase = require("./utils/wipeDatabase");
let expect = require("chai").expect;
async function setup() {
let app = require("../app");
let models = require("../models");
await models.sequelize.sync();
await wipeDatabase(models);
return [app, models];
}
async function createTestUser(models, p) {
await models.User.create({
username: "test",
email: "test@test.fr",
firstName: "Test",
lastName: "Test",
passwordHash: "test",
permissions: p ? p : 0
});
}
async function clean() {
await wipeDatabase(models);
await models.sequelize.close();
for (let e of ["../app", "../models"])
delete require.cache[require.resolve(e)];
}
async function getLoginAgent(app) {
let agent = request.agent(app, {});
await agent
.post("/login")
.send({username: "test", password: "test"})
.expect(302);
return agent;
}
describe("Public pages test", () => { describe("Public pages test", () => {
@ -6,14 +44,10 @@ describe("Public pages test", () => {
let models; let models;
before(async () => { before(async () => {
app = require("../app"); [app, models] = await setup();
models = require("../models");
await models.sequelize.sync();
}); });
after( async () => { after(() => {
await models.sequelize.close(); return clean;
for (let e of ["../app", "../models"])
delete require.cache[require.resolve(e)];
}); });
it("Responds to /", (done) => { it("Responds to /", (done) => {
@ -67,3 +101,87 @@ describe("Public pages test", () => {
.expect(404, done); .expect(404, done);
}); });
}); });
describe("Global logged user pages", () => {
let app;
let models;
before(async () => {
[app, models] = await setup();
await createTestUser(models);
});
after( () => {
return clean;
});
it("Login user", async () => {
let res = await request(app)
.post("/login")
.send({username: "test", password: "test"})
.expect(302);
expect(res.headers.location).to.be.equal("/");
});
it("Login error", async () => {
let res = await request(app)
.post("/login")
.send({username: "wrong", password: "wrong"})
.expect(302);
expect(res.headers.location).to.be.equal("/login?err=true");
});
it("Register page", async () => {
await (await getLoginAgent(app))
.get("/register")
.expect(302);
});
it("Logout page", async () => {
let agent = await getLoginAgent(app);
await agent
.get("/logout")
.expect(302);
//Check if user is correctly logout
await agent
.get("/login")
.expect(200);
});
it("Profile page", async () => {
await (await getLoginAgent(app))
.get("/profile")
.expect(200);
});
});
for (let [p, a] of Object.entries({0: [403, 403, 403, 403], 1: [200, 403, 403, 403], 2: [200, 200, 403, 403], 3: [200, 200, 200, 200]}))
describe(`Permission ${p} pages`, () => {
let app;
let models;
before(async () => {
[app, models] = await setup();
await createTestUser(models, p);
});
after( () => {
return clean;
});
it("Sandwiches page", async () => {
await (await getLoginAgent(app))
.get("/sandwiches")
.expect(a[0]);
});
it("Commands page", async () => {
await (await getLoginAgent(app))
.get("/commands")
.expect(a[1]);
});
it("Admin page", async () => {
await (await getLoginAgent(app))
.get("/admin")
.expect(a[2]);
});
it("Commands administration page", async () => {
await (await getLoginAgent(app))
.get("/admin/commands")
.expect(a[3]);
});
});

View file

@ -0,0 +1,8 @@
async function wipeDatabase(models) {
for (let model in models) {
if (["sequelize", "Sequelize"].indexOf(model) < 0)
await models[model].destroy({where: {}});
}
}
module.exports = wipeDatabase;