From 0047ffba13f6cb34e299123e370a947a7abc1c58 Mon Sep 17 00:00:00 2001 From: Thomas Goyne Date: Thu, 1 Mar 2018 11:54:56 -0800 Subject: [PATCH] Add object-level permissions tests --- src/js_realm.hpp | 1 - tests/js/asserts.js | 3 +- tests/js/permission-tests.js | 93 ++++++++++++++++++++++++++++++++++++ 3 files changed, 95 insertions(+), 2 deletions(-) diff --git a/src/js_realm.hpp b/src/js_realm.hpp index 6fc662df..9e6da957 100644 --- a/src/js_realm.hpp +++ b/src/js_realm.hpp @@ -35,7 +35,6 @@ #include "js_sync.hpp" #include "sync/sync_config.hpp" #include "sync/sync_manager.hpp" -#include "sync/partial_sync.hpp" #endif #include "shared_realm.hpp" diff --git a/tests/js/asserts.js b/tests/js/asserts.js index ff01df46..154c4821 100644 --- a/tests/js/asserts.js +++ b/tests/js/asserts.js @@ -37,7 +37,8 @@ module.exports = { } else if (type === 'object') { for (const key of Object.keys(val1)) { - this.assertEqual(val1[key], val2[key], errorMessage, depth + 1); + const message = errorMessage ? `${errorMessage}: ${key}` : key; + this.assertEqual(val1[key], val2[key], message, depth + 1); } } else if (type === 'list') { diff --git a/tests/js/permission-tests.js b/tests/js/permission-tests.js index 4379e494..8b849005 100644 --- a/tests/js/permission-tests.js +++ b/tests/js/permission-tests.js @@ -57,6 +57,34 @@ function repeatUntil(fn, predicate) { return check; } +function subscribe(results) { + const subscription = results.subscribe() + return new Promise((resolve, reject) => { + subscription.addListener((subscription, state) => { + if (state == Realm.Sync.SubscriptionState.Complete) { + resolve(); + } + else if (state == Realm.Sync.SubscriptionState.Error) { + reject(); + } + }); + setTimeout(() => reject("listener never called"), 5000); + }); +} + +function waitForUpload(realm) { + let session = realm.syncSession; + return new Promise(resolve => { + let callback = (transferred, total) => { + if (transferred === total) { + session.removeProgressNotification(callback); + resolve(realm); + } + } + session.addProgressNotification('upload', 'forCurrentlyOutstandingWork', callback); + }); +} + module.exports = { testApplyAndGetGrantedPermissions() { return createUsersWithTestRealms(1) @@ -118,5 +146,70 @@ module.exports = { } }); }, + + testObjectPermissions() { + let config = (user, url) => { + return { + schema: [ + Realm.Permissions.Permission, + Realm.Permissions.User, + Realm.Permissions.Role, + { + name: 'Object', + properties: { + value: 'int', + permissions: '__Permission[]' + } + } + ], + sync: {user, url, partial: true} + }; + }; + let owner, otherUser + return Realm.Sync.User.register('http://localhost:9080', uuid(), 'password') + .then(user => { + owner = user; + new Realm({sync: {user, url: 'realm://localhost:9080/~/test'}}).close(); + return Realm.Sync.User.register('http://localhost:9080', uuid(), 'password') + }) + .then(user => { + otherUser = user; + return owner.applyPermissions({userId: otherUser.identity}, `/${owner.identity}/test`, 'read') + }) + .then(() => { + let realm = new Realm(config(owner, 'realm://localhost:9080/~/test')); + realm.write(() => { + let user = realm.create(Realm.Permissions.User, {id: otherUser.identity}) + let role = realm.create(Realm.Permissions.Role, {name: 'reader'}) + role.members.push(user) + + let obj1 = realm.create('Object', {value: 1}) + let obj2 = realm.create('Object', {value: 2}) + obj2.permissions.push(realm.create(Realm.Permissions.Permission, + {role: role, canRead: true, canUpdate: false})) + }); + return waitForUpload(realm).then(() => realm.close()); + }) + .then(() => Realm.open(config(otherUser, `realm://localhost:9080/${owner.identity}/test`))) + .then((realm) => subscribe(realm.objects('Object')).then(() => realm)) + .then((realm) => { + // Should have full access to the Realm as a whole + TestCase.assertSimilar('object', realm.privileges(), + {read: true, update: true, modifySchema: true, setPermissions: true}); + TestCase.assertSimilar('object', realm.privileges('Object'), + {read: true, update: true, create: true, subscribe: true, setPermissions: true}); + // Verify that checking via constructor works too + TestCase.assertSimilar('object', realm.privileges(Realm.Permissions.User), + {read: true, update: true, create: true, subscribe: true, setPermissions: true}); + + // Should only be able to see the second object + let results = realm.objects('Object') + TestCase.assertEqual(results.length, 1); + TestCase.assertEqual(results[0].value, 2); + TestCase.assertSimilar('object', realm.privileges(results[0]), + {read: true, update: false, delete: false, setPermissions: false}); + realm.close(); + }); + } }