Add object-level permissions tests

src/js_realm.hpp

@@ -35,7 +35,6 @@
 #include "js_sync.hpp"
 #include "sync/sync_config.hpp"
 #include "sync/sync_manager.hpp"
-#include "sync/partial_sync.hpp"
 #endif
 
 #include "shared_realm.hpp"

tests/js/asserts.js

@@ -37,7 +37,8 @@ module.exports = {
         }
         else if (type === 'object') {
             for (const key of Object.keys(val1)) {
-                this.assertEqual(val1[key], val2[key], errorMessage, depth + 1);
+                const message = errorMessage ? `${errorMessage}: ${key}` : key;
+                this.assertEqual(val1[key], val2[key], message, depth + 1);
             }
         }
         else if (type === 'list') {

tests/js/permission-tests.js

@@ -57,6 +57,34 @@ function repeatUntil(fn, predicate) {
     return check;
 }
 
+function subscribe(results) {
+  const subscription = results.subscribe()
+  return new Promise((resolve, reject) => {
+      subscription.addListener((subscription, state) => {
+          if (state == Realm.Sync.SubscriptionState.Complete) {
+              resolve();
+          }
+          else if (state == Realm.Sync.SubscriptionState.Error) {
+              reject();
+          }
+      });
+      setTimeout(() => reject("listener never called"), 5000);
+  });
+}
+
+function waitForUpload(realm) {
+    let session = realm.syncSession;
+    return new Promise(resolve => {
+        let callback = (transferred, total) => {
+            if (transferred === total) {
+                session.removeProgressNotification(callback);
+                resolve(realm);
+            }
+        }
+        session.addProgressNotification('upload', 'forCurrentlyOutstandingWork', callback);
+    });
+}
+
 module.exports = {
     testApplyAndGetGrantedPermissions() {
       return createUsersWithTestRealms(1)
@@ -118,5 +146,70 @@ module.exports = {
           }
         });
     },
+
+    testObjectPermissions() {
+      let config = (user, url) => {
+        return {
+          schema: [
+            Realm.Permissions.Permission,
+            Realm.Permissions.User,
+            Realm.Permissions.Role,
+            {
+              name: 'Object',
+              properties: {
+                value: 'int',
+                permissions: '__Permission[]'
+              }
+            }
+          ],
+          sync: {user, url, partial: true}
+        };
+      };
+      let owner, otherUser
+      return Realm.Sync.User.register('http://localhost:9080', uuid(), 'password')
+        .then(user => {
+          owner = user;
+          new Realm({sync: {user, url: 'realm://localhost:9080/~/test'}}).close();
+          return Realm.Sync.User.register('http://localhost:9080', uuid(), 'password')
+        })
+        .then(user => {
+          otherUser = user;
+          return owner.applyPermissions({userId: otherUser.identity}, `/${owner.identity}/test`, 'read')
+        })
+        .then(() => {
+          let realm = new Realm(config(owner, 'realm://localhost:9080/~/test'));
+          realm.write(() => {
+            let user = realm.create(Realm.Permissions.User, {id: otherUser.identity})
+            let role = realm.create(Realm.Permissions.Role, {name: 'reader'})
+            role.members.push(user)
+
+            let obj1 = realm.create('Object', {value: 1})
+            let obj2 = realm.create('Object', {value: 2})
+            obj2.permissions.push(realm.create(Realm.Permissions.Permission,
+                                               {role: role, canRead: true, canUpdate: false}))
+          });
+          return waitForUpload(realm).then(() => realm.close());
+        })
+        .then(() => Realm.open(config(otherUser, `realm://localhost:9080/${owner.identity}/test`)))
+        .then((realm) => subscribe(realm.objects('Object')).then(() => realm))
+        .then((realm) => {
+          // Should have full access to the Realm as a whole
+          TestCase.assertSimilar('object', realm.privileges(),
+                                 {read: true, update: true, modifySchema: true, setPermissions: true});
+          TestCase.assertSimilar('object', realm.privileges('Object'),
+                                 {read: true, update: true, create: true, subscribe: true, setPermissions: true});
+          // Verify that checking via constructor works too
+          TestCase.assertSimilar('object', realm.privileges(Realm.Permissions.User),
+                                 {read: true, update: true, create: true, subscribe: true, setPermissions: true});
+
+          // Should only be able to see the second object
+          let results = realm.objects('Object')
+          TestCase.assertEqual(results.length, 1);
+          TestCase.assertEqual(results[0].value, 2);
+          TestCase.assertSimilar('object', realm.privileges(results[0]),
+                                 {read: true, update: false, delete: false, setPermissions: false});
+          realm.close();
+        });
+    }
 }