Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sagemathinc
GitHub Repository: sagemathinc/cocalc
 Path: blob/master/src/packages/backend/conat/test/persist/permissions.test.ts
1451 views
1
/*

2


3
pnpm test ./permissions.test.ts 

4


5
*/

6
import { SERVICE } from "@cocalc/conat/persist/util";

7
import { assertHasWritePermission } from "@cocalc/conat/persist/auth";

8


9
const uuid = "00000000-0000-4000-8000-000000000000";

10
const uuid2 = "00000000-0000-4000-8000-000000000002";

11


12
describe("test subject permissions directly by calling assertHasWritePermission", () => {

13
  it("checks a bunch of things that should work don't throw", () => {

14
    // these don't throw

15
    assertHasWritePermission({

16
      subject: `${SERVICE}.hub`,

17
      path: "hub/foo",

18
    });

19


20
    assertHasWritePermission({

21
      subject: `${SERVICE}.hub`,

22
      path: "hub/foo/blah xxx~!/xxxx",

23
    });

24


25
    assertHasWritePermission({

26
      subject: `${SERVICE}.project-${uuid}`,

27
      path: `projects/${uuid}/a.txt`,

28
    });

29


30
    assertHasWritePermission({

31
      subject: `${SERVICE}.account-${uuid}`,

32
      path: `accounts/${uuid}/c/d.txt`,

33
    });

34
  });

35


36
  it("now check many things that are NOT allowed", () => {

37
    const BAD = [

38
      { subject: `${SERVICE}.fubar`, path: "hub/foo/bar" },

39
      { subject: `fluber.hub`, path: "hub/foo" },

40
      {

41
        subject: `${SERVICE}.projects-${uuid}`,

42
        path: `projects/${uuid}/foo`,

43
      },

44
      {

45
        subject: `${SERVICE}.accounts-${uuid}`,

46
        path: `accounts/${uuid}/foo`,

47
      },

48
      {

49
        subject: `${SERVICE}.project-${uuid}`,

50
        path: `accounts/${uuid}/foo`,

51
      },

52
      {

53
        subject: `${SERVICE}.account-${uuid}`,

54
        path: `projects/${uuid}/foo`,

55
      },

56
      {

57
        subject: `${SERVICE}.account-${uuid}`,

58
        path: `accounts/${uuid2}/foo`,

59
      },

60
      {

61
        subject: `${SERVICE}.project-${uuid}`,

62
        path: `projects/${uuid2}/foo`,

63
      },

64
      {

65
        subject: `${SERVICE}.project-${uuid}`,

66
        path: `projects/${uuid}/`,

67
      },

68
      {

69
        subject: `${SERVICE}.project-${uuid}`,

70
        path: `projects/${uuid}`,

71
      },

72
      {

73
        subject: `${SERVICE}.project-${uuid}`,

74
        path: `projects/${uuid}/foo/`,

75
      },

76
      {

77
        subject: `${SERVICE}.project-${uuid}`,

78
        path: `projects/${uuid}/${"a".repeat(100000)}`,

79
      },

80
      {

81
        subject: `${SERVICE}.project-${uuid}x`,

82
        path: `projects/${uuid}x/a.txt`,

83
      },

84
    ];

85


86
    for (const { subject, path } of BAD) {

87
      expect(() => assertHasWritePermission({ subject, path })).toThrow();

88
    }

89
  });

90
});

91


92