@startupjs/sharedb-access
Advanced tools
Comparing version 0.29.2 to 0.29.4
@@ -5,8 +5,2 @@ const _ = require('lodash') | ||
// there are local extensions of error codes for error classification | ||
// code 403.1: Permission denied (create) | ||
// code 403.2: Permission denied (read) | ||
// code 403.3: Permission denied (update) | ||
// code 403.4: Permission denied (delete) | ||
const operations = [ | ||
@@ -140,3 +134,3 @@ 'Read', | ||
return { message: '403: Permission denied (update), collection: ' + collection + ', docId: ' + docId, code: 403.3 } | ||
return { message: '403: Permission denied (update), collection: ' + collection + ', docId: ' + docId, code: 403 } | ||
} | ||
@@ -177,3 +171,3 @@ | ||
return { message: '403: Permission denied (create), collection: ' + collection + ', docId: ' + docId, code: 403.1 } | ||
return { message: '403: Permission denied (create), collection: ' + collection + ', docId: ' + docId, code: 403 } | ||
} | ||
@@ -189,3 +183,3 @@ | ||
return { message: '403: Permission denied (delete), collection: ' + collection + ', docId: ' + docId, code: 403.4 } | ||
return { message: '403: Permission denied (delete), collection: ' + collection + ', docId: ' + docId, code: 403 } | ||
} | ||
@@ -237,3 +231,3 @@ | ||
return { message: '403: Permission denied (read), collection: ' + collection + ', docId: ' + docId, code: 403.2 } | ||
return { message: '403: Permission denied (read), collection: ' + collection + ', docId: ' + docId, code: 403 } | ||
} | ||
@@ -240,0 +234,0 @@ |
{ | ||
"name": "@startupjs/sharedb-access", | ||
"version": "0.29.2", | ||
"version": "0.29.4", | ||
"description": "Sharedb access-control midleware", | ||
@@ -36,3 +36,3 @@ "publishConfig": { | ||
}, | ||
"gitHead": "ae4aa50407840410fd4822748e2a409fb5c68dfa" | ||
"gitHead": "c9f466ea1e4bfdec2cd602bd646de1f4d75bd3cd" | ||
} |
@@ -14,2 +14,5 @@ const assert = require('assert') | ||
const $session = model.scope('_session') | ||
const errorTemplate = 'Permission denied (create)' | ||
describe('CREATE', function () { | ||
@@ -21,3 +24,3 @@ afterEach(function () { | ||
it('deny = false && allow = false => err{ code: 403.1 }', async () => { | ||
it('deny = false && allow = false => err{ code: 403 }', async () => { | ||
backend.denyCreate('tasksCreate', async (docId, doc, session) => { | ||
@@ -32,7 +35,10 @@ return false | ||
await model.add('tasksCreate', { id, type: 'testCreate' }) | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.1) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
@@ -57,3 +63,3 @@ | ||
it('deny = true && allow = false => err{ code: 403.1 }', async () => { | ||
it('deny = true && allow = false => err{ code: 403 }', async () => { | ||
backend.denyCreate('tasksCreate', async (docId, doc, session) => { | ||
@@ -69,10 +75,13 @@ return true | ||
await model.add('tasksCreate', { id, type: 'testCreate' }) | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.1) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
it('deny = true && allow = true => err{ code: 403.1 }', async () => { | ||
it('deny = true && allow = true => err{ code: 403 }', async () => { | ||
backend.denyCreate('tasksCreate', async (docId, doc, session) => { | ||
@@ -88,8 +97,11 @@ return true | ||
await model.add('tasksCreate', { id, type: 'testCreate' }) | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.1) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
}) |
@@ -15,2 +15,5 @@ const assert = require('assert') | ||
const $session = model.scope('_session') | ||
const errorTemplate = 'Permission denied (delete)' | ||
describe('DELETE', function () { | ||
@@ -36,3 +39,3 @@ before(async () => { | ||
it('deny = false && allow = false => err{ code: 403.4 }', async () => { | ||
it('deny = false && allow = false => err{ code: 403 }', async () => { | ||
backend.denyDelete('tasksDelete', async (docId, doc, session) => { | ||
@@ -49,7 +52,10 @@ return false | ||
await $task.del() | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.4) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
@@ -76,3 +82,3 @@ | ||
it('deny = true && allow = false => err{ code: 403.4 }', async () => { | ||
it('deny = true && allow = false => err{ code: 403 }', async () => { | ||
backend.denyCreate('tasksCreate', async (docId, doc, session) => { | ||
@@ -89,10 +95,13 @@ return true | ||
await $task.del() | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.4) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
it('deny = true && allow = true => err{ code: 403.4 }', async () => { | ||
it('deny = true && allow = true => err{ code: 403 }', async () => { | ||
backend.denyCreate('tasksCreate', async (docId, doc, session) => { | ||
@@ -109,8 +118,11 @@ return true | ||
await $task.del() | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.4) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
}) |
@@ -15,2 +15,5 @@ const assert = require('assert') | ||
const $session = model.scope('_session') | ||
const errorTemplate = 'Permission denied (read)' | ||
describe('READ', function () { | ||
@@ -50,3 +53,3 @@ before(async () => { | ||
it('deny = false && allow = false => err{ code: 403.2 }', async () => { | ||
it('deny = false && allow = false => err{ code: 403 }', async () => { | ||
backend.denyRead('tasksRead', async (docId, doc, session) => { | ||
@@ -63,10 +66,13 @@ return false | ||
$task.unsubscribe() | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.2) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
it('deny = true && allow = false => err{ code: 403.2 }', async () => { | ||
it('deny = true && allow = false => err{ code: 403 }', async () => { | ||
backend.denyRead('tasksRead', async (docId, doc, session) => { | ||
@@ -83,10 +89,13 @@ return true | ||
$task.unsubscribe() | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.2) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
it('deny = true && allow = true => err{ code: 403.2 }', async () => { | ||
it('deny = true && allow = true => err{ code: 403 }', async () => { | ||
backend.denyRead('tasksRead', async (docId, doc, session) => { | ||
@@ -102,8 +111,11 @@ return true | ||
$task.unsubscribe() | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.2) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
}) |
@@ -15,2 +15,5 @@ const assert = require('assert') | ||
const $session = model.scope('_session') | ||
const errorTemplate = 'Permission denied (update)' | ||
// test number so that each change is unique | ||
@@ -41,3 +44,3 @@ let number = 1 | ||
it('deny = false && allow = false => err{ code: 403.3 }', async () => { | ||
it('deny = false && allow = false => err{ code: 403 }', async () => { | ||
backend.denyUpdate('tasksUpdate', async (docId, oldDoc, session, ops, newDoc) => { | ||
@@ -53,7 +56,10 @@ return false | ||
await $task.set('newField' + getTestNumber(), 'testInfo') | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.3) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
@@ -79,3 +85,3 @@ | ||
it('deny = true && allow = false => err{ code: 403.3 }', async () => { | ||
it('deny = true && allow = false => err{ code: 403 }', async () => { | ||
backend.denyUpdate('tasksUpdate', async (docId, oldDoc, session, ops, newDoc) => { | ||
@@ -91,10 +97,13 @@ return true | ||
await $task.set('newField' + getTestNumber(), 'testInfo') | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.3) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
it('deny = true && allow = true => err{ code: 403.3 }', async () => { | ||
it('deny = true && allow = true => err{ code: 403 }', async () => { | ||
backend.denyUpdate('tasksUpdate', async (docId, oldDoc, session, ops, newDoc) => { | ||
@@ -110,8 +119,11 @@ return true | ||
await $task.set('newField' + getTestNumber(), 'testInfo') | ||
const accessError = $session.get('_accessError') | ||
assert.strictEqual(accessError.message.includes(errorTemplate), true) | ||
assert.strictEqual(accessError.code, 403) | ||
} catch (e) { | ||
assert.strictEqual(e.code, 403.3) | ||
return | ||
assert(false) | ||
} | ||
assert(false) | ||
}) | ||
}) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
27232
667