From cd0b9227b5bc0c7f4eb57974db6a0e61d43a30ea Mon Sep 17 00:00:00 2001
From: Sebastian Mihalache <sebastian.mihalache@gmail.con>
Date: Tue, 12 Jun 2018 16:44:49 +0300
Subject: [PATCH] feat(component-user-manager): update tests
---
.../config/authsome-helpers.js | 83 ++++++
.../config/authsome-mode.js | 256 ++++++++++++++++++
.../component-user-manager/config/default.js | 71 +++++
.../component-user-manager/config/test.js | 58 ++++
.../src/routes/fragmentsUsers/post.js | 2 +-
.../src/tests/fixtures/collections.js | 3 +-
.../src/tests/fixtures/fragments.js | 15 +
.../delete.test.js | 0
.../get.test.js | 0
.../patch.test.js | 0
.../post.test.js | 42 ++-
11 files changed, 513 insertions(+), 17 deletions(-)
create mode 100644 packages/component-user-manager/config/authsome-helpers.js
create mode 100644 packages/component-user-manager/config/authsome-mode.js
create mode 100644 packages/component-user-manager/src/tests/fixtures/fragments.js
rename packages/component-user-manager/src/tests/{collectionsUsers => fragmentsUsers}/delete.test.js (100%)
rename packages/component-user-manager/src/tests/{collectionsUsers => fragmentsUsers}/get.test.js (100%)
rename packages/component-user-manager/src/tests/{collectionsUsers => fragmentsUsers}/patch.test.js (100%)
rename packages/component-user-manager/src/tests/{collectionsUsers => fragmentsUsers}/post.test.js (78%)
diff --git a/packages/component-user-manager/config/authsome-helpers.js b/packages/component-user-manager/config/authsome-helpers.js
new file mode 100644
index 000000000..1b7642bfc
--- /dev/null
+++ b/packages/component-user-manager/config/authsome-helpers.js
@@ -0,0 +1,83 @@
+const omit = require('lodash/omit')
+const config = require('config')
+const get = require('lodash/get')
+
+const statuses = config.get('statuses')
+
+const publicStatusesPermissions = ['author', 'reviewer']
+
+const parseAuthorsData = (coll, matchingCollPerm) => {
+ if (['reviewer'].includes(matchingCollPerm.permission)) {
+ coll.authors = coll.authors.map(a => omit(a, ['email']))
+ }
+}
+
+const setPublicStatuses = (coll, matchingCollPerm) => {
+ const status = get(coll, 'status') || 'draft'
+ // coll.visibleStatus = statuses[status].public
+ if (publicStatusesPermissions.includes(matchingCollPerm.permission)) {
+ coll.visibleStatus = statuses[status].public
+ }
+}
+
+const filterRefusedInvitations = (coll, user) => {
+ const matchingInv = coll.invitations.find(inv => inv.userId === user.id)
+ if (matchingInv === undefined) return null
+ if (matchingInv.hasAnswer === true && !matchingInv.isAccepted) return null
+ return coll
+}
+
+const filterObjectData = (
+ collectionsPermissions = [],
+ object = {},
+ user = {},
+) => {
+ if (object.type === 'fragment') {
+ const matchingCollPerm = collectionsPermissions.find(
+ collPerm => object.id === collPerm.fragmentId,
+ )
+ if (matchingCollPerm === undefined) return null
+ if (['reviewer'].includes(matchingCollPerm.permission)) {
+ object.files = omit(object.files, ['coverLetter'])
+ if (object.recommendations)
+ object.recommendations = object.recommendations.filter(
+ rec => rec.userId === user.id,
+ )
+ }
+
+ return object
+ }
+ const matchingCollPerm = collectionsPermissions.find(
+ collPerm => object.id === collPerm.id,
+ )
+ if (matchingCollPerm === undefined) return null
+ setPublicStatuses(object, matchingCollPerm)
+ parseAuthorsData(object, matchingCollPerm)
+ if (['reviewer', 'handlingEditor'].includes(matchingCollPerm.permission)) {
+ return filterRefusedInvitations(object, user)
+ }
+
+ return object
+}
+
+const getTeamsByPermissions = async (teamIds = [], permissions, TeamModel) => {
+ const teams = await Promise.all(
+ teamIds.map(async teamId => {
+ const team = await TeamModel.find(teamId)
+ if (!permissions.includes(team.teamType.permissions)) {
+ return null
+ }
+ return team
+ }),
+ )
+
+ return teams.filter(Boolean)
+}
+
+module.exports = {
+ parseAuthorsData,
+ setPublicStatuses,
+ filterRefusedInvitations,
+ filterObjectData,
+ getTeamsByPermissions,
+}
diff --git a/packages/component-user-manager/config/authsome-mode.js b/packages/component-user-manager/config/authsome-mode.js
new file mode 100644
index 000000000..948dd93e2
--- /dev/null
+++ b/packages/component-user-manager/config/authsome-mode.js
@@ -0,0 +1,256 @@
+const get = require('lodash/get')
+const pickBy = require('lodash/pickBy')
+const omit = require('lodash/omit')
+const helpers = require('./authsome-helpers')
+
+async function teamPermissions(user, operation, object, context) {
+ const permissions = ['handlingEditor', 'author', 'reviewer']
+ const teams = await helpers.getTeamsByPermissions(
+ user.teams,
+ permissions,
+ context.models.Team,
+ )
+
+ let collectionsPermissions = await Promise.all(
+ teams.map(async team => {
+ const collection = await context.models.Collection.find(team.object.id)
+ if (
+ collection.status === 'rejected' &&
+ team.teamType.permissions === 'reviewer'
+ )
+ return null
+ const collPerm = {
+ id: collection.id,
+ permission: team.teamType.permissions,
+ }
+ const objectType = get(object, 'type')
+ if (objectType === 'fragment') {
+ if (collection.fragments.includes(object.id))
+ collPerm.fragmentId = object.id
+ else return null
+ }
+
+ if (objectType === 'collection')
+ if (object.id !== collection.id) return null
+ return collPerm
+ }),
+ )
+ collectionsPermissions = collectionsPermissions.filter(cp => cp !== null)
+ if (collectionsPermissions.length === 0) return false
+
+ return {
+ filter: filterParam => {
+ if (!filterParam.length) {
+ return helpers.filterObjectData(
+ collectionsPermissions,
+ filterParam,
+ user,
+ )
+ }
+
+ const collections = filterParam
+ .map(coll =>
+ helpers.filterObjectData(collectionsPermissions, coll, user),
+ )
+ .filter(Boolean)
+ return collections
+ },
+ }
+}
+
+function unauthenticatedUser(operation, object) {
+ // Public/unauthenticated users can GET /collections, filtered by 'published'
+ if (operation === 'GET' && object && object.path === '/collections') {
+ return {
+ filter: collections =>
+ collections.filter(collection => collection.published),
+ }
+ }
+
+ // Public/unauthenticated users can GET /collections/:id/fragments, filtered by 'published'
+ if (
+ operation === 'GET' &&
+ object &&
+ object.path === '/collections/:id/fragments'
+ ) {
+ return {
+ filter: fragments => fragments.filter(fragment => fragment.published),
+ }
+ }
+
+ // and filtered individual collection's properties: id, title, source, content, owners
+ if (operation === 'GET' && object && object.type === 'collection') {
+ if (object.published) {
+ return {
+ filter: collection =>
+ pickBy(collection, (_, key) =>
+ ['id', 'title', 'owners'].includes(key),
+ ),
+ }
+ }
+ }
+
+ if (operation === 'GET' && object && object.type === 'fragment') {
+ if (object.published) {
+ return {
+ filter: fragment =>
+ pickBy(fragment, (_, key) =>
+ ['id', 'title', 'source', 'presentation', 'owners'].includes(key),
+ ),
+ }
+ }
+ }
+
+ return false
+}
+
+async function authenticatedUser(user, operation, object, context) {
+ // Allow the authenticated user to POST a collection (but not with a 'filtered' property)
+ if (operation === 'POST' && object.path === '/collections') {
+ return {
+ filter: collection => omit(collection, 'filtered'),
+ }
+ }
+
+ if (
+ operation === 'POST' &&
+ object.path === '/collections/:collectionId/fragments'
+ ) {
+ return true
+ }
+
+ // allow authenticate owners full pass for a collection
+ if (get(object, 'type') === 'collection') {
+ if (operation === 'PATCH') {
+ return {
+ filter: collection => omit(collection, 'filtered'),
+ }
+ }
+ if (object.owners.includes(user.id)) return true
+ const owner = object.owners.find(own => own.id === user.id)
+ if (owner !== undefined) return true
+ }
+
+ // Allow owners of a collection to GET its teams, e.g.
+ // GET /api/collections/1/teams
+ if (operation === 'GET' && get(object, 'path') === '/teams') {
+ const collectionId = get(object, 'params.collectionId')
+ if (collectionId) {
+ const collection = await context.models.Collection.find(collectionId)
+ if (collection.owners.includes(user.id)) {
+ return true
+ }
+ }
+ }
+
+ if (
+ operation === 'GET' &&
+ get(object, 'type') === 'team' &&
+ get(object, 'object.type') === 'collection'
+ ) {
+ const collection = await context.models.Collection.find(
+ get(object, 'object.id'),
+ )
+ if (collection.owners.includes(user.id)) {
+ return true
+ }
+ }
+
+ // Advanced example
+ // Allow authenticated users to create a team based around a collection
+ // if they are one of the owners of this collection
+ if (['POST', 'PATCH'].includes(operation) && get(object, 'type') === 'team') {
+ if (get(object, 'object.type') === 'collection') {
+ const collection = await context.models.Collection.find(
+ get(object, 'object.id'),
+ )
+ if (collection.owners.includes(user.id)) {
+ return true
+ }
+ }
+ }
+
+ // only allow the HE to create, delete an invitation, or get invitation details
+ if (
+ ['POST', 'GET', 'DELETE'].includes(operation) &&
+ get(object.collection, 'type') === 'collection' &&
+ object.path.includes('invitations')
+ ) {
+ const collection = await context.models.Collection.find(
+ get(object.collection, 'id'),
+ )
+ const handlingEditor = get(collection, 'handlingEditor')
+ if (!handlingEditor) return false
+ if (handlingEditor.id === user.id) return true
+ return false
+ }
+
+ // only allow a reviewer and an HE to submit and to modify a recommendation
+ if (
+ ['POST', 'PATCH'].includes(operation) &&
+ get(object.collection, 'type') === 'collection' &&
+ object.path.includes('recommendations')
+ ) {
+ const collection = await context.models.Collection.find(
+ get(object.collection, 'id'),
+ )
+ const teams = await helpers.getTeamsByPermissions(
+ user.teams,
+ ['reviewer', 'handlingEditor'],
+ context.models.Team,
+ )
+ if (teams.length === 0) return false
+ const matchingTeam = teams.find(team => team.object.id === collection.id)
+ if (matchingTeam) return true
+ return false
+ }
+
+ if (user.teams.length !== 0 && ['GET'].includes(operation)) {
+ const permissions = await teamPermissions(user, operation, object, context)
+
+ if (permissions) {
+ return permissions
+ }
+
+ return false
+ }
+
+ if (get(object, 'type') === 'fragment') {
+ const fragment = object
+
+ if (fragment.owners.includes(user.id)) {
+ return true
+ }
+ }
+
+ // A user can GET, DELETE and PATCH itself
+ if (get(object, 'type') === 'user' && get(object, 'id') === user.id) {
+ if (['GET', 'DELETE', 'PATCH'].includes(operation)) {
+ return true
+ }
+ }
+ // If no individual permissions exist (above), fallback to unauthenticated
+ // user's permission
+ return unauthenticatedUser(operation, object)
+}
+
+const authsomeMode = async (userId, operation, object, context) => {
+ if (!userId) {
+ return unauthenticatedUser(operation, object)
+ }
+
+ // It's up to us to retrieve the relevant models for our
+ // authorization/authsome mode, e.g.
+ const user = await context.models.User.find(userId)
+
+ // Admins and editor in chiefs can do anything
+ if (user && (user.admin || user.editorInChief)) return true
+
+ if (user) {
+ return authenticatedUser(user, operation, object, context)
+ }
+
+ return false
+}
+
+module.exports = authsomeMode
diff --git a/packages/component-user-manager/config/default.js b/packages/component-user-manager/config/default.js
index 350b9de77..5d8cb0c55 100644
--- a/packages/component-user-manager/config/default.js
+++ b/packages/component-user-manager/config/default.js
@@ -1,4 +1,17 @@
+const path = require('path')
+
module.exports = {
+ authsome: {
+ mode: path.resolve(__dirname, 'authsome-mode.js'),
+ teams: {
+ handlingEditor: {
+ name: 'Handling Editors',
+ },
+ reviewer: {
+ name: 'Reviewer',
+ },
+ },
+ },
mailer: {
from: 'test@example.com',
},
@@ -16,4 +29,62 @@ module.exports = {
handlingEditor: ['reviewer'],
},
},
+ statuses: {
+ draft: {
+ public: 'Draft',
+ private: 'Draft',
+ },
+ submitted: {
+ public: 'Submitted',
+ private: 'Submitted',
+ },
+ heInvited: {
+ public: 'Submitted',
+ private: 'Handling Editor Invited',
+ },
+ heAssigned: {
+ public: 'Handling Editor Assigned',
+ private: 'Handling Editor Assigned',
+ },
+ reviewersInvited: {
+ public: 'Reviewers Invited',
+ private: 'Reviewers Invited',
+ },
+ underReview: {
+ public: 'Under Review',
+ private: 'Under Review',
+ },
+ reviewCompleted: {
+ public: 'Under Review',
+ private: 'Review Completed',
+ },
+ pendingApproval: {
+ public: 'Under Review',
+ private: 'Pending Approval',
+ },
+ revisionRequested: {
+ public: 'Revision Requested',
+ private: 'Revision Requested',
+ },
+ rejected: {
+ public: 'Rejected',
+ private: 'Rejected',
+ },
+ published: {
+ public: 'Published',
+ private: 'Published',
+ },
+ },
+ 'manuscript-types': {
+ research: 'Research',
+ review: 'Review',
+ 'clinical-study': 'Clinical Study',
+ 'case-report': 'Case Report',
+ 'letter-to-editor': 'Letter to the Editor',
+ editorial: 'Editorial',
+ corrigendum: 'Corrigendum',
+ erratum: 'Erratum',
+ 'expression-of-concern': 'Expression of Concern',
+ retraction: 'Retraction',
+ },
}
diff --git a/packages/component-user-manager/config/test.js b/packages/component-user-manager/config/test.js
index a1e52fc0b..63452331a 100644
--- a/packages/component-user-manager/config/test.js
+++ b/packages/component-user-manager/config/test.js
@@ -17,4 +17,62 @@ module.exports = {
author: ['author'],
},
},
+ statuses: {
+ draft: {
+ public: 'Draft',
+ private: 'Draft',
+ },
+ submitted: {
+ public: 'Submitted',
+ private: 'Submitted',
+ },
+ heInvited: {
+ public: 'Submitted',
+ private: 'Handling Editor Invited',
+ },
+ heAssigned: {
+ public: 'Handling Editor Assigned',
+ private: 'Handling Editor Assigned',
+ },
+ reviewersInvited: {
+ public: 'Reviewers Invited',
+ private: 'Reviewers Invited',
+ },
+ underReview: {
+ public: 'Under Review',
+ private: 'Under Review',
+ },
+ reviewCompleted: {
+ public: 'Under Review',
+ private: 'Review Completed',
+ },
+ pendingApproval: {
+ public: 'Under Review',
+ private: 'Pending Approval',
+ },
+ revisionRequested: {
+ public: 'Revision Requested',
+ private: 'Revision Requested',
+ },
+ rejected: {
+ public: 'Rejected',
+ private: 'Rejected',
+ },
+ published: {
+ public: 'Published',
+ private: 'Published',
+ },
+ },
+ 'manuscript-types': {
+ research: 'Research',
+ review: 'Review',
+ 'clinical-study': 'Clinical Study',
+ 'case-report': 'Case Report',
+ 'letter-to-editor': 'Letter to the Editor',
+ editorial: 'Editorial',
+ corrigendum: 'Corrigendum',
+ erratum: 'Erratum',
+ 'expression-of-concern': 'Expression of Concern',
+ retraction: 'Retraction',
+ },
}
diff --git a/packages/component-user-manager/src/routes/fragmentsUsers/post.js b/packages/component-user-manager/src/routes/fragmentsUsers/post.js
index e56684645..200d12682 100644
--- a/packages/component-user-manager/src/routes/fragmentsUsers/post.js
+++ b/packages/component-user-manager/src/routes/fragmentsUsers/post.js
@@ -28,7 +28,7 @@ module.exports = models => async (req, res) => {
return res.status(400).json({
error: `Fragment ${fragmentId} does not match collection ${collectionId}`,
})
- fragment = await models.Collection.find(fragmentId)
+ fragment = await models.Fragment.find(fragmentId)
} catch (e) {
const notFoundError = await services.handleNotFoundError(e, 'item')
return res.status(notFoundError.status).json({
diff --git a/packages/component-user-manager/src/tests/fixtures/collections.js b/packages/component-user-manager/src/tests/fixtures/collections.js
index bd50ad595..6c4e02668 100644
--- a/packages/component-user-manager/src/tests/fixtures/collections.js
+++ b/packages/component-user-manager/src/tests/fixtures/collections.js
@@ -1,5 +1,6 @@
const Chance = require('chance')
const { submittingAuthor } = require('./userData')
+const { fragment } = require('./fragments')
const chance = new Chance()
const collections = {
@@ -7,7 +8,7 @@ const collections = {
id: chance.guid(),
title: chance.sentence(),
type: 'collection',
- fragments: [],
+ fragments: [fragment.id],
owners: [submittingAuthor.id],
authors: [
{
diff --git a/packages/component-user-manager/src/tests/fixtures/fragments.js b/packages/component-user-manager/src/tests/fixtures/fragments.js
new file mode 100644
index 000000000..08d0eedf3
--- /dev/null
+++ b/packages/component-user-manager/src/tests/fixtures/fragments.js
@@ -0,0 +1,15 @@
+const Chance = require('chance')
+
+const chance = new Chance()
+const fragments = {
+ fragment: {
+ id: chance.guid(),
+ metadata: {
+ title: chance.sentence(),
+ abstract: chance.paragraph(),
+ },
+ recommendations: [],
+ },
+}
+
+module.exports = fragments
diff --git a/packages/component-user-manager/src/tests/collectionsUsers/delete.test.js b/packages/component-user-manager/src/tests/fragmentsUsers/delete.test.js
similarity index 100%
rename from packages/component-user-manager/src/tests/collectionsUsers/delete.test.js
rename to packages/component-user-manager/src/tests/fragmentsUsers/delete.test.js
diff --git a/packages/component-user-manager/src/tests/collectionsUsers/get.test.js b/packages/component-user-manager/src/tests/fragmentsUsers/get.test.js
similarity index 100%
rename from packages/component-user-manager/src/tests/collectionsUsers/get.test.js
rename to packages/component-user-manager/src/tests/fragmentsUsers/get.test.js
diff --git a/packages/component-user-manager/src/tests/collectionsUsers/patch.test.js b/packages/component-user-manager/src/tests/fragmentsUsers/patch.test.js
similarity index 100%
rename from packages/component-user-manager/src/tests/collectionsUsers/patch.test.js
rename to packages/component-user-manager/src/tests/fragmentsUsers/patch.test.js
diff --git a/packages/component-user-manager/src/tests/collectionsUsers/post.test.js b/packages/component-user-manager/src/tests/fragmentsUsers/post.test.js
similarity index 78%
rename from packages/component-user-manager/src/tests/collectionsUsers/post.test.js
rename to packages/component-user-manager/src/tests/fragmentsUsers/post.test.js
index eede871a5..b826f58d2 100644
--- a/packages/component-user-manager/src/tests/collectionsUsers/post.test.js
+++ b/packages/component-user-manager/src/tests/fragmentsUsers/post.test.js
@@ -5,8 +5,8 @@ const httpMocks = require('node-mocks-http')
const fixtures = require('./../fixtures/fixtures')
const Chance = require('chance')
const Model = require('./../helpers/Model')
+const cloneDeep = require('lodash/cloneDeep')
-const models = Model.build()
jest.mock('pubsweet-component-mail-service', () => ({
sendSimpleEmail: jest.fn(),
sendNotificationEmail: jest.fn(),
@@ -15,20 +15,30 @@ const chance = new Chance()
const { author, submittingAuthor } = fixtures.users
const { standardCollection } = fixtures.collections
-const postPath = '../../routes/collectionsUsers/post'
-const body = {
+const postPath = '../../routes/fragmentsUsers/post'
+const reqBody = {
email: chance.email(),
role: 'author',
isSubmitting: true,
isCorresponding: false,
}
-describe('Post collections users route handler', () => {
- it('should return success when an author adds a new user to a collection', async () => {
+describe('Post fragments users route handler', () => {
+ let testFixtures = {}
+ let body = {}
+ let models
+ beforeEach(() => {
+ testFixtures = cloneDeep(fixtures)
+ body = cloneDeep(reqBody)
+ models = Model.build(testFixtures)
+ })
+ it('should return success when an author adds a new user to a fragment', async () => {
const req = httpMocks.createRequest({
body,
})
req.user = submittingAuthor.id
req.params.collectionId = standardCollection.id
+ const [fragmentId] = standardCollection.fragments
+ req.params.fragmentId = fragmentId
const res = httpMocks.createResponse()
await require(postPath)(models)(req, res)
@@ -36,36 +46,32 @@ describe('Post collections users route handler', () => {
const data = JSON.parse(res._getData())
expect(data.email).toEqual(body.email)
expect(data.invitations).toBeUndefined()
- const matchingAuthor = standardCollection.authors.find(
- author => author.userId === data.id,
- )
- expect(matchingAuthor).toBeDefined()
})
- it('should return success when an author adds an existing user as co author to a collection', async () => {
+ it('should return success when an author adds an existing user as co author to a fragment', async () => {
body.email = author.email
const req = httpMocks.createRequest({
body,
})
req.user = submittingAuthor.id
req.params.collectionId = standardCollection.id
+ const [fragmentId] = standardCollection.fragments
+ req.params.fragmentId = fragmentId
const res = httpMocks.createResponse()
await require(postPath)(models)(req, res)
expect(res.statusCode).toBe(200)
const data = JSON.parse(res._getData())
expect(data.email).toEqual(body.email)
- const matchingAuthor = standardCollection.authors.find(
- auth => auth.userId === author.id,
- )
- expect(matchingAuthor).toBeDefined()
})
- it('should return an error when the an author is added to the same collection', async () => {
+ it('should return an error when the an author is added to the same fragment', async () => {
body.email = submittingAuthor.email
const req = httpMocks.createRequest({
body,
})
req.user = submittingAuthor.id
req.params.collectionId = standardCollection.id
+ const [fragmentId] = standardCollection.fragments
+ req.params.fragmentId = fragmentId
const res = httpMocks.createResponse()
await require(postPath)(models)(req, res)
@@ -82,6 +88,8 @@ describe('Post collections users route handler', () => {
})
req.user = submittingAuthor.id
req.params.collectionId = standardCollection.id
+ const [fragmentId] = standardCollection.fragments
+ req.params.fragmentId = fragmentId
const res = httpMocks.createResponse()
await require(postPath)(models)(req, res)
@@ -97,6 +105,8 @@ describe('Post collections users route handler', () => {
})
req.user = submittingAuthor.id
req.params.collectionId = standardCollection.id
+ const [fragmentId] = standardCollection.fragments
+ req.params.fragmentId = fragmentId
const res = httpMocks.createResponse()
await require(postPath)(models)(req, res)
@@ -112,6 +122,8 @@ describe('Post collections users route handler', () => {
})
req.user = submittingAuthor.id
req.params.collectionId = standardCollection.id
+ const [fragmentId] = standardCollection.fragments
+ req.params.fragmentId = fragmentId
const res = httpMocks.createResponse()
await require(postPath)(models)(req, res)
--
GitLab