import { Injectable } from '@angular/core'; import { GCMockModule } from '@core/mocks/gc-module.mock'; import { UserService } from '@features/users/user.service'; import { BeforeEach, Spec, TestCase } from '@yourcause/test-decorators'; import { DescribeAngularService } from '@yourcause/test-decorators/angular'; import { expect } from 'chai'; import { PolicyService } from './policy.service'; @Injectable({ providedIn: 'root' }) @DescribeAngularService(PolicyService, { imports: [ GCMockModule ], providers: [ UserService ] }) export class PolicyServiceSpec implements Spec { budgetMan = { firstName: 'Mock', lastName: 'Spock', active: true, culture: 'en-US', email: 'docmockspock@mailinator.com', id: 1, isRootUser: false, isNewUser: false, jobTitle: 'doctor', profileImageUrl: '', requirePasswordReset: false, roles: [ { policies: [ { allow: true, clientRoleId: 2043, permissionSetType: 1, permissionType: 6 } ], clientRoleId: 1, clientRoleName: 'doc', clientRoleDescription: 'doctor' } ], workflows: [{ id: 1, name: 'doc workflow', description: 'not real' }], workFlowLevels: [{ id: 1, name: 'unreal workflow level', description: 'literally not real', workflow: { id: 1, name: 'doc workflow', description: 'not real' }, clientId: 1 }], acceptedTermsOfService: true, clientHasNominations: true, isInNominationWorkFlow: true, isIntegratedWithCsrZone: true, affiliateId: 2, workflowManager: true, isSso: false }; hackerWeDontTrust = { firstName: 'Hacker', lastName: 'Slacker', active: true, culture: 'en-US', email: 'hackslack@mailinator.com', id: 1, isRootUser: false, isNewUser: false, jobTitle: 'hacker', profileImageUrl: '', requirePasswordReset: false, roles: [ { policies: [ { allow: false, clientRoleId: 2043, permissionSetType: 1, permissionType: 6 } ], clientRoleId: 1, clientRoleName: 'hacker', clientRoleDescription: 'a hacker' } ], workflows: [{ id: 1, name: 'doc workflow', description: 'not real' }], workFlowLevels: [{ id: 1, name: 'unreal workflow level', description: 'literally not real', workflow: { id: 1, name: 'doc workflow', description: 'not real' }, clientId: 1 }], acceptedTermsOfService: true, clientHasNominations: true, isInNominationWorkFlow: true, isIntegratedWithCsrZone: true, affiliateId: 2, workflowManager: false, isSso: false }; kindaShady = { firstName: 'Slim', lastName: 'Kindashady', active: true, culture: 'en-US', email: 'Kindashady@mailinator.com', id: 1, isRootUser: false, isNewUser: false, jobTitle: 'NA', profileImageUrl: '', requirePasswordReset: false, roles: [ { policies: [ { allow: true, clientRoleId: 2043, permissionSetType: 3, permissionType: 1 }, { allow: false, clientRoleId: 2043, permissionSetType: 3, permissionType: 2 } ], clientRoleId: 1, clientRoleName: 'NA', clientRoleDescription: 'NA' } ], workflows: [{ id: 1, name: 'doc workflow', description: 'not real' }], workFlowLevels: [{ id: 1, name: 'unreal workflow level', description: 'literally not real', workflow: { id: 1, name: 'doc workflow', description: 'not real' }, clientId: 1 }], acceptedTermsOfService: true, clientHasNominations: true, isInNominationWorkFlow: true, isIntegratedWithCsrZone: true, affiliateId: 2, workflowManager: false, isSso: false }; rootUser = { firstName: 'Root', lastName: 'User', active: true, culture: 'en-US', email: 'roootintootinuser@mailinator.com', id: 1, isRootUser: true, isNewUser: false, jobTitle: 'doctor', profileImageUrl: '', requirePasswordReset: false, roles: [ { policies: [ { allow: true, clientRoleId: 2043, permissionSetType: 3, permissionType: 1 }, { allow: false, clientRoleId: 2043, permissionSetType: 3, permissionType: 2 } ], clientRoleId: 1, clientRoleName: 'doc', clientRoleDescription: 'doctor' } ], workflows: [{ id: 1, name: 'doc workflow', description: 'not real' }], workFlowLevels: [{ id: 1, name: 'unreal workflow level', description: 'literally not real', workflow: { id: 1, name: 'doc workflow', description: 'not real' }, clientId: 1 }], acceptedTermsOfService: true, clientHasNominations: true, isInNominationWorkFlow: true, isIntegratedWithCsrZone: true, affiliateId: 2, workflowManager: true, isSso: false }; constructor ( private userService: UserService ) { } @BeforeEach() mock (service: PolicyService) { service['userService'] = this.userService; } @TestCase('should be able to grant permissions on the list') basicPermissionsGrantTest (service: PolicyService) { this.userService['set']('user', this.budgetMan); expect(service.system.canManageBudgets()).to.be.true; } @TestCase('should be able to deny permissions absent from list') basicPermissionsDenyTest (service: PolicyService) { this.userService['set']('user', this.budgetMan); expect(service.system.canManageEmails()).to.be.false; } @TestCase('should be able to deny permissions on the deny list') basicDenyListTest (service: PolicyService) { this.userService['set']('user', this.hackerWeDontTrust); expect(service.system.canManageBudgets()).to.be.false; } @TestCase('should be able to grant access to all permissions for root user') basicRootPermissionsTest (service: PolicyService) { this.userService['set']('user', this.rootUser); expect(service.grantApplication.canManageAllApplications()).to.be.true; expect(service.grantApplication.canManageApplicationsInWorkFlows()).to.be.true; expect(service.grantApplication.canCreateOrEditApplications()).to.be.true; expect(service.grantApplication.canSeeMaskedApplicants()).to.be.true; } @TestCase('should be able to ignore deny access permissions for root user') basicRootDenyPermissionsTest (service: PolicyService) { this.userService['set']('user', this.rootUser); expect(service.grantApplication.canManageAllApplications()).to.be.true; expect(service.grantApplication.canManageApplicationsInWorkFlows()).to.be.true; expect(service.grantApplication.canCreateOrEditApplications()).to.be.true; expect(service.grantApplication.canSeeMaskedApplicants()).to.be.true; } @TestCase('should be able to allow some but not all if all permission and deny are both present') basicMixedPermissionsTest (service: PolicyService) { this.userService['set']('user', this.kindaShady); expect(service.grantApplication.canManageAllApplications()).to.be.true; expect(service.grantApplication.canCreateOrEditApplications()).to.be.true; expect(service.grantApplication.canSeeMaskedApplicants()).to.be.true; expect(service.grantApplication.canManageApplicationsInWorkFlows()).to.be.false; } }