github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/ui/tests/unit/abilities/client-test.js (about)

     1  /* eslint-disable ember/avoid-leaking-state-in-ember-objects */
     2  import { module, test } from 'qunit';
     3  import { setupTest } from 'ember-qunit';
     4  import Service from '@ember/service';
     5  import setupAbility from 'nomad-ui/tests/helpers/setup-ability';
     6  
     7  module('Unit | Ability | client', function (hooks) {
     8    setupTest(hooks);
     9    setupAbility('client')(hooks);
    10  
    11    test('it permits client read and write when ACLs are disabled', function (assert) {
    12      const mockToken = Service.extend({
    13        aclEnabled: false,
    14      });
    15      this.owner.register('service:token', mockToken);
    16  
    17      assert.ok(this.ability.canRead);
    18      assert.ok(this.ability.canWrite);
    19    });
    20  
    21    test('it permits client read and write for management tokens', function (assert) {
    22      const mockToken = Service.extend({
    23        aclEnabled: true,
    24        selfToken: { type: 'management' },
    25      });
    26      this.owner.register('service:token', mockToken);
    27  
    28      assert.ok(this.ability.canRead);
    29      assert.ok(this.ability.canWrite);
    30    });
    31  
    32    test('it permits client read and write for tokens with a policy that has node-write', function (assert) {
    33      const mockToken = Service.extend({
    34        aclEnabled: true,
    35        selfToken: { type: 'client' },
    36        selfTokenPolicies: [
    37          {
    38            rulesJSON: {
    39              Node: {
    40                Policy: 'write',
    41              },
    42            },
    43          },
    44        ],
    45      });
    46      this.owner.register('service:token', mockToken);
    47  
    48      assert.ok(this.ability.canRead);
    49      assert.ok(this.ability.canWrite);
    50    });
    51  
    52    test('it permits client read and write for tokens with a policy that allows write and another policy that disallows it', function (assert) {
    53      const mockToken = Service.extend({
    54        aclEnabled: true,
    55        selfToken: { type: 'client' },
    56        selfTokenPolicies: [
    57          {
    58            rulesJSON: {
    59              Node: {
    60                Policy: 'write',
    61              },
    62            },
    63          },
    64          {
    65            rulesJSON: {
    66              Node: {
    67                Policy: 'read',
    68              },
    69            },
    70          },
    71        ],
    72      });
    73      this.owner.register('service:token', mockToken);
    74  
    75      assert.ok(this.ability.canRead);
    76      assert.ok(this.ability.canWrite);
    77    });
    78  
    79    test('it permits client read and blocks client write for tokens with a policy that does not allow node-write', function (assert) {
    80      const mockToken = Service.extend({
    81        aclEnabled: true,
    82        selfToken: { type: 'client' },
    83        selfTokenPolicies: [
    84          {
    85            rulesJSON: {
    86              Node: {
    87                Policy: 'read',
    88              },
    89            },
    90          },
    91        ],
    92      });
    93      this.owner.register('service:token', mockToken);
    94  
    95      assert.ok(this.ability.canRead);
    96      assert.notOk(this.ability.canWrite);
    97    });
    98  
    99    test('it blocks client read and write for tokens without a node policy', function (assert) {
   100      const mockToken = Service.extend({
   101        aclEnabled: true,
   102        selfToken: { type: 'client' },
   103        selfTokenPolicies: [
   104          {
   105            rulesJSON: {},
   106          },
   107        ],
   108      });
   109      this.owner.register('service:token', mockToken);
   110  
   111      assert.notOk(this.ability.canRead);
   112      assert.notOk(this.ability.canWrite);
   113    });
   114  });