diff --git a/app/src/controllers/invite.js b/app/src/controllers/invite.js index aad74a94..bc5727ee 100644 --- a/app/src/controllers/invite.js +++ b/app/src/controllers/invite.js @@ -177,7 +177,37 @@ const controller = { } // Assign array of permCode to the bucket or object invite.permissionsCode.forEach(async permCode => { - await setPermissions(permCode, invite, token, userId, req); + if (invite.type === ResourceType.OBJECT) { + // Check for object existence + await objectService.read(invite.resource).catch(() => { + inviteService.delete(token); + throw new Problem(409, { + detail: `Object '${invite.resource}' not found`, + instance: req.originalUrl, + objectId: invite.resource + }); + }); + + // Grant invitation permission and cleanup + await objectPermissionService.addPermissions(invite.resource, [ + { userId: userId, permCode: permCode } + ], invite.createdBy); + } else if (invite.type === ResourceType.BUCKET) { + // Check for object existence + await bucketService.read(invite.resource).catch(() => { + inviteService.delete(token); + throw new Problem(409, { + detail: `Bucket '${invite.resource}' not found`, + instance: req.originalUrl, + bucketId: invite.resource + }); + }); + + // Grant invitation permission and cleanup + await bucketPermissionService.addPermissions(invite.resource, [ + { userId: userId, permCode: permCode } + ], invite.createdBy); + } }); // Cleanup invite on success @@ -197,46 +227,4 @@ const controller = { } }; -/** - * @function setPermissions - * Set permissions to bucket or object - * @param {object} invite service object - * @param {object} token object - * @param {string} [currentUserId=SYSTEM_USER] The optional userId uuid actor; defaults to system user if unspecified - * @param {object} res Express response object - */ -async function setPermissions(permCode, invite, token, userId, req) { - if (invite.type === ResourceType.OBJECT) { - // Check for object existence - await objectService.read(invite.resource).catch(() => { - inviteService.delete(token); - throw new Problem(409, { - detail: `Object '${invite.resource}' not found`, - instance: req.originalUrl, - objectId: invite.resource - }); - }); - - // Grant invitation permission and cleanup - await objectPermissionService.addPermissions(invite.resource, [ - { userId: userId, permCode: permCode } - ], invite.createdBy); - } else if (invite.type === ResourceType.BUCKET) { - // Check for object existence - await bucketService.read(invite.resource).catch(() => { - inviteService.delete(token); - throw new Problem(409, { - detail: `Bucket '${invite.resource}' not found`, - instance: req.originalUrl, - bucketId: invite.resource - }); - }); - - // Grant invitation permission and cleanup - await bucketPermissionService.addPermissions(invite.resource, [ - { userId: userId, permCode: permCode } - ], invite.createdBy); - } -} - module.exports = controller; diff --git a/app/tests/unit/controllers/invite.spec.js b/app/tests/unit/controllers/invite.spec.js index de51c006..ddb9f944 100644 --- a/app/tests/unit/controllers/invite.spec.js +++ b/app/tests/unit/controllers/invite.spec.js @@ -362,7 +362,7 @@ describe('createInvite', () => { describe('useInvite', () => { const bucketAddPermissionsSpy = jest.spyOn(bucketPermissionService, 'addPermissions'); - //const bucketReadSpy = jest.spyOn(bucketService, 'read'); + const bucketReadSpy = jest.spyOn(bucketService, 'read'); const getCurrentIdentitySpy = jest.spyOn(utils, 'getCurrentIdentity'); const getCurrentUserIdSpy = jest.spyOn(userService, 'getCurrentUserId'); const inviteDeleteSpy = jest.spyOn(inviteService, 'delete'); @@ -468,8 +468,7 @@ describe('useInvite', () => { }; inviteReadSpy.mockResolvedValue({ - email: email, resource: RESOURCE, type: ResourceType.OBJECT, - createdBy: SYSTEM_USER, permissionsCode: ['READ', 'UPDATE'] + email: email, resource: RESOURCE, type: ResourceType.OBJECT, createdBy: SYSTEM_USER, permissionsCode: ['READ'] }); objectAddPermissionsSpy.mockResolvedValue({}); objectReadSpy.mockResolvedValue({}); @@ -477,15 +476,12 @@ describe('useInvite', () => { await controller.useInvite(req, res, next); expect(bucketAddPermissionsSpy).toHaveBeenCalledTimes(0); - //expect(bucketReadSpy).toHaveBeenCalledTimes(0); + expect(bucketReadSpy).toHaveBeenCalledTimes(0); expect(inviteDeleteSpy).toHaveBeenCalledTimes(1); expect(inviteDeleteSpy).toHaveBeenCalledWith(TOKEN); expect(inviteReadSpy).toHaveBeenCalledTimes(1); expect(inviteReadSpy).toHaveBeenCalledWith(TOKEN); expect(objectAddPermissionsSpy).toHaveBeenCalledTimes(0); - // expect(objectAddPermissionsSpy).toHaveBeenCalledWith(RESOURCE, [ - // { userId: USR_ID, permCode: Permissions.READ } - // ], SYSTEM_USER); expect(objectReadSpy).toHaveBeenCalledTimes(1); expect(objectReadSpy).toHaveBeenCalledWith(RESOURCE); expect(next).toHaveBeenCalledTimes(0); @@ -501,21 +497,16 @@ describe('useInvite', () => { }; inviteReadSpy.mockResolvedValue({ email: email, resource: RESOURCE, type: ResourceType.BUCKET }); - //bucketReadSpy.mockRejectedValue({}); + bucketReadSpy.mockRejectedValue({}); await controller.useInvite(req, res, next); expect(bucketAddPermissionsSpy).toHaveBeenCalledTimes(0); - //expect(bucketReadSpy).toHaveBeenCalledTimes(0); - //expect(bucketReadSpy).toHaveBeenCalledWith(RESOURCE); + expect(bucketReadSpy).toHaveBeenCalledTimes(0); expect(inviteDeleteSpy).toHaveBeenCalledTimes(0); - //expect(inviteDeleteSpy).toHaveBeenCalledWith(TOKEN); expect(inviteReadSpy).toHaveBeenCalledTimes(1); expect(inviteReadSpy).toHaveBeenCalledWith(TOKEN); - expect(objectAddPermissionsSpy).toHaveBeenCalledTimes(0); - expect(objectReadSpy).toHaveBeenCalledTimes(0); - expect(next).toHaveBeenCalledTimes(1); - expect(next).toHaveBeenCalledWith(new Problem(409)); + expect(bucketAddPermissionsSpy).toHaveBeenCalledTimes(0); }); it('should 200 when bucket grant successful', async () => { @@ -526,28 +517,24 @@ describe('useInvite', () => { }; inviteReadSpy.mockResolvedValue({ - email: email, resource: RESOURCE, type: ResourceType.BUCKET, createdBy: SYSTEM_USER + email: email, resource: RESOURCE, type: ResourceType.BUCKET, createdBy: SYSTEM_USER, permissionsCode: ['READ'] }); bucketAddPermissionsSpy.mockResolvedValue({}); - //bucketReadSpy.mockResolvedValue({}); + bucketReadSpy.mockResolvedValue({}); await controller.useInvite(req, res, next); expect(bucketAddPermissionsSpy).toHaveBeenCalledTimes(0); - //expect(bucketReadSpy).toHaveBeenCalledTimes(0); - // expect(bucketAddPermissionsSpy).toHaveBeenCalledWith(RESOURCE, [ - // { userId: USR_ID, permCode: Permissions.READ } - // ], SYSTEM_USER); - //expect(bucketReadSpy).toHaveBeenCalledWith(RESOURCE); - expect(inviteDeleteSpy).toHaveBeenCalledTimes(0); - //expect(inviteDeleteSpy).toHaveBeenCalledWith(TOKEN); + expect(bucketReadSpy).toHaveBeenCalledTimes(1); + expect(inviteDeleteSpy).toHaveBeenCalledTimes(1); + expect(inviteDeleteSpy).toHaveBeenCalledWith(TOKEN); expect(inviteReadSpy).toHaveBeenCalledTimes(1); expect(inviteReadSpy).toHaveBeenCalledWith(TOKEN); - expect(objectAddPermissionsSpy).toHaveBeenCalledTimes(0); - expect(objectReadSpy).toHaveBeenCalledTimes(0); - expect(next).toHaveBeenCalledTimes(1); - //expect(res.json).toHaveBeenCalledWith({ resource: RESOURCE, type: ResourceType.BUCKET }); - //expect(res.status).toHaveBeenCalledWith(200); + expect(bucketAddPermissionsSpy).toHaveBeenCalledTimes(0); + expect(bucketReadSpy).toHaveBeenCalledTimes(1); + expect(next).toHaveBeenCalledTimes(0); + expect(res.json).toHaveBeenCalledWith({ resource: RESOURCE, type: ResourceType.BUCKET }); + expect(res.status).toHaveBeenCalledWith(200); }); it('should 500 for unexpected errors', async () => { @@ -558,7 +545,7 @@ describe('useInvite', () => { await controller.useInvite(req, res, next); expect(bucketAddPermissionsSpy).toHaveBeenCalledTimes(0); - //expect(bucketReadSpy).toHaveBeenCalledTimes(0); + expect(bucketReadSpy).toHaveBeenCalledTimes(0); expect(inviteDeleteSpy).toHaveBeenCalledTimes(0); expect(inviteReadSpy).toHaveBeenCalledTimes(1); expect(inviteReadSpy).toHaveBeenCalledWith(TOKEN);