authzed-node/src/full.test.ts at e19af1f876c5204b8e22f7a8a81f18cb157f6a6a · authzed/authzed-node · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import { generateTestToken } from "./__utils__/helpers";
import { ClientSecurity } from "./util";
import * as v1 from "./v1";
import { Consistency } from "./v1";

describe("a check following a write of schema and relationships", () => {
  it("should succeed", (done) => {
    // Write the schema.
    const token = generateTestToken("full-test");
    const v1client = v1.NewClient(
      token,
      "localhost:50051",
      ClientSecurity.INSECURE_LOCALHOST_ALLOWED,
    );

    const writeSchemaRequest = v1.WriteSchemaRequest.create({
      schema: `
  definition test/user {}

  definition test/resource {
      relation viewer: test/user
      permission view = viewer
  }
  `,
    });

    v1client.writeSchema(writeSchemaRequest, (err) => {
      expect(err).toBe(null);

      // Create the relationship between the resource and the user.
      const resource = v1.ObjectReference.create({
        objectType: "test/resource",
        objectId: "someresource",
      });

      // Create the user reference.
      const userref = v1.ObjectReference.create({
        objectType: "test/user",
        objectId: "someuser",
      });

      const user = v1.SubjectReference.create({
        object: userref,
      });

      const relationship = v1.Relationship.create({
        resource,
        relation: "viewer",
        subject: user,
      });

      const update = v1.RelationshipUpdate.create({
        operation: v1.RelationshipUpdate_Operation.CREATE,
        relationship: relationship,
      });

      // Write the relationship.
      const writeRequest = v1.WriteRelationshipsRequest.create({
        updates: [update],
      });

      v1client.writeRelationships(writeRequest, (err, response) => {
        expect(err).toBe(null);
        expect(response).toBeTruthy();

        const checkPermissionRequest = v1.CheckPermissionRequest.create({
          resource,
          permission: "view",
          subject: user,
          consistency: Consistency.create({
            requirement: {
              oneofKind: "fullyConsistent",
              fullyConsistent: true,
            },
          }),
        });

        v1client.checkPermission(checkPermissionRequest, (err, response) => {
          expect(err).toBe(null);
          expect(response?.permissionship).toBe(
            v1.CheckPermissionResponse_Permissionship.HAS_PERMISSION,
          );
          done();
        });
      });
    });
  });
});