Propagate changes from updateACL

sci-log-db/src/__tests__/acceptance/basesnippet.controller.acceptance.ts

@@ -423,6 +423,15 @@ describe('Basesnippet', function (this: Suite) {
       .expect(204);
   });
 
+  it('patch snippet by id with ownergroup and token should return 404', async () => {
+    await client
+      .patch(`/basesnippets/${baseSnippetId}`)
+      .set('Authorization', 'Bearer ' + token)
+      .set('Content-Type', 'application/json')
+      .send({createACL: ['aNonAllowedACL']})
+      .expect(404);
+  });
+
   it('post a basesnippet with authentication and parentId from existing snippet should return 200 and have ownergroup with priority on parent ACLS', async () => {
     await client
       .post('/basesnippets')
@@ -673,19 +682,35 @@ describe('Basesnippet', function (this: Suite) {
         ownerGroup: 'basesnippetAcceptance',
         accessGroups: ['someNew'],
       },
+      expected: 204,
+    },
+    {
+      input: {deleteACL: ['basesnippetAcceptance', 'someNew']},
       expected: 404,
     },
+    {
+      input: {
+        deleteACL: ['basesnippetAcceptance', 'someNew'],
+        token: 'adminToken',
+      },
+      expected: 204,
+    },
+    {
+      input: {readACL: ['basesnippetAcceptance', 'someNew']},
+      expected: 204,
+    },
     {
       input: {
         accessGroups: ['someNew'],
       },
       expected: 403,
     },
   ].forEach((t, i) => {
-    it(`patch snippet by id changing ownerGroup should return error ${i}`, async () => {
+    it(`patch snippet by id changing ownerGroup should return ${i}`, async () => {
+      const blockToken = t.input.token === 'adminToken' ? adminToken : token;
       await client
         .patch(`/basesnippets/${baseSnippetId}`)
-        .set('Authorization', 'Bearer ' + token)
+        .set('Authorization', 'Bearer ' + blockToken)
         .set('Content-Type', 'application/json')
         .send({
           tags: ['aSearchExcludedTag'],
@@ -707,4 +732,24 @@ describe('Basesnippet', function (this: Suite) {
         });
     });
   });
+
+  it(`patch snippet by id with non-authorised user should return 404`, async () => {
+    const bs = await client
+      .post('/basesnippets')
+      .set('Authorization', 'Bearer ' + token)
+      .set('Content-Type', 'application/json')
+      .send({
+        ..._.omit(baseSnippet, 'updateACL'),
+        updateACL: ['nonAuthorised'],
+      });
+    await client
+      .patch(`/basesnippets/${bs.body.id}`)
+      .set('Authorization', 'Bearer ' + token)
+      .set('Content-Type', 'application/json')
+      .send({name: 'something'})
+      .expect(404)
+      .catch(err => {
+        throw err;
+      });
+  });
 });

sci-log-db/src/__tests__/acceptance/file.controller.acceptance.ts

@@ -367,7 +367,7 @@ describe('File controller services', function (this: Suite) {
       .post('/filesnippet/files')
       .set('Authorization', 'Bearer ' + token)
       .type('form')
-      .field('fields', '{"readACL": ["any-authenticated-user"]}')
+      .field('fields', '{"updateACL": ["any-authenticated-user"]}')
       .attach('file', __filename)
       .then()
       .catch(err => {
@@ -379,8 +379,8 @@ describe('File controller services', function (this: Suite) {
       .set('Authorization', 'Bearer ' + token)
       .field('fields', '{"description": "something"}')
       .attach('file', __filename)
-      .expect(204)
-      .then()
+      .expect(404)
+      .then(result => result)
       .catch(err => {
         throw err;
       });

sci-log-db/src/__tests__/acceptance/logbook.controller.acceptance.ts

@@ -15,6 +15,7 @@ describe('Logbook', function (this: Suite) {
   let app: SciLogDbApplication;
   let client: Client;
   let token: string;
+  let adminToken: string;
   let logbookSnippetId: string;
   const logbookSnippet = {
     ownerGroup: 'logbookAcceptance',
@@ -31,7 +32,7 @@ describe('Logbook', function (this: Suite) {
   before('setupApplication', async () => {
     ({app, client} = await setupApplication());
     await clearDatabase(app);
-    await createAdminToken(app, client);
+    adminToken = await createAdminToken(app, client);
     token = await createUserToken(app, client, ['logbookAcceptance']);
   });
 
@@ -241,6 +242,146 @@ describe('Logbook', function (this: Suite) {
       });
   });
 
+  [
+    {
+      input: {
+        readACL: ['logbookAcceptance', 'toPropagate'],
+      },
+      output: [
+        ['logbookAcceptance', 'toPropagate'],
+        ['logbookAcceptance', 'toPropagate'],
+      ],
+    },
+    {
+      input: {
+        ownerGroup: 'logbookAcceptance',
+        accessGroups: ['accessGroupPropagated'],
+      },
+      output: [
+        ['logbookAcceptance', 'accessGroupPropagated'],
+        ['logbookAcceptance', 'accessGroupPropagated', 'toPropagate'],
+      ],
+    },
+  ].forEach(t =>
+    it(`patch logbook with children and grand children by id should modify all with ${t.output[1]}`, async () => {
+      const child = await client
+        .post(`/paragraphs`)
+        .set('Authorization', 'Bearer ' + token)
+        .set('Content-Type', 'application/json')
+        .send({
+          ..._.omit(logbookSnippet, 'location'),
+          parentId: logbookSnippetId,
+        });
+
+      const grandChild = await client
+        .post(`/paragraphs`)
+        .set('Authorization', 'Bearer ' + token)
+        .set('Content-Type', 'application/json')
+        .send({
+          ..._.omit(logbookSnippet, 'location'),
+          parentId: child.body.id,
+        });
+
+      await client
+        .patch(`/logbooks/${logbookSnippetId}`)
+        .set('Authorization', 'Bearer ' + token)
+        .set('Content-Type', 'application/json')
+        .send(t.input)
+        .expect(204);
+
+      const filter = {
+        where: {
+          id: {inq: [logbookSnippetId, child.body.id, grandChild.body.id]},
+        },
+      };
+      await client
+        .get(`/basesnippets?filter=${JSON.stringify(filter)}`)
+        .set('Authorization', 'Bearer ' + token)
+        .set('Content-Type', 'application/json')
+        .then(result =>
+          result.body.map((r: {readACL: string[]}, i: number) => {
+            if (i === 0) expect(r.readACL).to.be.eql(t.output[0]);
+            else expect(r.readACL).to.be.eql(t.output[1]);
+          }),
+        );
+    }),
+  );
+
+  [
+    {
+      input: {
+        ownerGroup: 'logbookAcceptance',
+        accessGroups: ['someNew'],
+      },
+      expected: 204,
+    },
+    {
+      input: {
+        ownerGroup: 'notAllowedForNonAdmin',
+        accessGroups: ['someNew'],
+      },
+      expected: 404,
+    },
+    {
+      input: {readACL: ['logbookAcceptance', 'someNew1']},
+      expected: 204,
+    },
+    {
+      input: {
+        ownerGroup: 'notAllowedForNonAdmin',
+        accessGroups: ['someNew', 'logbookAcceptance'],
+        token: 'adminToken',
+      },
+      expected: 204,
+    },
+    {
+      input: {
+        ownerGroup: 'logbookAcceptance',
+        accessGroups: ['someNew', 'logbookAcceptance'],
+        token: 'adminToken',
+      },
+      expected: 204,
+    },
+    {
+      input: {
+        deleteACL: ['notAllowedForNonAdmin', 'someNew'],
+        token: 'adminToken',
+      },
+      expected: 204,
+    },
+    {
+      input: {deleteACL: ['someOtherNotAllowedForNonAdmin', 'someNew']},
+      expected: 404,
+    },
+    {
+      input: {
+        accessGroups: ['someNew'],
+      },
+      expected: 403,
+    },
+  ].forEach((t, i) => {
+    it(`patch logbook by id changing ownerGroup should return ${i}`, async () => {
+      const blockToken = t.input.token === 'adminToken' ? adminToken : token;
+      await client
+        .patch(`/logbooks/${logbookSnippetId}`)
+        .set('Authorization', 'Bearer ' + blockToken)
+        .set('Content-Type', 'application/json')
+        .send({
+          ...t.input,
+        })
+        .expect(t.expected)
+        .then(result => {
+          if (t.expected === 403)
+            expect(result.body.error.message).to.be.eql(
+              'Cannot modify data snippet. Please provide both ownerGroup and accessGroup',
+            );
+        })
+        .catch(err => {
+          throw err;
+        });
+    });
+  });
+
   it('delete snippet by id without token should return 401', async () => {
     await client
       .delete(`/logbooks/${logbookSnippetId}`)

sci-log-db/src/__tests__/unit/utils.misc.unit.ts

@@ -7,7 +7,7 @@ import {
   getModelSchemaRef,
   validateFieldsVSModel,
   defaultSequentially,
-  addReadACLFromOwnerAccessGroups,
+  concatOwnerAccessGroups,
 } from '../../utils/misc';
 
 describe('Utils unit tests', function (this: Suite) {
@@ -98,7 +98,7 @@ describe('Utils unit tests', function (this: Suite) {
         ownerGroup: 'a',
         accessGroups: ['b'],
       },
-      expected: {readACL: ['a', 'b']},
+      expected: {ownerGroup: 'a', accessGroups: ['a', 'b']},
     },
     {
       input: {},
@@ -110,7 +110,7 @@ describe('Utils unit tests', function (this: Suite) {
     },
     {
       input: {readACL: ['a'], ownerGroup: 'b'},
-      expected: {readACL: ['a']},
+      expected: {readACL: ['a'], ownerGroup: 'b'},
     },
     {
       input: {ownerGroup: 'b'},
@@ -121,15 +121,15 @@ describe('Utils unit tests', function (this: Suite) {
       expected: 'error',
     },
   ].forEach((t, i) => {
-    it(`Should test addReadACLFromOwnerAccessGroups ${i}`, () => {
+    it(`Should test concatOwnerAccessGroups ${i}`, () => {
       if (t.expected === 'error')
         try {
-          addReadACLFromOwnerAccessGroups(t.input);
+          concatOwnerAccessGroups(t.input);
         } catch (err) {
           expect(err.name).to.be.eql('ForbiddenError');
         }
       else {
-        addReadACLFromOwnerAccessGroups(t.input);
+        concatOwnerAccessGroups(t.input);
         expect(t.input).to.be.eql(t.expected);
       }
     });