CLP objectId size validation fix (#6332)

* Relax regex for customId ; allow varying id length * test * remove trycatch, fix typo * de-duplicate test names; test pointer targetclass * fixed early return; detailed errors for protected
2020-01-14 12:01:14 +03:00
parent 9842c6ee42
commit 2d257e20a0
4 changed files with 225 additions and 88 deletions
--- a/spec/schemas.spec.js
+++ b/spec/schemas.spec.js
@@ -1835,8 +1835,14 @@ describe('schemas', () => {
    });
  });

-  it('should throw with invalid userId (>10 chars)', done => {
-    request({
+  it('should aceept class-level permission with userid of any length', async done => {
+    await global.reconfigureServer({
+      customIdSize: 11,
+    });
+
+    const id = 'e1evenChars';
+
+    const { data } = await request({
      method: 'POST',
      url: 'http://localhost:8378/1/schemas/AClass',
      headers: masterKeyHeaders,
@@ -1844,20 +1850,25 @@ describe('schemas', () => {
      body: {
        classLevelPermissions: {
          find: {
-            '1234567890A': true,
+            [id]: true,
          },
        },
      },
-    }).then(fail, response => {
-      expect(response.data.error).toEqual(
-        "'1234567890A' is not a valid key for class level permissions"
-      );
-      done();
    });
+
+    expect(data.classLevelPermissions.find[id]).toBe(true);
+
+    done();
  });

-  it('should throw with invalid userId (<10 chars)', done => {
-    request({
+  it('should allow set class-level permission for custom userid of any length and chars', async done => {
+    await global.reconfigureServer({
+      allowCustomObjectId: true,
+    });
+
+    const symbolsId = 'set:ID+symbol$=@llowed';
+    const shortId = '1';
+    const { data } = await request({
      method: 'POST',
      url: 'http://localhost:8378/1/schemas/AClass',
      headers: masterKeyHeaders,
@@ -1865,16 +1876,53 @@ describe('schemas', () => {
      body: {
        classLevelPermissions: {
          find: {
-            a12345678: true,
+            [symbolsId]: true,
+            [shortId]: true,
          },
        },
      },
-    }).then(fail, response => {
-      expect(response.data.error).toEqual(
-        "'a12345678' is not a valid key for class level permissions"
-      );
-      done();
    });
+
+    expect(data.classLevelPermissions.find[symbolsId]).toBe(true);
+    expect(data.classLevelPermissions.find[shortId]).toBe(true);
+
+    done();
+  });
+
+  it('should allow set ACL for custom userid', async done => {
+    await global.reconfigureServer({
+      allowCustomObjectId: true,
+    });
+
+    const symbolsId = 'symbols:id@allowed=';
+    const shortId = '1';
+    const normalId = 'tensymbols';
+
+    const { data } = await request({
+      method: 'POST',
+      url: 'http://localhost:8378/1/classes/AClass',
+      headers: masterKeyHeaders,
+      json: true,
+      body: {
+        ACL: {
+          [symbolsId]: { read: true, write: true },
+          [shortId]: { read: true, write: true },
+          [normalId]: { read: true, write: true },
+        },
+      },
+    });
+
+    const { data: created } = await request({
+      method: 'GET',
+      url: `http://localhost:8378/1/classes/AClass/${data.objectId}`,
+      headers: masterKeyHeaders,
+      json: true,
+    });
+
+    expect(created.ACL[normalId].write).toBe(true);
+    expect(created.ACL[symbolsId].write).toBe(true);
+    expect(created.ACL[shortId].write).toBe(true);
+    done();
  });

  it('should throw with invalid userId (invalid char)', done => {