yetangitu/epub.js
1
0
Fork 0
mirror of https://github.com/futurepress/epub.js.git synced 2025-10-03 14:59:18 +02:00
Code Issues Releases Wiki Activity
epub.js/libs/annotator/lib/spec/plugin/permissions_spec.js

456 lines
16 KiB
JavaScript
Raw Blame History

// Generated by CoffeeScript 1.6.3
var __slice = [].slice,
__indexOf = [].indexOf || function(item) { for (var i = 0, l = this.length; i < l; i++) { if (i in this && this[i] === item) return i; } return -1; };
describe('Annotator.Plugin.Permissions', function() {
var el, permissions;
el = null;
permissions = null;
beforeEach(function() {
el = $("<div class='annotator-viewer'></div>").appendTo('body')[0];
return permissions = new Annotator.Plugin.Permissions(el);
});
afterEach(function() {
return $(el).remove();
});
it("it should add the current user object to newly created annotations on beforeAnnotationCreated", function() {
var ann;
ann = {};
$(el).trigger('beforeAnnotationCreated', [ann]);
assert.isUndefined(ann.user);
ann = {};
permissions.setUser('alice');
$(el).trigger('beforeAnnotationCreated', [ann]);
assert.equal(ann.user, 'alice');
ann = {};
permissions.setUser({
id: 'alice'
});
permissions.options.userId = function(user) {
return user.id;
};
$(el).trigger('beforeAnnotationCreated', [ann]);
return assert.deepEqual(ann.user, {
id: 'alice'
});
});
it("it should add permissions to newly created annotations on beforeAnnotationCreated", function() {
var ann;
ann = {};
$(el).trigger('beforeAnnotationCreated', [ann]);
assert.ok(ann.permissions);
ann = {};
permissions.options.permissions = {};
$(el).trigger('beforeAnnotationCreated', [ann]);
return assert.deepEqual(ann.permissions, {});
});
describe('pluginInit', function() {
beforeEach(function() {
return permissions.annotator = {
viewer: {
addField: sinon.spy()
},
editor: {
addField: sinon.spy()
},
plugins: {}
};
});
it("should register a field with the Viewer", function() {
permissions.pluginInit();
return assert(permissions.annotator.viewer.addField.calledOnce);
});
it("should register an two checkbox fields with the Editor", function() {
permissions.pluginInit();
return assert.equal(permissions.annotator.editor.addField.callCount, 2);
});
it("should register an 'anyone can view' field with the Editor if showEditPermissionsCheckbox is true", function() {
permissions.options.showViewPermissionsCheckbox = true;
permissions.options.showEditPermissionsCheckbox = false;
permissions.pluginInit();
return assert.equal(permissions.annotator.editor.addField.callCount, 1);
});
it("should register an 'anyone can edit' field with the Editor if showViewPermissionsCheckbox is true", function() {
permissions.options.showViewPermissionsCheckbox = false;
permissions.options.showEditPermissionsCheckbox = true;
permissions.pluginInit();
return assert.equal(permissions.annotator.editor.addField.callCount, 1);
});
return it("should register a filter if the Filter plugin is loaded", function() {
permissions.annotator.plugins.Filter = {
addFilter: sinon.spy()
};
permissions.pluginInit();
return assert(permissions.annotator.plugins.Filter.addFilter.calledOnce);
});
});
describe('authorize', function() {
var annotations;
annotations = null;
describe('Basic usage', function() {
beforeEach(function() {
return annotations = [
{}, {
user: 'alice'
}, {
permissions: {}
}, {
permissions: {
'update': []
}
}
];
});
it('should allow any action for an annotation with no authorisation info', function() {
var a;
a = annotations[0];
assert.isTrue(permissions.authorize(null, a));
assert.isTrue(permissions.authorize('foo', a));
permissions.setUser('alice');
assert.isTrue(permissions.authorize(null, a));
return assert.isTrue(permissions.authorize('foo', a));
});
it('should NOT allow any action if annotation.user and no @user is set', function() {
var a;
a = annotations[1];
assert.isFalse(permissions.authorize(null, a));
return assert.isFalse(permissions.authorize('foo', a));
});
it('should allow any action if @options.userId(@user) == annotation.user', function() {
var a;
a = annotations[1];
permissions.setUser('alice');
assert.isTrue(permissions.authorize(null, a));
return assert.isTrue(permissions.authorize('foo', a));
});
it('should NOT allow any action if @options.userId(@user) != annotation.user', function() {
var a;
a = annotations[1];
permissions.setUser('bob');
assert.isFalse(permissions.authorize(null, a));
return assert.isFalse(permissions.authorize('foo', a));
});
it('should allow any action if annotation.permissions == {}', function() {
var a;
a = annotations[2];
assert.isTrue(permissions.authorize(null, a));
assert.isTrue(permissions.authorize('foo', a));
permissions.setUser('alice');
assert.isTrue(permissions.authorize(null, a));
return assert.isTrue(permissions.authorize('foo', a));
});
return it('should allow an action if annotation.permissions[action] == []', function() {
var a;
a = annotations[3];
assert.isTrue(permissions.authorize('update', a));
permissions.setUser('bob');
return assert.isTrue(permissions.authorize('update', a));
});
});
return describe('Custom options.userAuthorize() callback', function() {
beforeEach(function() {
permissions.setUser(null);
permissions.options.userAuthorize = function(action, annotation, user) {
var token, tokenTest, tokens, userGroups, _i, _len;
userGroups = function(user) {
return (user != null ? user.groups : void 0) || ['public'];
};
tokenTest = function(token, user) {
var groups, key, value, values, _ref;
if (/^(?:group|user):/.test(token)) {
_ref = token.split(':'), key = _ref[0], values = 2 <= _ref.length ? __slice.call(_ref, 1) : [];
value = values.join(':');
if (key === 'group') {
groups = userGroups(user);
return __indexOf.call(groups, value) >= 0;
} else if (user && key === 'user') {
return value === user.id;
}
}
};
if (annotation.permissions) {
tokens = annotation.permissions[action] || [];
for (_i = 0, _len = tokens.length; _i < _len; _i++) {
token = tokens[_i];
if (tokenTest(token, user)) {
return true;
}
}
}
return false;
};
return annotations = [
{
permissions: {
'update': ['group:public']
}
}, {
permissions: {
'update': ['user:alice']
}
}, {
permissions: {
'update': ['user:alice', 'user:bob']
}
}, {
permissions: {
'update': ['user:alice', 'user:bob', 'group:admin']
}
}
];
});
afterEach(function() {
return delete permissions.options.userAuthorize;
});
it('should (by default) allow an action if annotation.permissions[action] includes "group:public"', function() {
var a;
a = annotations[0];
assert.isTrue(permissions.authorize('update', a));
permissions.setUser({
id: 'bob'
});
return assert.isTrue(permissions.authorize('update', a));
});
it('should (by default) allow an action if annotation.permissions[action] includes "user:@user"', function() {
var a;
a = annotations[1];
assert.isFalse(permissions.authorize('update', a));
permissions.setUser({
id: 'bob'
});
assert.isFalse(permissions.authorize('update', a));
permissions.setUser({
id: 'alice'
});
assert.isTrue(permissions.authorize('update', a));
a = annotations[2];
permissions.setUser(null);
assert.isFalse(permissions.authorize('update', a));
permissions.setUser({
id: 'bob'
});
assert.isTrue(permissions.authorize('update', a));
permissions.setUser({
id: 'alice'
});
return assert.isTrue(permissions.authorize('update', a));
});
it('should allow an action if annotation.permissions[action] includes "user:@options.userId(@user)"', function() {
var a;
a = annotations[1];
permissions.options.userId = function(user) {
return (user != null ? user.id : void 0) || null;
};
assert.isFalse(permissions.authorize('update', a));
permissions.setUser({
id: 'alice'
});
return assert.isTrue(permissions.authorize('update', a));
});
return it('should allow an action if annotation.permissions[action] includes "user:@options.userId(@user)"', function() {
var a;
a = annotations[3];
assert.isFalse(permissions.authorize('update', a));
permissions.setUser({
id: 'foo',
groups: ['other']
});
assert.isFalse(permissions.authorize('update', a));
permissions.setUser({
id: 'charlie',
groups: ['admin']
});
return assert.isTrue(permissions.authorize('update', a));
});
});
});
describe('updateAnnotationPermissions', function() {
var annotation, checkbox, field;
field = null;
checkbox = null;
annotation = null;
beforeEach(function() {
checkbox = $('<input type="checkbox" />');
field = $('<li />').append(checkbox)[0];
return annotation = {
permissions: {
'update': ['Alice']
}
};
});
it("should NOT be world editable when 'Anyone can edit' checkbox is unchecked", function() {
checkbox.removeAttr('checked');
permissions.updateAnnotationPermissions('update', field, annotation);
return assert.isFalse(permissions.authorize('update', annotation, null));
});
it("should be world editable when 'Anyone can edit' checkbox is checked", function() {
checkbox.attr('checked', 'checked');
permissions.updateAnnotationPermissions('update', field, annotation);
return assert.isTrue(permissions.authorize('update', annotation, null));
});
return it("should NOT be world editable when 'Anyone can edit' checkbox is unchecked for a second time", function() {
checkbox.attr('checked', 'checked');
permissions.updateAnnotationPermissions('update', field, annotation);
assert.isTrue(permissions.authorize('update', annotation, null));
checkbox.removeAttr('checked');
permissions.updateAnnotationPermissions('update', field, annotation);
return assert.isFalse(permissions.authorize('update', annotation, null));
});
});
describe('updatePermissionsField', function() {
var annotations, checkbox, field;
field = null;
checkbox = null;
annotations = [
{}, {
permissions: {
'update': ['user:Alice']
}
}, {
permissions: {
'update': ['user:Alice']
}
}, {
permissions: {
'update': ['Alice'],
'admin': ['Alice']
}
}, {
permissions: {
'update': ['Alice'],
'admin': ['Bob']
}
}
];
beforeEach(function() {
checkbox = $('<input type="checkbox" />');
field = $('<li />').append(checkbox).appendTo(permissions.element);
permissions.setUser('Alice');
return permissions.updatePermissionsField('update', field, annotations.shift());
});
afterEach(function() {
return field.remove();
});
it("should have a checked checkbox when there are no permissions", function() {
return assert.isTrue(checkbox.is(':checked'));
});
it("should have an unchecked checkbox when there are permissions", function() {
return assert.isFalse(checkbox.is(':checked'));
});
it("should enable the checkbox by default", function() {
return assert.isTrue(checkbox.is(':enabled'));
});
it("should display the field if the current user has 'admin' permissions", function() {
return assert.isTrue(field.is(':visible'));
});
return it("should NOT display the field if the current user does not have 'admin' permissions", function() {
return assert.isFalse(field.is(':visible'));
});
});
return describe('updateViewer', function() {
var controls, field;
controls = null;
field = null;
beforeEach(function() {
field = $('<div />').appendTo('<div />')[0];
return controls = {
showEdit: sinon.spy(),
hideEdit: sinon.spy(),
showDelete: sinon.spy(),
hideDelete: sinon.spy()
};
});
describe('coarse grained updates based on user', function() {
var annotations;
annotations = null;
beforeEach(function() {
permissions.setUser('alice');
return annotations = [
{
user: 'alice'
}, {
user: 'bob'
}, {}
];
});
it("it should display annotations' users in the viewer element", function() {
permissions.updateViewer(field, annotations[0], controls);
assert.equal($(field).html(), 'alice');
return assert.lengthOf($(field).parent(), 1);
});
it("it should remove the field if annotation has no user", function() {
permissions.updateViewer(field, {}, controls);
return assert.lengthOf($(field).parent(), 0);
});
it("it should remove the field if annotation has no user string", function() {
permissions.options.userString = function() {
return null;
};
permissions.updateViewer(field, annotations[1], controls);
return assert.lengthOf($(field).parent(), 0);
});
it("it should remove the field if annotation has empty user string", function() {
permissions.options.userString = function() {
return '';
};
permissions.updateViewer(field, annotations[1], controls);
return assert.lengthOf($(field).parent(), 0);
});
it("should hide controls for users other than the current user", function() {
permissions.updateViewer(field, annotations[0], controls);
assert.isFalse(controls.hideEdit.called);
assert.isFalse(controls.hideDelete.called);
permissions.updateViewer(field, annotations[1], controls);
assert(controls.hideEdit.calledOnce);
return assert(controls.hideDelete.calledOnce);
});
return it("should show controls for annotations without a user", function() {
permissions.updateViewer(field, annotations[2], controls);
assert.isFalse(controls.hideEdit.called);
return assert.isFalse(controls.hideDelete.called);
});
});
return describe('fine-grained use (user and permissions)', function() {
var annotations;
annotations = null;
beforeEach(function() {
annotations = [
{
user: 'alice',
permissions: {
'update': ['alice'],
'delete': ['alice']
}
}, {
user: 'bob',
permissions: {
'update': ['bob'],
'delete': ['bob']
}
}
];
return permissions.setUser('bob');
});
it("it should should hide edit button if user cannot update", function() {
permissions.updateViewer(field, annotations[0], controls);
return assert(controls.hideEdit.calledOnce);
});
it("it should should show edit button if user can update", function() {
permissions.updateViewer(field, annotations[1], controls);
return assert.isFalse(controls.hideEdit.called);
});
it("it should should hide delete button if user cannot delete", function() {
permissions.updateViewer(field, annotations[0], controls);
return assert(controls.hideDelete.calledOnce);
});
return it("it should should show delete button if user can delete", function() {
permissions.updateViewer(field, annotations[1], controls);
return assert.isFalse(controls.hideDelete.called);
});
});
});
});
/*
//@ sourceMappingURL=permissions_spec.map
*/
Reference in a new issue View git blame Copy permalink