IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Spec a new behaviour of softDisable

Browse Source 
If we have nested content, the content should be obfuscated instead of
being filtered.

cc @datenbrei
This commit is contained in:
Robert Schäfer 2019-03-13 20:57:50 +01:00
parent 7d82b27aaa
commit d71cb16a01
2 changed files with 192 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

297
src/middleware/softDeleteMiddleware.spec.js
View File

@ -7,41 +7,103 @@ let client
let query
let action
beforeEach(async () => {
beforeAll(async () => {
// For performance reasons we do this only once
await Promise.all([
factory.create('User', { id: 'u1', role: 'user', email: 'user@example.org', password: '1234' }),
factory.create('User', { id: 'm1', role: 'moderator', email: 'moderator@example.org', password: '1234' })
factory.create('User', { id: 'm1', role: 'moderator', email: 'moderator@example.org', password: '1234' }),
factory.create('User', { id: 'u2', role: 'user', avatar: '/some/offensive/avatar.jpg', about: 'This self description is very offensive', email: 'troll@example.org', password: '1234' })
])
await factory.authenticateAs({ email: 'user@example.org', password: '1234' })
await Promise.all([
await factory.create('Post', { id: 'p1', title: 'Deleted post', deleted: true }),
await factory.create('Post', { id: 'p2', title: 'Disabled post', deleted: false }),
await factory.create('Post', { id: 'p3', title: 'Publicly visible post', deleted: false })
factory.follow({ id: 'u2', type: 'User' }),
factory.create('Post', { id: 'p1', title: 'Deleted post', deleted: true }),
factory.create('Post', { id: 'p3', title: 'Publicly visible post', deleted: false })
])
const moderatorFactory = Factory()
await moderatorFactory.authenticateAs({ email: 'moderator@example.org', password: '1234' })
const disableMutation = `
mutation {
disable(
id: "p2"
)
}
`
await moderatorFactory.mutate(disableMutation)
await Promise.all([
factory.create('Comment', { id: 'c2', content: 'Enabled comment on public post' })
])
await Promise.all([
factory.relate('Comment', 'Author', { from: 'u1', to: 'c2' }),
factory.relate('Comment', 'Post', { from: 'c2', to: 'p3' })
])
const asTroll = Factory()
await asTroll.authenticateAs({ email: 'troll@example.org', password: '1234' })
await asTroll.create('Post', { id: 'p2', title: 'Disabled post', content: 'This is an offensive post content', image: '/some/offensive/image.jpg', deleted: false })
await asTroll.create('Comment', { id: 'c1', content: 'Disabled comment' })
await Promise.all([
asTroll.relate('Comment', 'Author', { from: 'u2', to: 'c1' }),
asTroll.relate('Comment', 'Post', { from: 'c1', to: 'p3' })
])
const asModerator = Factory()
await asModerator.authenticateAs({ email: 'moderator@example.org', password: '1234' })
await asModerator.mutate('mutation { disable( id: "p2") }')
await asModerator.mutate('mutation { disable( id: "c1") }')
await asModerator.mutate('mutation { disable( id: "u2") }')
})
afterEach(async () => {
afterAll(async () => {
await factory.cleanDatabase()
})
describe('softDeleteMiddleware', () => {
describe('Post', () => {
describe('read disabled content', () => {
let user
let post
let comment
const beforeComment = async () => {
query = '{ User(id: "u1") { following { comments { content contentExcerpt } } } }'
const response = await action()
comment = response.User[0].following[0].comments[0]
}
const beforeUser = async () => {
query = '{ User(id: "u1") { following { about avatar } } }'
const response = await action()
user = response.User[0].following[0]
}
const beforePost = async () => {
query = '{ User(id: "u1") { following { contributions { title image content contentExcerpt } } } }'
const response = await action()
post = response.User[0].following[0].contributions[0]
}
action = () => {
return client.request(query)
}
beforeEach(() => {
query = '{ Post { title } }'
describe('as moderator', () => {
beforeEach(async () => {
const headers = await login({ email: 'moderator@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
describe('User', () => {
beforeEach(beforeUser)
it('displays about', () => expect(user.about).toEqual('This self description is very offensive'))
it('displays avatar', () => expect(user.avatar).toEqual('/some/offensive/avatar.jpg'))
})
describe('Post', () => {
beforeEach(beforePost)
it('displays title', () => expect(post.title).toEqual('Disabled post'))
it('displays content', () => expect(post.content).toEqual('This is an offensive post content'))
it('displays contentExcerpt', () => expect(post.contentExcerpt).toEqual('This is an offensive post content'))
it('displays image', () => expect(post.image).toEqual('/some/offensive/image.jpg'))
})
describe('Comment', () => {
beforeEach(beforeComment)
it('displays content', () => expect(comment.content).toEqual('Disabled comment'))
it('displays contentExcerpt', () => expect(comment.contentExcerpt).toEqual('Disabled comment'))
})
})
describe('as user', () => {
@ -50,45 +112,35 @@ describe('softDeleteMiddleware', () => {
client = new GraphQLClient(host, { headers })
})
it('hides deleted or disabled posts', async () => {
const expected = { Post: [{ title: 'Publicly visible post' }] }
await expect(action()).resolves.toEqual(expected)
describe('User', () => {
beforeEach(beforeUser)
it('obfuscates about', () => expect(user.about).toEqual('DELETED'))
it('obfuscates avatar', () => expect(user.avatar).toEqual('DELETED'))
})
describe('Post', () => {
beforeEach(beforePost)
it('obfuscates title', () => expect(post.title).toEqual('DELETED'))
it('obfuscates content', () => expect(post.content).toEqual('DELETED'))
it('obfuscates contentExcerpt', () => expect(post.contentExcerpt).toEqual('DELETED'))
it('obfuscates image', () => expect(post.image).toEqual('DELETED'))
})
describe('Comment', () => {
beforeEach(beforeComment)
it('obfuscates content', () => expect(comment.content).toEqual('DELETED'))
it('obfuscates contentExcerpt', () => expect(comment.contentExcerpt).toEqual('DELETED'))
})
})
})
describe('as moderator', () => {
describe('Query', () => {
describe('Post', () => {
beforeEach(async () => {
const headers = await login({ email: 'moderator@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('shows disabled but hides deleted posts', async () => {
const expected = [
{ title: 'Disabled post' },
{ title: 'Publicly visible post' }
]
const { Post } = await action()
await expect(Post).toEqual(expect.arrayContaining(expected))
})
})
describe('.comments', () => {
beforeEach(async () => {
query = '{ Post(id: "p3") { title comments { content } } }'
const asModerator = Factory()
await asModerator.authenticateAs({ email: 'moderator@example.org', password: '1234' })
await Promise.all([
asModerator.create('Comment', { id: 'c1', content: 'Disabled comment' }),
asModerator.create('Comment', { id: 'c2', content: 'Enabled comment on public post' })
])
await Promise.all([
asModerator.relate('Comment', 'Author', { from: 'u1', to: 'c1' }),
asModerator.relate('Comment', 'Post', { from: 'c1', to: 'p3' }),
asModerator.relate('Comment', 'Author', { from: 'u1', to: 'c2' }),
asModerator.relate('Comment', 'Post', { from: 'c2', to: 'p3' })
])
await asModerator.mutate('mutation { disable( id: "c1") }')
query = '{ Post { title } }'
})
describe('as user', () => {
@ -97,14 +149,8 @@ describe('softDeleteMiddleware', () => {
client = new GraphQLClient(host, { headers })
})
it('hides disabled comments', async () => {
const expected = { Post: [ {
title: 'Publicly visible post',
comments: [
{ content: 'Enabled comment on public post' }
]
}
] }
it('hides deleted or disabled posts', async () => {
const expected = { Post: [{ title: 'Publicly visible post' }] }
await expect(action()).resolves.toEqual(expected)
})
})
@ -115,72 +161,109 @@ describe('softDeleteMiddleware', () => {
client = new GraphQLClient(host, { headers })
})
it('shows disabled comments', async () => {
it('shows disabled but hides deleted posts', async () => {
const expected = [
{ content: 'Enabled comment on public post' },
{ content: 'Disabled comment' }
{ title: 'Disabled post' },
{ title: 'Publicly visible post' }
]
const { Post: [{ comments }] } = await action()
await expect(comments).toEqual(expect.arrayContaining(expected))
const { Post } = await action()
await expect(Post).toEqual(expect.arrayContaining(expected))
})
})
})
describe('filter (deleted: true)', () => {
beforeEach(() => {
query = '{ Post(deleted: true) { title } }'
})
describe('as user', () => {
describe('.comments', () => {
beforeEach(async () => {
const headers = await login({ email: 'user@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
query = '{ Post(id: "p3") { title comments { content } } }'
})
it('throws authorisation error', async () => {
await expect(action()).rejects.toThrow('Not Authorised!')
describe('as user', () => {
beforeEach(async () => {
const headers = await login({ email: 'user@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('conceals disabled comments', async () => {
const expected = [
{ content: 'Enabled comment on public post' },
{ content: 'DELETED' }
]
const { Post: [{ comments }] } = await action()
await expect(comments).toEqual(expect.arrayContaining(expected))
})
})
describe('as moderator', () => {
beforeEach(async () => {
const headers = await login({ email: 'moderator@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('shows disabled comments', async () => {
const expected = [
{ content: 'Enabled comment on public post' },
{ content: 'Disabled comment' }
]
const { Post: [{ comments }] } = await action()
await expect(comments).toEqual(expect.arrayContaining(expected))
})
})
})
describe('as moderator', () => {
beforeEach(async () => {
const headers = await login({ email: 'moderator@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
describe('filter (deleted: true)', () => {
beforeEach(() => {
query = '{ Post(deleted: true) { title } }'
})
it('shows deleted posts', async () => {
const expected = { Post: [{ title: 'Deleted post' }] }
await expect(action()).resolves.toEqual(expected)
})
})
})
describe('as user', () => {
beforeEach(async () => {
const headers = await login({ email: 'user@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
describe('filter (disabled: true)', () => {
beforeEach(() => {
query = '{ Post(disabled: true) { title } }'
})
describe('as user', () => {
beforeEach(async () => {
const headers = await login({ email: 'user@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
it('throws authorisation error', async () => {
await expect(action()).rejects.toThrow('Not Authorised!')
})
})
it('throws authorisation error', async () => {
await expect(action()).rejects.toThrow('Not Authorised!')
describe('as moderator', () => {
beforeEach(async () => {
const headers = await login({ email: 'moderator@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('shows deleted posts', async () => {
const expected = { Post: [{ title: 'Deleted post' }] }
await expect(action()).resolves.toEqual(expected)
})
})
})
describe('as moderator', () => {
beforeEach(async () => {
const headers = await login({ email: 'moderator@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
describe('filter (disabled: true)', () => {
beforeEach(() => {
query = '{ Post(disabled: true) { title } }'
})
it('shows disabled posts', async () => {
const expected = { Post: [{ title: 'Disabled post' }] }
await expect(action()).resolves.toEqual(expected)
describe('as user', () => {
beforeEach(async () => {
const headers = await login({ email: 'user@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('throws authorisation error', async () => {
await expect(action()).rejects.toThrow('Not Authorised!')
})
})
describe('as moderator', () => {
beforeEach(async () => {
const headers = await login({ email: 'moderator@example.org', password: '1234' })
client = new GraphQLClient(host, { headers })
})
it('shows disabled posts', async () => {
const expected = { Post: [{ title: 'Disabled post' }] }
await expect(action()).resolves.toEqual(expected)
})
})
})
})

2
src/seed/factories/users.js
View File

@ -9,6 +9,7 @@ export default function create (params) {
password = '1234',
role = 'user',
avatar = faker.internet.avatar(),
about = faker.lorem.paragraph(),
disabled = false,
deleted = false
} = params
@ -21,6 +22,7 @@ export default function create (params) {
password: "${password}",
email: "${email}",
avatar: "${avatar}",
about: "${about}",
role: ${role},
disabled: ${disabled},
deleted: ${deleted}