diff --git a/src/middleware/softDeleteMiddleware.spec.js b/src/middleware/softDeleteMiddleware.spec.js index f478feb7c..6b8b4bc49 100644 --- a/src/middleware/softDeleteMiddleware.spec.js +++ b/src/middleware/softDeleteMiddleware.spec.js @@ -7,41 +7,103 @@ let client let query let action -beforeEach(async () => { +beforeAll(async () => { + // For performance reasons we do this only once await Promise.all([ factory.create('User', { id: 'u1', role: 'user', email: 'user@example.org', password: '1234' }), - factory.create('User', { id: 'm1', role: 'moderator', email: 'moderator@example.org', password: '1234' }) + factory.create('User', { id: 'm1', role: 'moderator', email: 'moderator@example.org', password: '1234' }), + factory.create('User', { id: 'u2', role: 'user', avatar: '/some/offensive/avatar.jpg', about: 'This self description is very offensive', email: 'troll@example.org', password: '1234' }) ]) + await factory.authenticateAs({ email: 'user@example.org', password: '1234' }) await Promise.all([ - await factory.create('Post', { id: 'p1', title: 'Deleted post', deleted: true }), - await factory.create('Post', { id: 'p2', title: 'Disabled post', deleted: false }), - await factory.create('Post', { id: 'p3', title: 'Publicly visible post', deleted: false }) + factory.follow({ id: 'u2', type: 'User' }), + factory.create('Post', { id: 'p1', title: 'Deleted post', deleted: true }), + factory.create('Post', { id: 'p3', title: 'Publicly visible post', deleted: false }) ]) - const moderatorFactory = Factory() - await moderatorFactory.authenticateAs({ email: 'moderator@example.org', password: '1234' }) - const disableMutation = ` - mutation { - disable( - id: "p2" - ) - } - ` - await moderatorFactory.mutate(disableMutation) + + await Promise.all([ + factory.create('Comment', { id: 'c2', content: 'Enabled comment on public post' }) + ]) + + await Promise.all([ + factory.relate('Comment', 'Author', { from: 'u1', to: 'c2' }), + factory.relate('Comment', 'Post', { from: 'c2', to: 'p3' }) + ]) + + const asTroll = Factory() + await asTroll.authenticateAs({ email: 'troll@example.org', password: '1234' }) + await asTroll.create('Post', { id: 'p2', title: 'Disabled post', content: 'This is an offensive post content', image: '/some/offensive/image.jpg', deleted: false }) + await asTroll.create('Comment', { id: 'c1', content: 'Disabled comment' }) + await Promise.all([ + asTroll.relate('Comment', 'Author', { from: 'u2', to: 'c1' }), + asTroll.relate('Comment', 'Post', { from: 'c1', to: 'p3' }) + ]) + + const asModerator = Factory() + await asModerator.authenticateAs({ email: 'moderator@example.org', password: '1234' }) + await asModerator.mutate('mutation { disable( id: "p2") }') + await asModerator.mutate('mutation { disable( id: "c1") }') + await asModerator.mutate('mutation { disable( id: "u2") }') }) -afterEach(async () => { +afterAll(async () => { await factory.cleanDatabase() }) describe('softDeleteMiddleware', () => { - describe('Post', () => { + describe('read disabled content', () => { + let user + let post + let comment + const beforeComment = async () => { + query = '{ User(id: "u1") { following { comments { content contentExcerpt } } } }' + const response = await action() + comment = response.User[0].following[0].comments[0] + } + const beforeUser = async () => { + query = '{ User(id: "u1") { following { about avatar } } }' + const response = await action() + user = response.User[0].following[0] + } + const beforePost = async () => { + query = '{ User(id: "u1") { following { contributions { title image content contentExcerpt } } } }' + const response = await action() + post = response.User[0].following[0].contributions[0] + } + action = () => { return client.request(query) } - beforeEach(() => { - query = '{ Post { title } }' + describe('as moderator', () => { + beforeEach(async () => { + const headers = await login({ email: 'moderator@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + describe('User', () => { + beforeEach(beforeUser) + + it('displays about', () => expect(user.about).toEqual('This self description is very offensive')) + it('displays avatar', () => expect(user.avatar).toEqual('/some/offensive/avatar.jpg')) + }) + + describe('Post', () => { + beforeEach(beforePost) + + it('displays title', () => expect(post.title).toEqual('Disabled post')) + it('displays content', () => expect(post.content).toEqual('This is an offensive post content')) + it('displays contentExcerpt', () => expect(post.contentExcerpt).toEqual('This is an offensive post content')) + it('displays image', () => expect(post.image).toEqual('/some/offensive/image.jpg')) + }) + + describe('Comment', () => { + beforeEach(beforeComment) + + it('displays content', () => expect(comment.content).toEqual('Disabled comment')) + it('displays contentExcerpt', () => expect(comment.contentExcerpt).toEqual('Disabled comment')) + }) }) describe('as user', () => { @@ -50,45 +112,35 @@ describe('softDeleteMiddleware', () => { client = new GraphQLClient(host, { headers }) }) - it('hides deleted or disabled posts', async () => { - const expected = { Post: [{ title: 'Publicly visible post' }] } - await expect(action()).resolves.toEqual(expected) + describe('User', () => { + beforeEach(beforeUser) + + it('obfuscates about', () => expect(user.about).toEqual('DELETED')) + it('obfuscates avatar', () => expect(user.avatar).toEqual('DELETED')) + }) + + describe('Post', () => { + beforeEach(beforePost) + + it('obfuscates title', () => expect(post.title).toEqual('DELETED')) + it('obfuscates content', () => expect(post.content).toEqual('DELETED')) + it('obfuscates contentExcerpt', () => expect(post.contentExcerpt).toEqual('DELETED')) + it('obfuscates image', () => expect(post.image).toEqual('DELETED')) + }) + + describe('Comment', () => { + beforeEach(beforeComment) + + it('obfuscates content', () => expect(comment.content).toEqual('DELETED')) + it('obfuscates contentExcerpt', () => expect(comment.contentExcerpt).toEqual('DELETED')) }) }) + }) - describe('as moderator', () => { + describe('Query', () => { + describe('Post', () => { beforeEach(async () => { - const headers = await login({ email: 'moderator@example.org', password: '1234' }) - client = new GraphQLClient(host, { headers }) - }) - - it('shows disabled but hides deleted posts', async () => { - const expected = [ - { title: 'Disabled post' }, - { title: 'Publicly visible post' } - ] - const { Post } = await action() - await expect(Post).toEqual(expect.arrayContaining(expected)) - }) - }) - - describe('.comments', () => { - beforeEach(async () => { - query = '{ Post(id: "p3") { title comments { content } } }' - - const asModerator = Factory() - await asModerator.authenticateAs({ email: 'moderator@example.org', password: '1234' }) - await Promise.all([ - asModerator.create('Comment', { id: 'c1', content: 'Disabled comment' }), - asModerator.create('Comment', { id: 'c2', content: 'Enabled comment on public post' }) - ]) - await Promise.all([ - asModerator.relate('Comment', 'Author', { from: 'u1', to: 'c1' }), - asModerator.relate('Comment', 'Post', { from: 'c1', to: 'p3' }), - asModerator.relate('Comment', 'Author', { from: 'u1', to: 'c2' }), - asModerator.relate('Comment', 'Post', { from: 'c2', to: 'p3' }) - ]) - await asModerator.mutate('mutation { disable( id: "c1") }') + query = '{ Post { title } }' }) describe('as user', () => { @@ -97,14 +149,8 @@ describe('softDeleteMiddleware', () => { client = new GraphQLClient(host, { headers }) }) - it('hides disabled comments', async () => { - const expected = { Post: [ { - title: 'Publicly visible post', - comments: [ - { content: 'Enabled comment on public post' } - ] - } - ] } + it('hides deleted or disabled posts', async () => { + const expected = { Post: [{ title: 'Publicly visible post' }] } await expect(action()).resolves.toEqual(expected) }) }) @@ -115,72 +161,109 @@ describe('softDeleteMiddleware', () => { client = new GraphQLClient(host, { headers }) }) - it('shows disabled comments', async () => { + it('shows disabled but hides deleted posts', async () => { const expected = [ - { content: 'Enabled comment on public post' }, - { content: 'Disabled comment' } + { title: 'Disabled post' }, + { title: 'Publicly visible post' } ] - const { Post: [{ comments }] } = await action() - - await expect(comments).toEqual(expect.arrayContaining(expected)) + const { Post } = await action() + await expect(Post).toEqual(expect.arrayContaining(expected)) }) }) - }) - describe('filter (deleted: true)', () => { - beforeEach(() => { - query = '{ Post(deleted: true) { title } }' - }) - - describe('as user', () => { + describe('.comments', () => { beforeEach(async () => { - const headers = await login({ email: 'user@example.org', password: '1234' }) - client = new GraphQLClient(host, { headers }) + query = '{ Post(id: "p3") { title comments { content } } }' }) - it('throws authorisation error', async () => { - await expect(action()).rejects.toThrow('Not Authorised!') + describe('as user', () => { + beforeEach(async () => { + const headers = await login({ email: 'user@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('conceals disabled comments', async () => { + const expected = [ + { content: 'Enabled comment on public post' }, + { content: 'DELETED' } + ] + const { Post: [{ comments }] } = await action() + await expect(comments).toEqual(expect.arrayContaining(expected)) + }) + }) + + describe('as moderator', () => { + beforeEach(async () => { + const headers = await login({ email: 'moderator@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('shows disabled comments', async () => { + const expected = [ + { content: 'Enabled comment on public post' }, + { content: 'Disabled comment' } + ] + const { Post: [{ comments }] } = await action() + await expect(comments).toEqual(expect.arrayContaining(expected)) + }) }) }) - describe('as moderator', () => { - beforeEach(async () => { - const headers = await login({ email: 'moderator@example.org', password: '1234' }) - client = new GraphQLClient(host, { headers }) + describe('filter (deleted: true)', () => { + beforeEach(() => { + query = '{ Post(deleted: true) { title } }' }) - it('shows deleted posts', async () => { - const expected = { Post: [{ title: 'Deleted post' }] } - await expect(action()).resolves.toEqual(expected) - }) - }) - }) + describe('as user', () => { + beforeEach(async () => { + const headers = await login({ email: 'user@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) - describe('filter (disabled: true)', () => { - beforeEach(() => { - query = '{ Post(disabled: true) { title } }' - }) - - describe('as user', () => { - beforeEach(async () => { - const headers = await login({ email: 'user@example.org', password: '1234' }) - client = new GraphQLClient(host, { headers }) + it('throws authorisation error', async () => { + await expect(action()).rejects.toThrow('Not Authorised!') + }) }) - it('throws authorisation error', async () => { - await expect(action()).rejects.toThrow('Not Authorised!') + describe('as moderator', () => { + beforeEach(async () => { + const headers = await login({ email: 'moderator@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('shows deleted posts', async () => { + const expected = { Post: [{ title: 'Deleted post' }] } + await expect(action()).resolves.toEqual(expected) + }) }) }) - describe('as moderator', () => { - beforeEach(async () => { - const headers = await login({ email: 'moderator@example.org', password: '1234' }) - client = new GraphQLClient(host, { headers }) + describe('filter (disabled: true)', () => { + beforeEach(() => { + query = '{ Post(disabled: true) { title } }' }) - it('shows disabled posts', async () => { - const expected = { Post: [{ title: 'Disabled post' }] } - await expect(action()).resolves.toEqual(expected) + describe('as user', () => { + beforeEach(async () => { + const headers = await login({ email: 'user@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('throws authorisation error', async () => { + await expect(action()).rejects.toThrow('Not Authorised!') + }) + }) + + describe('as moderator', () => { + beforeEach(async () => { + const headers = await login({ email: 'moderator@example.org', password: '1234' }) + client = new GraphQLClient(host, { headers }) + }) + + it('shows disabled posts', async () => { + const expected = { Post: [{ title: 'Disabled post' }] } + await expect(action()).resolves.toEqual(expected) + }) }) }) }) diff --git a/src/seed/factories/users.js b/src/seed/factories/users.js index c27b2b1ce..491b3f9e1 100644 --- a/src/seed/factories/users.js +++ b/src/seed/factories/users.js @@ -9,6 +9,7 @@ export default function create (params) { password = '1234', role = 'user', avatar = faker.internet.avatar(), + about = faker.lorem.paragraph(), disabled = false, deleted = false } = params @@ -21,6 +22,7 @@ export default function create (params) { password: "${password}", email: "${email}", avatar: "${avatar}", + about: "${about}", role: ${role}, disabled: ${disabled}, deleted: ${deleted}