Spec a new behaviour of softDisable

If we have nested content, the content should be obfuscated instead of being filtered. cc @datenbrei
2025-12-13 07:45:56 +00:00 · 2019-03-13 20:57:50 +01:00 · 2019-03-13 20:57:50 +01:00 · d71cb16a01
commit d71cb16a01
parent 7d82b27aaa
2 changed files with 192 additions and 107 deletions
--- a/src/middleware/softDeleteMiddleware.spec.js
+++ b/src/middleware/softDeleteMiddleware.spec.js
@ -7,40 +7,139 @@ let client
 let query
 let action

-beforeEach(async () => {
+beforeAll(async () => {
+  // For performance reasons we do this only once
  await Promise.all([
    factory.create('User', { id: 'u1', role: 'user', email: 'user@example.org', password: '1234' }),
-    factory.create('User', { id: 'm1', role: 'moderator', email: 'moderator@example.org', password: '1234' })
+    factory.create('User', { id: 'm1', role: 'moderator', email: 'moderator@example.org', password: '1234' }),
+    factory.create('User', { id: 'u2', role: 'user', avatar: '/some/offensive/avatar.jpg', about: 'This self description is very offensive', email: 'troll@example.org', password: '1234' })
  ])
+
  await factory.authenticateAs({ email: 'user@example.org', password: '1234' })
  await Promise.all([
-    await factory.create('Post', { id: 'p1', title: 'Deleted post', deleted: true }),
-    await factory.create('Post', { id: 'p2', title: 'Disabled post', deleted: false }),
-    await factory.create('Post', { id: 'p3', title: 'Publicly visible post', deleted: false })
+    factory.follow({ id: 'u2', type: 'User' }),
+    factory.create('Post', { id: 'p1', title: 'Deleted post', deleted: true }),
+    factory.create('Post', { id: 'p3', title: 'Publicly visible post', deleted: false })
  ])
-  const moderatorFactory = Factory()
-  await moderatorFactory.authenticateAs({ email: 'moderator@example.org', password: '1234' })
-  const disableMutation = `
-      mutation {
-        disable(
-          id: "p2"
-        )
-      }
-    `
-  await moderatorFactory.mutate(disableMutation)
+
+  await Promise.all([
+    factory.create('Comment', { id: 'c2', content: 'Enabled comment on public post' })
+  ])
+
+  await Promise.all([
+    factory.relate('Comment', 'Author', { from: 'u1', to: 'c2' }),
+    factory.relate('Comment', 'Post', { from: 'c2', to: 'p3' })
+  ])
+
+  const asTroll = Factory()
+  await asTroll.authenticateAs({ email: 'troll@example.org', password: '1234' })
+  await asTroll.create('Post', { id: 'p2', title: 'Disabled post', content: 'This is an offensive post content', image: '/some/offensive/image.jpg', deleted: false })
+  await asTroll.create('Comment', { id: 'c1', content: 'Disabled comment' })
+  await Promise.all([
+    asTroll.relate('Comment', 'Author', { from: 'u2', to: 'c1' }),
+    asTroll.relate('Comment', 'Post', { from: 'c1', to: 'p3' })
+  ])
+
+  const asModerator = Factory()
+  await asModerator.authenticateAs({ email: 'moderator@example.org', password: '1234' })
+  await asModerator.mutate('mutation { disable( id: "p2") }')
+  await asModerator.mutate('mutation { disable( id: "c1") }')
+  await asModerator.mutate('mutation { disable( id: "u2") }')
 })

-afterEach(async () => {
+afterAll(async () => {
  await factory.cleanDatabase()
 })

 describe('softDeleteMiddleware', () => {
-  describe('Post', () => {
+  describe('read disabled content', () => {
+    let user
+    let post
+    let comment
+    const beforeComment = async () => {
+      query = '{ User(id: "u1") { following { comments { content contentExcerpt }  } } }'
+      const response = await action()
+      comment = response.User[0].following[0].comments[0]
+    }
+    const beforeUser = async () => {
+      query = '{ User(id: "u1") { following { about avatar } } }'
+      const response = await action()
+      user = response.User[0].following[0]
+    }
+    const beforePost = async () => {
+      query = '{ User(id: "u1") { following { contributions { title image content contentExcerpt }  } } }'
+      const response = await action()
+      post = response.User[0].following[0].contributions[0]
+    }
+
    action = () => {
      return client.request(query)
    }

-    beforeEach(() => {
+    describe('as moderator', () => {
+      beforeEach(async () => {
+        const headers = await login({ email: 'moderator@example.org', password: '1234' })
+        client = new GraphQLClient(host, { headers })
+      })
+
+      describe('User', () => {
+        beforeEach(beforeUser)
+
+        it('displays about', () => expect(user.about).toEqual('This self description is very offensive'))
+        it('displays avatar', () => expect(user.avatar).toEqual('/some/offensive/avatar.jpg'))
+      })
+
+      describe('Post', () => {
+        beforeEach(beforePost)
+
+        it('displays title', () => expect(post.title).toEqual('Disabled post'))
+        it('displays content', () => expect(post.content).toEqual('This is an offensive post content'))
+        it('displays contentExcerpt', () => expect(post.contentExcerpt).toEqual('This is an offensive post content'))
+        it('displays image', () => expect(post.image).toEqual('/some/offensive/image.jpg'))
+      })
+
+      describe('Comment', () => {
+        beforeEach(beforeComment)
+
+        it('displays content', () => expect(comment.content).toEqual('Disabled comment'))
+        it('displays contentExcerpt', () => expect(comment.contentExcerpt).toEqual('Disabled comment'))
+      })
+    })
+
+    describe('as user', () => {
+      beforeEach(async () => {
+        const headers = await login({ email: 'user@example.org', password: '1234' })
+        client = new GraphQLClient(host, { headers })
+      })
+
+      describe('User', () => {
+        beforeEach(beforeUser)
+
+        it('obfuscates about', () => expect(user.about).toEqual('DELETED'))
+        it('obfuscates avatar', () => expect(user.avatar).toEqual('DELETED'))
+      })
+
+      describe('Post', () => {
+        beforeEach(beforePost)
+
+        it('obfuscates title', () => expect(post.title).toEqual('DELETED'))
+        it('obfuscates content', () => expect(post.content).toEqual('DELETED'))
+        it('obfuscates contentExcerpt', () => expect(post.contentExcerpt).toEqual('DELETED'))
+        it('obfuscates image', () => expect(post.image).toEqual('DELETED'))
+      })
+
+      describe('Comment', () => {
+        beforeEach(beforeComment)
+
+        it('obfuscates content', () => expect(comment.content).toEqual('DELETED'))
+        it('obfuscates contentExcerpt', () => expect(comment.contentExcerpt).toEqual('DELETED'))
+      })
+    })
+  })
+
+  describe('Query', () => {
+    describe('Post', () => {
+      beforeEach(async () => {
        query = '{ Post { title } }'
      })

@ -75,20 +174,6 @@ describe('softDeleteMiddleware', () => {
      describe('.comments', () => {
        beforeEach(async () => {
          query = '{ Post(id: "p3") { title comments { content } } }'
-
-        const asModerator = Factory()
-        await asModerator.authenticateAs({ email: 'moderator@example.org', password: '1234' })
-        await Promise.all([
-          asModerator.create('Comment', { id: 'c1', content: 'Disabled comment' }),
-          asModerator.create('Comment', { id: 'c2', content: 'Enabled comment on public post' })
-        ])
-        await Promise.all([
-          asModerator.relate('Comment', 'Author', { from: 'u1', to: 'c1' }),
-          asModerator.relate('Comment', 'Post', { from: 'c1', to: 'p3' }),
-          asModerator.relate('Comment', 'Author', { from: 'u1', to: 'c2' }),
-          asModerator.relate('Comment', 'Post', { from: 'c2', to: 'p3' })
-        ])
-        await asModerator.mutate('mutation { disable( id: "c1") }')
        })

        describe('as user', () => {
@ -97,15 +182,13 @@ describe('softDeleteMiddleware', () => {
            client = new GraphQLClient(host, { headers })
          })

-        it('hides disabled comments', async () => {
-          const expected = { Post: [ {
-            title: 'Publicly visible post',
-            comments: [
-              { content: 'Enabled comment on public post' }
+          it('conceals disabled comments', async () => {
+            const expected = [
+              { content: 'Enabled comment on public post' },
+              { content: 'DELETED' }
            ]
-          }
-          ] }
-          await expect(action()).resolves.toEqual(expected)
+            const { Post: [{ comments }] } = await action()
+            await expect(comments).toEqual(expect.arrayContaining(expected))
          })
        })

@ -121,7 +204,6 @@ describe('softDeleteMiddleware', () => {
              { content: 'Disabled comment' }
            ]
            const { Post: [{ comments }] } = await action()
-
            await expect(comments).toEqual(expect.arrayContaining(expected))
          })
        })
@ -186,3 +268,4 @@ describe('softDeleteMiddleware', () => {
      })
    })
  })
+})
--- a/src/seed/factories/users.js
+++ b/src/seed/factories/users.js
@ -9,6 +9,7 @@ export default function create (params) {
    password = '1234',
    role = 'user',
    avatar = faker.internet.avatar(),
+    about = faker.lorem.paragraph(),
    disabled = false,
    deleted = false
  } = params
@ -21,6 +22,7 @@ export default function create (params) {
        password: "${password}",
        email: "${email}",
        avatar: "${avatar}",
+        about: "${about}",
        role: ${role},
        disabled: ${disabled},
        deleted: ${deleted}