chore: add and refactor tests

opengovsg · Oct 11, 2024 · 7773d21 · 7773d21
1 parent afad97d
commit 7773d21
Show file tree

Hide file tree

Showing 10 changed files with 96 additions and 26 deletions.
diff --git a/packages/backend/src/errors/graphql-errors/forbidden.ts b/packages/backend/src/errors/graphql-errors/forbidden.ts
@@ -0,0 +1,17 @@
+import { GraphQLError } from 'graphql/error'
+
+const FORBIDDEN_ERROR_CODE = 'FORBIDDEN'
+
+export class ForbiddenError extends GraphQLError {
+  constructor(message: string) {
+    super(message, {
+      extensions: {
+        code: FORBIDDEN_ERROR_CODE,
+        message,
+        http: {
+          status: 403,
+        },
+      },
+    })
+  }
+}
diff --git a/packages/backend/src/errors/graphql-errors/index.ts b/packages/backend/src/errors/graphql-errors/index.ts
@@ -1 +1,2 @@
 export * from './bad-user-input'
+export * from './forbidden'
diff --git a/packages/backend/src/graphql/__tests__/mutations/tiles/create-row.itest.ts b/packages/backend/src/graphql/__tests__/mutations/tiles/create-row.itest.ts
@@ -1,5 +1,6 @@
 import { beforeEach, describe, expect, it } from 'vitest'
 
+import { ForbiddenError } from '@/errors/graphql-errors'
 import createRow from '@/graphql/mutations/tiles/create-row'
 import TableMetadata from '@/models/table-metadata'
 import User from '@/models/user'
@@ -112,6 +113,6 @@ describe('create row mutation', () => {
         },
         context,
       ),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
   })
 })
diff --git a/packages/backend/src/graphql/__tests__/mutations/tiles/create-rows.itest.ts b/packages/backend/src/graphql/__tests__/mutations/tiles/create-rows.itest.ts
@@ -1,5 +1,6 @@
 import { beforeEach, describe, expect, it } from 'vitest'
 
+import { ForbiddenError } from '@/errors/graphql-errors'
 import createRows from '@/graphql/mutations/tiles/create-rows'
 import { getTableRows } from '@/models/dynamodb/table-row/functions'
 import TableMetadata from '@/models/table-metadata'
@@ -118,6 +119,6 @@ describe('create row mutation', () => {
         },
         context,
       ),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
   })
 })
diff --git a/packages/backend/src/graphql/__tests__/mutations/tiles/delete-rows.itest.ts b/packages/backend/src/graphql/__tests__/mutations/tiles/delete-rows.itest.ts
@@ -1,5 +1,6 @@
 import { beforeEach, describe, expect, it } from 'vitest'
 
+import { ForbiddenError } from '@/errors/graphql-errors'
 import deleteRows from '@/graphql/mutations/tiles/delete-rows'
 import { createTableRows, getTableRowCount } from '@/models/dynamodb/table-row'
 import TableMetadata from '@/models/table-metadata'
@@ -100,6 +101,6 @@ describe('delete rows mutation', () => {
         { input: { tableId: dummyTable.id, rowIds: slicedRows } },
         context,
       ),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
   })
 })
diff --git a/packages/backend/src/graphql/__tests__/mutations/tiles/delete-table.itest.ts b/packages/backend/src/graphql/__tests__/mutations/tiles/delete-table.itest.ts
@@ -1,6 +1,7 @@
 import { randomUUID } from 'crypto'
 import { beforeEach, describe, expect, it } from 'vitest'
 
+import { ForbiddenError } from '@/errors/graphql-errors'
 import deleteTable from '@/graphql/mutations/tiles/delete-table'
 import TableMetadata from '@/models/table-metadata'
 import User from '@/models/user'
@@ -64,11 +65,11 @@ describe('delete table mutation', () => {
     context.currentUser = editor
     await expect(
       deleteTable(null, { input: { id: dummyTable.id } }, context),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
 
     context.currentUser = viewer
     await expect(
       deleteTable(null, { input: { id: dummyTable.id } }, context),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
   })
 })
diff --git a/packages/backend/src/graphql/__tests__/mutations/tiles/update-row.itest.ts b/packages/backend/src/graphql/__tests__/mutations/tiles/update-row.itest.ts
@@ -1,5 +1,6 @@
 import { beforeEach, describe, expect, it } from 'vitest'
 
+import { ForbiddenError } from '@/errors/graphql-errors'
 import updateRow from '@/graphql/mutations/tiles/update-row'
 import { createTableRow, TableRow } from '@/models/dynamodb/table-row'
 import TableMetadata from '@/models/table-metadata'
@@ -185,6 +186,6 @@ describe('update row mutation', () => {
         },
         context,
       ),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
   })
 })
diff --git a/packages/backend/src/graphql/__tests__/mutations/tiles/update-table.itest.ts b/packages/backend/src/graphql/__tests__/mutations/tiles/update-table.itest.ts
@@ -1,6 +1,7 @@
 import { randomUUID } from 'crypto'
 import { beforeEach, describe, expect, it } from 'vitest'
 
+import { ForbiddenError } from '@/errors/graphql-errors'
 import updateTable from '@/graphql/mutations/tiles/update-table'
 import TableMetadata from '@/models/table-metadata'
 import User from '@/models/user'
@@ -313,6 +314,6 @@ describe('update table mutation', () => {
         },
         context,
       ),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
   })
 })
diff --git a/packages/backend/src/graphql/__tests__/mutations/tiles/upsert-table-collaborator.itest.ts b/packages/backend/src/graphql/__tests__/mutations/tiles/upsert-table-collaborator.itest.ts
@@ -1,5 +1,6 @@
 import { beforeEach, describe, expect, it } from 'vitest'
 
+import { BadUserInputError, ForbiddenError } from '@/errors/graphql-errors'
 import TableMetadata from '@/models/table-metadata'
 import User from '@/models/user'
 import Context from '@/types/express/context'
@@ -93,22 +94,6 @@ describe('update table collaborators', () => {
     expect(addedCollaborator).toHaveProperty('role', 'viewer')
   })
 
-  it('should not allow adding of owner role', async () => {
-    await expect(
-      upsertTableCollaborator(
-        null,
-        {
-          input: {
-            tableId: dummyTable.id,
-            email: '[email protected]',
-            role: 'owner',
-          },
-        },
-        context,
-      ),
-    ).rejects.toThrowError('Cannot set collaborator role as owner')
-  })
-
   it('should not allow editing role of owner', async () => {
     context.currentUser = editor
     await expect(
@@ -173,6 +158,66 @@ describe('update table collaborators', () => {
         },
         context,
       ),
-    ).rejects.toThrow('You do not have access to this tile')
+    ).rejects.toThrow(ForbiddenError)
+  })
+
+  describe('transfer ownership', () => {
+    it('should not allow adding of owner role if you are not owner', async () => {
+      context.currentUser = editor
+      await expect(
+        upsertTableCollaborator(
+          null,
+          {
+            input: {
+              tableId: dummyTable.id,
+              email: '[email protected]',
+              role: 'owner',
+            },
+          },
+          context,
+        ),
+      ).rejects.toThrowError(ForbiddenError)
+    })
+
+    it('should allow transfer of owner role if you are owner, old owner will become editor', async () => {
+      await expect(
+        upsertTableCollaborator(
+          null,
+          {
+            input: {
+              tableId: dummyTable.id,
+              email: editor.email,
+              role: 'owner',
+            },
+          },
+          context,
+        ),
+      ).resolves.not.toThrow()
+      const collaborators = await dummyTable
+        .$relatedQuery('collaborators')
+        .where('table_collaborators.deleted_at', null)
+      expect(
+        collaborators.find((col) => col.email === editor.email),
+      ).toHaveProperty('role', 'owner')
+      expect(
+        collaborators.find((col) => col.email === owner.email),
+      ).toHaveProperty('role', 'editor')
+    })
+
+    it('should not allow transfer of ownership to non-existent user', async () => {
+      await expect(
+        upsertTableCollaborator(
+          null,
+          {
+            input: {
+              tableId: dummyTable.id,
+              email: '[email protected]',
+              role: 'owner',
+            },
+          },
+          context,
+        ),
+      ).rejects.toThrowError(BadUserInputError)
+    })
   })
 })
diff --git a/packages/backend/src/models/table-collaborators.ts b/packages/backend/src/models/table-collaborators.ts
@@ -1,5 +1,6 @@
 import { IGlobalVariable, ITableCollabRole } from '@plumber/types'
 
+import { ForbiddenError } from '@/errors/graphql-errors'
 import StepError from '@/errors/step'
 
 import Base from './base'
@@ -70,15 +71,15 @@ class TableCollaborator extends Base {
     ) {
       if ($) {
         throw new StepError(
-          'You do not have access to this tile',
+          'You do not sufficient permissions to this tile',
           `Please ensure that you are ${
             role === 'viewer' ? 'a' : 'an'
           } ${role} of this tile.`,
           $.step.position,
           $.app.name,
         )
       }
-      throw new Error('You do not have access to this tile.')
+      throw new ForbiddenError('You do not sufficient permissions to this tile')
     }
   }
 }
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		export * from './bad-user-input'
		export * from './forbidden'