Programmatic Creation of Roles and Teams

packages/api-aco/__tests__/utils/useGraphQlHandler.ts

@@ -66,7 +66,7 @@ import { FileManagerStorageOperations } from "@webiny/api-file-manager/types";
 import { DecryptedWcpProjectLicense } from "@webiny/wcp/types";
 import createAdminUsersApp from "@webiny/api-admin-users";
 import { createWcpContext } from "@webiny/api-wcp";
-import { createTestWcpLicense } from "~tests/utils/createTestWcpLicense";
+import { createTestWcpLicense } from "@webiny/wcp/testing/createTestWcpLicense";
 import { AdminUsersStorageOperations } from "@webiny/api-admin-users/types";
 
 export interface UseGQLHandlerParams {

packages/api-headless-cms-aco/__tests__/utils/useGraphQlHandler.ts

@@ -18,7 +18,7 @@ import { getIntrospectionQuery } from "graphql";
 import { APIGatewayEvent, LambdaContext } from "@webiny/handler-aws/types";
 import { DecryptedWcpProjectLicense } from "@webiny/wcp/types";
 import createAdminUsersApp from "@webiny/api-admin-users";
-import { createTestWcpLicense } from "~tests/utils/createTestWcpLicense";
+import { createTestWcpLicense } from "@webiny/wcp/testing/createTestWcpLicense";
 import { createWcpContext } from "@webiny/api-wcp";
 import { AdminUsersStorageOperations } from "@webiny/api-admin-users/types";
 import { until } from "@webiny/project-utils/testing/helpers/until";

packages/api-page-builder-aco/__tests__/utils/useGraphQlHandler.ts

@@ -41,7 +41,7 @@ import { getIntrospectionQuery } from "graphql";
 import { APIGatewayEvent, LambdaContext } from "@webiny/handler-aws/types";
 import { DecryptedWcpProjectLicense } from "@webiny/wcp/types";
 import createAdminUsersApp from "@webiny/api-admin-users";
-import { createTestWcpLicense } from "~tests/utils/createTestWcpLicense";
+import { createTestWcpLicense } from "@webiny/wcp/testing/createTestWcpLicense";
 import { createWcpContext } from "@webiny/api-wcp";
 import { AdminUsersStorageOperations } from "@webiny/api-admin-users/types";
 

packages/api-security/__tests__/graphql/teams.ts

@@ -0,0 +1,75 @@
+const DATA_FIELD = (extra = "") => /* GraphQL */ `
+    {
+        name
+        description
+        slug
+        groups {
+            id
+            name
+        }
+        ${extra}
+    }
+`;
+
+const ERROR_FIELD = /* GraphQL */ `
+    {
+        code
+        data
+        message
+    }
+`;
+
+export const CREATE_SECURITY_TEAM = /* GraphQL */ `
+    mutation CreateTeam($data: SecurityTeamCreateInput!) {
+        security {
+            createTeam(data: $data) {
+                data ${DATA_FIELD("id")}
+                error ${ERROR_FIELD}
+            }
+        }
+    }
+`;
+
+export const UPDATE_SECURITY_TEAM = /* GraphQL */ `
+    mutation UpdateTeam($id: ID!, $data: SecurityTeamUpdateInput!) {
+        security {
+            updateTeam(id: $id, data: $data) {
+                data ${DATA_FIELD()}
+                error ${ERROR_FIELD}
+            }
+        }
+    }
+`;
+
+export const DELETE_SECURITY_TEAM = /* GraphQL */ `
+    mutation DeleteTeam($id: ID!) {
+        security {
+            deleteTeam(id: $id) {
+                data
+                error ${ERROR_FIELD}
+            }
+        }
+    }
+`;
+
+export const LIST_SECURITY_TEAMS = /* GraphQL */ `
+    query ListTeams {
+        security {
+            listTeams {
+                data ${DATA_FIELD()}
+                error ${ERROR_FIELD}
+            }
+        }
+    }
+`;
+
+export const GET_SECURITY_TEAM = /* GraphQL */ `
+    query GetTeam($id: ID!) {
+        security {
+            getTeam(where: { id: $id }) {
+                data ${DATA_FIELD()}
+                error ${ERROR_FIELD}
+            }
+        }
+    }
+`;

packages/api-security/__tests__/groups.test.ts

@@ -1,8 +1,24 @@
 import useGqlHandler from "./useGqlHandler";
 import mocks from "./mocks/securityGroup";
+import { createSecurityRolePlugin } from "~/plugins/SecurityRolePlugin";
 
 describe("Security Group CRUD Test", () => {
-    const { install, securityGroup } = useGqlHandler();
+    const { install, securityGroup } = useGqlHandler({
+        plugins: [
+            createSecurityRolePlugin({
+                id: "test-role-1",
+                name: "Test Role 1",
+                description: "1st test role defined via an extension.",
+                permissions: [{ name: "cms.*" }]
+            }),
+            createSecurityRolePlugin({
+                id: "test-role-2",
+                name: "Test Role 2",
+                description: "2nd test role defined via an extension.",
+                permissions: [{ name: "pb.*" }]
+            })
+        ]
+    });
 
     beforeEach(async () => {
         await install.install();
@@ -23,19 +39,67 @@ describe("Security Group CRUD Test", () => {
         // Let's check whether both of the group exists
         const [listResponse] = await securityGroup.list();
 
-        expect(listResponse.data.security.listGroups).toEqual(
-            expect.objectContaining({
-                data: expect.arrayContaining([
-                    {
-                        name: expect.any(String),
-                        description: expect.any(String),
-                        slug: expect.stringMatching(/anonymous|full-access|group-a|group-b/),
-                        permissions: expect.any(Array)
-                    }
-                ]),
-                error: null
-            })
-        );
+        expect(listResponse.data.security.listGroups).toEqual({
+            error: null,
+            data: [
+                {
+                    name: "Test Role 1",
+                    description: "1st test role defined via an extension.",
+                    slug: "test-role-1",
+                    permissions: [
+                        {
+                            name: "cms.*"
+                        }
+                    ]
+                },
+                {
+                    name: "Test Role 2",
+                    description: "2nd test role defined via an extension.",
+                    slug: "test-role-2",
+                    permissions: [
+                        {
+                            name: "pb.*"
+                        }
+                    ]
+                },
+                {
+                    name: "Full Access",
+                    description: "Grants full access to all apps.",
+                    slug: "full-access",
+                    permissions: [
+                        {
+                            name: "*"
+                        }
+                    ]
+                },
+                {
+                    name: "Anonymous",
+                    description: "Permissions for anonymous users (public access).",
+                    slug: "anonymous",
+                    permissions: []
+                },
+                {
+                    name: "Group-A",
+                    description: "A: Dolor odit et quia animi ipsum nostrum nesciunt.",
+                    slug: "group-a",
+                    permissions: [
+                        {
+                            name: "security.*"
+                        }
+                    ]
+                },
+                {
+                    name: "Group-B",
+                    description: "B: Dolor odit et quia animi ipsum nostrum nesciunt.",
+                    slug: "group-b",
+                    permissions: [
+                        {
+                            name: "security.*"
+                        }
+                    ]
+                }
+            ]
+        });
 
         // Let's update the "groupB" name
         const updatedName = "Group B - updated";
@@ -131,4 +195,49 @@ describe("Security Group CRUD Test", () => {
             }
         });
     });
+
+    test("should not allow update of a group created via a plugin", async () => {
+        // Creating a group with same "slug" should not be allowed
+        const [response] = await securityGroup.update({
+            id: "test-role-1",
+            data: {
+                name: "Test Role 1 - updated"
+            }
+        });
+
+        expect(response).toEqual({
+            data: {
+                security: {
+                    updateGroup: {
+                        data: null,
+                        error: {
+                            code: "CANNOT_UPDATE_PLUGIN_GROUPS",
+                            data: null,
+                            message: "Cannot update groups created via plugins."
+                        }
+                    }
+                }
+            }
+        });
+    });
+
+    test("should not allow deletion of a group created via a plugin", async () => {
+        // Creating a group with same "slug" should not be allowed
+        const [response] = await securityGroup.delete({ id: "" });
+
+        expect(response).toEqual({
+            data: {
+                security: {
+                    deleteGroup: {
+                        data: null,
+                        error: {
+                            code: "CANNOT_DELETE_PLUGIN_GROUPS",
+                            data: null,
+                            message: "Cannot delete groups created via plugins."
+                        }
+                    }
+                }
+            }
+        });
+    });
 });

packages/api-security/__tests__/mocks/securityTeam.ts

@@ -0,0 +1,16 @@
+const mocks = {
+    teamA: {
+        name: "Team-A",
+        slug: "team-a",
+        description: "A: Dolor odit et quia animi ipsum nostrum nesciunt.",
+        groups: []
+    },
+    teamB: {
+        name: "Team-B",
+        slug: "team-b",
+        description: "B: Dolor odit et quia animi ipsum nostrum nesciunt.",
+        groups: []
+    }
+};
+
+export default mocks;