diff --git a/hasura.planx.uk/tests/analytics.test.js b/hasura.planx.uk/tests/analytics.test.js index 53bfb9c10b..5147eb2a17 100644 --- a/hasura.planx.uk/tests/analytics.test.js +++ b/hasura.planx.uk/tests/analytics.test.js @@ -69,4 +69,26 @@ describe("analytics and analytics_logs", () => { expect(i).toHaveNoMutationsFor("analytics_logs"); }); }); + + describe("api", () => { + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query analytics", () => { + expect(i.queries).not.toContain("analytics"); + }); + + test("cannot query analytics_logs", () => { + expect(i.queries).not.toContain("analytics_logs"); + }); + + test("cannot create, update, or delete analytics", () => { + expect(i).toHaveNoMutationsFor("analytics"); + }); + + test("cannot create, update, or delete analytics_logs", () => { + expect(i).toHaveNoMutationsFor("analytics_logs"); + }); + }); }); diff --git a/hasura.planx.uk/tests/blpu_codes.test.js b/hasura.planx.uk/tests/blpu_codes.test.js index ade04eb536..7614433e41 100644 --- a/hasura.planx.uk/tests/blpu_codes.test.js +++ b/hasura.planx.uk/tests/blpu_codes.test.js @@ -47,7 +47,22 @@ describe("blpu_codes", () => { describe("teamEditor", () => { let i; beforeAll(async () => { - i = await introspectAs("platformAdmin"); + i = await introspectAs("teamEditor"); + }); + + test("cannot query blpu_codes", () => { + expect(i.queries).not.toContain("blpu_codes"); + }); + + test("cannot create, update, or delete blpu_codes", () => { + expect(i).toHaveNoMutationsFor("blpu_codes"); + }); + }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); }); test("cannot query blpu_codes", () => { diff --git a/hasura.planx.uk/tests/bops_applications.test.js b/hasura.planx.uk/tests/bops_applications.test.js index dc6b2b909f..91001b1262 100644 --- a/hasura.planx.uk/tests/bops_applications.test.js +++ b/hasura.planx.uk/tests/bops_applications.test.js @@ -59,4 +59,21 @@ describe("bops_applications", () => { expect(i).toHaveNoMutationsFor("bops_applications"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("can query and mutate bops applications", () => { + expect(i.queries).toContain("bops_applications"); + expect(i.mutations).toContain("insert_bops_applications"); + expect(i.mutations).toContain("update_bops_applications_by_pk"); + }); + + test("cannot delete bops applications", () => { + expect(i.mutations).not.toContain("delete_bops_applications"); + }); + }); }); diff --git a/hasura.planx.uk/tests/email_applications.test.js b/hasura.planx.uk/tests/email_applications.test.js index b4a2cd711a..11db01eed5 100644 --- a/hasura.planx.uk/tests/email_applications.test.js +++ b/hasura.planx.uk/tests/email_applications.test.js @@ -60,4 +60,22 @@ describe("email_applications", () => { expect(i).toHaveNoMutationsFor("email_applications"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("has full access to query and mutate email applications", () => { + expect(i.queries).toContain("email_applications"); + expect(i.mutations).toContain("insert_email_applications"); + expect(i.mutations).toContain("insert_email_applications_one"); + expect(i.mutations).toContain("update_email_applications_by_pk"); + }); + + test("cannot delete email applications", () => { + expect(i.mutations).not.toContain("delete_email_applications"); + }); + }); }); diff --git a/hasura.planx.uk/tests/flow_document_templates.test.js b/hasura.planx.uk/tests/flow_document_templates.test.js new file mode 100644 index 0000000000..75057b2f86 --- /dev/null +++ b/hasura.planx.uk/tests/flow_document_templates.test.js @@ -0,0 +1,81 @@ +const { introspectAs } = require("./utils"); + +describe("flow_document_templates", () => { + describe("public", () => { + let i; + beforeAll(async () => { + i = await introspectAs("public"); + }); + + // TODO: Check this - seems unnecessary / incorrect? + test.skip("cannot query flow_document_templates", () => { + expect(i.queries).not.toContain("flow_document_templates"); + }); + + test("cannot create, update, or delete flow_document_templates", () => { + expect(i).toHaveNoMutationsFor("flow_document_templates"); + }); + }); + + describe("admin", () => { + let i; + beforeAll(async () => { + i = await introspectAs("admin"); + }); + + test("can query flow_document_templates", () => { + expect(i.queries).toContain("flow_document_templates"); + }); + + test("can create, update, or delete flow_document_templates", () => { + expect(i.mutations).toContain("insert_flow_document_templates"); + expect(i.mutations).toContain("insert_flow_document_templates_one"); + expect(i.mutations).toContain("update_flow_document_templates_by_pk"); + expect(i.mutations).toContain("delete_flow_document_templates_by_pk"); + }); + }); + + describe("platformAdmin", () => { + let i; + beforeAll(async () => { + i = await introspectAs("platformAdmin"); + }); + + test("cannot query flow_document_templates", () => { + expect(i.queries).not.toContain("flow_document_templates"); + }); + + test("cannot create, update, or delete flow_document_templates", () => { + expect(i).toHaveNoMutationsFor("flow_document_templates"); + }); + }); + + describe("teamEditor", () => { + let i; + beforeAll(async () => { + i = await introspectAs("teamEditor"); + }); + + test("cannot query flow_document_templates", () => { + expect(i.queries).not.toContain("flow_document_templates"); + }); + + test("cannot create, update, or delete flow_document_templates", () => { + expect(i).toHaveNoMutationsFor("flow_document_templates"); + }); + }); + + describe("api", () => { + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("can query flow_document_templates", () => { + expect(i.queries).toContain("flow_document_templates"); + }); + + test("cannot create, update, or delete flow_document_templates", () => { + expect(i).toHaveNoMutationsFor("flow_document_templates"); + }); + }); +}); diff --git a/hasura.planx.uk/tests/flows.test.js b/hasura.planx.uk/tests/flows.test.js index fbfd945f38..2338e7ea27 100644 --- a/hasura.planx.uk/tests/flows.test.js +++ b/hasura.planx.uk/tests/flows.test.js @@ -140,4 +140,46 @@ describe("flows and operations", () => { expect(i.mutations).not.toContain("update_published_flows"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("can query flows", () => { + expect(i.queries).toContain("flows"); + }); + + test("can create and update flows", () => { + expect(i.mutations).toContain("update_flows_by_pk"); + expect(i.mutations).toContain("update_flows"); + }); + + test("cannot delete flows", () => { + expect(i.mutations).not.toContain("delete_flows_by_pk"); + expect(i.mutations).not.toContain("delete_flows"); + }); + + test("cannot query or mutate operations", () => { + expect(i.queries).not.toContain("operations"); + expect(i).toHaveNoMutationsFor("operations"); + }); + + test("can query published flows", () => { + expect(i.queries).toContain("published_flows"); + }); + + test("can create published_flows", () => { + expect(i.mutations).toContain("insert_published_flows_one"); + expect(i.mutations).toContain("insert_published_flows"); + }); + + test("cannot update or delete published_flows", () => { + expect(i.mutations).not.toContain("delete_published_flows_by_pk"); + expect(i.mutations).not.toContain("delete_published_flows"); + expect(i.mutations).not.toContain("update_published_flows_by_pk"); + expect(i.mutations).not.toContain("update_published_flows"); + }); + }); }); diff --git a/hasura.planx.uk/tests/global_settings.test.js b/hasura.planx.uk/tests/global_settings.test.js index 98d12e8bbc..c7b3d9be95 100644 --- a/hasura.planx.uk/tests/global_settings.test.js +++ b/hasura.planx.uk/tests/global_settings.test.js @@ -63,4 +63,19 @@ describe("global_settings", () => { expect(i).toHaveNoMutationsFor("global_settings"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query global_settings view", () => { + expect(i.queries).not.toContain("global_settings"); + }); + + test("cannot create, update, or delete global_settings", () => { + expect(i).toHaveNoMutationsFor("global_settings"); + }); + }); }); diff --git a/hasura.planx.uk/tests/lowcal_sessions.test.js b/hasura.planx.uk/tests/lowcal_sessions.test.js index 7de02f9e9d..aa0149ff88 100644 --- a/hasura.planx.uk/tests/lowcal_sessions.test.js +++ b/hasura.planx.uk/tests/lowcal_sessions.test.js @@ -458,4 +458,26 @@ describe("lowcal_sessions", () => { expect(i).toHaveNoMutationsFor("lowcal_sessions"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot insert lowcal_sessions", () => { + expect(i.mutations).not.toContain("insert_lowcal_sessions"); + expect(i.mutations).not.toContain("insert_lowcal_sessions_one"); + }); + + test("can query and update local_sessions", () => { + expect(i.queries).toContain("lowcal_sessions"); + expect(i.mutations).toContain("update_lowcal_sessions_by_pk"); + expect(i.mutations).toContain("update_lowcal_sessions"); + }); + + test("cannot delete lowcal_sessions", () => { + expect(i.mutations).not.toContain("delete_lowcal_sessions"); + }); + }); }); diff --git a/hasura.planx.uk/tests/payment_requests.test.js b/hasura.planx.uk/tests/payment_requests.test.js index 45ecb2c4e5..5580187ae3 100644 --- a/hasura.planx.uk/tests/payment_requests.test.js +++ b/hasura.planx.uk/tests/payment_requests.test.js @@ -127,6 +127,21 @@ describe("payment_requests", () => { expect(i).toHaveNoMutationsFor("payment_requests"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("has full access to query and mutate payment_requests", async () => { + expect(i.queries).toContain("payment_requests"); + expect(i.mutations).toContain("insert_payment_requests"); + expect(i.mutations).toContain("update_payment_requests"); + expect(i.mutations).toContain("update_payment_requests_by_pk"); + expect(i.mutations).toContain("delete_payment_requests"); + }); + }); }); const insertSessions = async (sessionIds) => { diff --git a/hasura.planx.uk/tests/payment_status.test.js b/hasura.planx.uk/tests/payment_status.test.js index 35ea07522b..db1ff42490 100644 --- a/hasura.planx.uk/tests/payment_status.test.js +++ b/hasura.planx.uk/tests/payment_status.test.js @@ -66,4 +66,24 @@ describe("payment_status", () => { expect(i).toHaveNoMutationsFor("payment_status"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query payment_status", () => { + expect(i.queries).not.toContain("payment_status"); + }) + + test("can insert payment_status", () => { + expect(i.mutations).toContain("insert_payment_status"); + }); + + test("cannot delete or update payment_status", () => { + expect(i.mutations).not.toContain("update_payment_status"); + expect(i.mutations).not.toContain("delete_payment_status"); + }) + }); }); diff --git a/hasura.planx.uk/tests/planning_constraints_requests.test.js b/hasura.planx.uk/tests/planning_constraints_requests.test.js index 2d178eb68c..b1c5648db5 100644 --- a/hasura.planx.uk/tests/planning_constraints_requests.test.js +++ b/hasura.planx.uk/tests/planning_constraints_requests.test.js @@ -59,4 +59,24 @@ describe("planning_constraints_requests", () => { expect(i).toHaveNoMutationsFor("planning_constraints_requests"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query planning_constraints_requests", () => { + expect(i.queries).not.toContain("planning_constraints_requests"); + }) + + test("can insert planning_constraints_requests", () => { + expect(i.mutations).toContain("insert_planning_constraints_requests"); + }); + + test("cannot update or delete planning_constriants_requests", () => { + expect(i.mutations).not.toContain("update_planning_constraints_requests_by_pk"); + expect(i.mutations).not.toContain("delete_planning_constraints_requests"); + }) + }); }); diff --git a/hasura.planx.uk/tests/reconciliation_requests.test.js b/hasura.planx.uk/tests/reconciliation_requests.test.js new file mode 100644 index 0000000000..482f98723d --- /dev/null +++ b/hasura.planx.uk/tests/reconciliation_requests.test.js @@ -0,0 +1,88 @@ +const { introspectAs } = require("./utils"); + +describe("reconciliation_requests", () => { + describe("public", () => { + let i; + beforeAll(async () => { + i = await introspectAs("public"); + }); + + test("cannot query reconciliation_requests", () => { + expect(i.queries).not.toContain("reconciliation_requests"); + }); + + test("cannot create, update, or delete reconciliation_requests", () => { + expect(i).toHaveNoMutationsFor("reconciliation_requests"); + }); + }); + + describe("admin", () => { + let i; + beforeAll(async () => { + i = await introspectAs("admin"); + }); + + test("can query reconciliation_requests", () => { + expect(i.queries).toContain("reconciliation_requests"); + }); + + test("can create, update, or delete reconciliation_requests", () => { + expect(i.mutations).toContain("insert_reconciliation_requests"); + expect(i.mutations).toContain("insert_reconciliation_requests_one"); + expect(i.mutations).toContain("update_reconciliation_requests_by_pk"); + expect(i.mutations).toContain("delete_reconciliation_requests_by_pk"); + }); + }); + + describe("platformAdmin", () => { + let i; + beforeAll(async () => { + i = await introspectAs("platformAdmin"); + }); + + test("cannot query reconciliation_requests", () => { + expect(i.queries).not.toContain("reconciliation_requests"); + }); + + test("cannot create, update, or delete reconciliation_requests", () => { + expect(i).toHaveNoMutationsFor("reconciliation_requests"); + }); + }); + + describe("teamEditor", () => { + let i; + beforeAll(async () => { + i = await introspectAs("teamEditor"); + }); + + test("cannot query reconciliation_requests", () => { + expect(i.queries).not.toContain("reconciliation_requests"); + }); + + test("cannot create, update, or delete reconciliation_requests", () => { + expect(i).toHaveNoMutationsFor("reconciliation_requests"); + }); + }); + + describe("api", () => { + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query reconciliation_requests", () => { + expect(i.queries).not.toContain("reconciliation_requests"); + }); + + test("cannot update reconciliation_requests", () => { + expect(i.mutations).not.toContain("update_reconciliation_requests"); + }); + + test("can delete reconciliation_requests", () => { + expect(i.mutations).toContain("delete_reconciliation_requests"); + }); + + test("can insert reconciliation requests", () => { + expect(i.mutations).toContain("insert_reconciliation_requests"); + }); + }); +}); diff --git a/hasura.planx.uk/tests/sessions.test.js b/hasura.planx.uk/tests/sessions.test.js index 12e708f93f..83f91797f1 100644 --- a/hasura.planx.uk/tests/sessions.test.js +++ b/hasura.planx.uk/tests/sessions.test.js @@ -625,5 +625,22 @@ describe("sessions", () => { expect(i).toHaveNoMutationsFor("sessions"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query sessions", () => { + expect(i.queries).not.toContain("sessions"); + }); + + test("cannot create, update, or delete sessions", () => { + expect(i.mutations).not.toContain("insert_sessions"); + expect(i.mutations).not.toContain("update_sessions"); + expect(i.mutations).not.toContain("delete_sessions"); + }); + }); }); diff --git a/hasura.planx.uk/tests/team_members.test.js b/hasura.planx.uk/tests/team_members.test.js index d88dd5c41a..aeedb178b7 100644 --- a/hasura.planx.uk/tests/team_members.test.js +++ b/hasura.planx.uk/tests/team_members.test.js @@ -59,4 +59,19 @@ describe("team_members", () => { expect(i).toHaveNoMutationsFor("team_members"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query teams members", () => { + expect(i.queries).not.toContain("team_members"); + }); + + test("cannot create, update, or delete team_members", () => { + expect(i).toHaveNoMutationsFor("team_members"); + }); + }); }); diff --git a/hasura.planx.uk/tests/teams.test.js b/hasura.planx.uk/tests/teams.test.js index 6aca15d251..85865cb2dc 100644 --- a/hasura.planx.uk/tests/teams.test.js +++ b/hasura.planx.uk/tests/teams.test.js @@ -71,4 +71,19 @@ describe("teams", () => { expect(i.mutations).not.toContain("insert_teams"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("can query teams", () => { + expect(i.queries).toContain("teams"); + }); + + test("cannot create, update, or delete teams", () => { + expect(i).toHaveNoMutationsFor("teams"); + }); + }); }); diff --git a/hasura.planx.uk/tests/uniform_applications.test.js b/hasura.planx.uk/tests/uniform_applications.test.js index efa53fa142..92f851a377 100644 --- a/hasura.planx.uk/tests/uniform_applications.test.js +++ b/hasura.planx.uk/tests/uniform_applications.test.js @@ -59,4 +59,21 @@ describe("uniform_applications", () => { expect(i).toHaveNoMutationsFor("uniform_applications"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("has full access to query and mutate uniform applications", () => { + expect(i.queries).toContain("uniform_applications"); + expect(i.mutations).toContain("insert_uniform_applications"); + expect(i.mutations).toContain("update_uniform_applications_by_pk"); + }); + + test("cannot delete uniform applications", () => { + expect(i.mutations).not.toContain("delete_uniform_applications"); + }) + }); }); diff --git a/hasura.planx.uk/tests/users.test.js b/hasura.planx.uk/tests/users.test.js index 91149556e6..a9eb863405 100644 --- a/hasura.planx.uk/tests/users.test.js +++ b/hasura.planx.uk/tests/users.test.js @@ -66,4 +66,19 @@ describe("users", () => { expect(i).toHaveNoMutationsFor("users"); }); }); + + describe("api", () => { + let i; + beforeAll(async () => { + i = await introspectAs("api"); + }); + + test("cannot query users", async () => { + expect(i.queries).not.toContain("users"); + }); + + test("cannot create, update, or delete users", async () => { + expect(i).toHaveNoMutationsFor("users"); + }); + }); }); diff --git a/hasura.planx.uk/tests/utils.js b/hasura.planx.uk/tests/utils.js index c4d724d987..f0e5a4cdf0 100644 --- a/hasura.planx.uk/tests/utils.js +++ b/hasura.planx.uk/tests/utils.js @@ -83,6 +83,7 @@ const introspectAs = async (role, userId = undefined) => { public: gqlPublic, platformAdmin: gqlWithRole("platformAdmin", userId), teamEditor: gqlWithRole("teamEditor", userId), + api: gqlWithRole("api"), }[role] const INTROSPECTION_QUERY = ` query IntrospectionQuery {