forked from keystonejs/keystone
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample.test.ts
More file actions
129 lines (118 loc) · 4.56 KB
/
example.test.ts
File metadata and controls
129 lines (118 loc) · 4.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
import path from 'path';
import { resetDatabase } from '@keystone-6/core/testing';
import { getContext } from '@keystone-6/core/context';
import baseConfig from './keystone';
import * as PrismaModule from '.prisma/client';
const dbUrl = `file:./test-${process.env.JEST_WORKER_ID}.db`;
const prismaSchemaPath = path.join(__dirname, 'schema.prisma');
const config = { ...baseConfig, db: { ...baseConfig.db, url: dbUrl } };
const context = getContext(config, PrismaModule);
beforeEach(async () => {
await resetDatabase(dbUrl, prismaSchemaPath);
});
test('Create a Person using the Query API', async () => {
// We can use the context argument provided by the test runner to access
// the full context API.
const person = await context.query.Person.createOne({
data: { name: 'Alice', email: 'alice@example.com', password: 'super-secret' },
query: 'id name email password { isSet }',
});
expect(person.name).toEqual('Alice');
expect(person.email).toEqual('alice@example.com');
expect(person.password.isSet).toEqual(true);
});
test('Check that trying to create user with no name (required field) fails', async () => {
// The context.graphql.raw API is useful when we expect to recieve an
// error from an operation.
const { data, errors } = (await context.graphql.raw({
query: `mutation {
createPerson(data: { email: "alice@example.com", password: "super-secret" }) {
id name email password { isSet }
}
}`,
})) as any;
expect(data!.createPerson).toBe(null);
expect(errors).toHaveLength(1);
expect(errors![0].path).toEqual(['createPerson']);
expect(errors![0].message).toEqual(
'You provided invalid data for this operation.\n - Person.name: Name must not be empty'
);
});
test('Check access control by running updateTask as a specific user via context.withSession()', async () => {
// We can modify the value of context.session via context.withSession() to masquerade
// as different logged in users. This allows us to test that our access control rules
// are behaving as expected.
// Create some users
const [alice, bob] = await context.query.Person.createMany({
data: [
{ name: 'Alice', email: 'alice@example.com', password: 'super-secret' },
{ name: 'Bob', email: 'bob@example.com', password: 'super-secret' },
],
query: 'id name',
});
expect(alice.name).toEqual('Alice');
expect(bob.name).toEqual('Bob');
// Create a task assigned to Alice
const task = await context.query.Task.createOne({
data: {
label: 'Experiment with Keystone',
priority: 'high',
isComplete: false,
assignedTo: { connect: { id: alice.id } },
},
query: 'id label priority isComplete assignedTo { name }',
});
expect(task.label).toEqual('Experiment with Keystone');
expect(task.priority).toEqual('high');
expect(task.isComplete).toEqual(false);
expect(task.assignedTo.name).toEqual('Alice');
// Check that we can't update the task (not logged in)
{
const { data, errors } = (await context.graphql.raw({
query: `mutation update($id: ID!) {
updateTask(where: { id: $id }, data: { isComplete: true }) {
id
}
}`,
variables: { id: task.id },
})) as any;
expect(data!.updateTask).toBe(null);
expect(errors).toHaveLength(1);
expect(errors![0].path).toEqual(['updateTask']);
expect(errors![0].message).toEqual(
`Access denied: You cannot update that Task - it may not exist`
);
}
{
// Check that we can update the task when logged in as Alice
const { data, errors } = (await context
.withSession({ itemId: alice.id, data: {} })
.graphql.raw({
query: `mutation update($id: ID!) {
updateTask(where: { id: $id }, data: { isComplete: true }) {
id
}
}`,
variables: { id: task.id },
})) as any;
expect(data!.updateTask.id).toEqual(task.id);
expect(errors).toBe(undefined);
}
// Check that we can't update the task when logged in as Bob
{
const { data, errors } = (await context.withSession({ itemId: bob.id, data: {} }).graphql.raw({
query: `mutation update($id: ID!) {
updateTask(where: { id: $id }, data: { isComplete: true }) {
id
}
}`,
variables: { id: task.id },
})) as any;
expect(data!.updateTask).toBe(null);
expect(errors).toHaveLength(1);
expect(errors![0].path).toEqual(['updateTask']);
expect(errors![0].message).toEqual(
`Access denied: You cannot update that Task - it may not exist`
);
}
});