2023-10-06 12:06:05 +03:00
|
|
|
import {expect, test} from '@playwright/test';
|
2023-11-23 15:59:48 +03:00
|
|
|
import {globalDataRequests} from '../utils/acceptance';
|
|
|
|
|
import {meWithRole, mockApi, responseFixtures} from '@tryghost/admin-x-framework/test/acceptance';
|
2023-10-06 12:06:05 +03:00
|
|
|
|
|
|
|
|
test.describe('User permissions', async () => {
|
|
|
|
|
test('Editors can only see users', async ({page}) => {
|
|
|
|
|
await mockApi({page, requests: {
|
|
|
|
|
...globalDataRequests,
|
|
|
|
|
browseMe: {...globalDataRequests.browseMe, response: meWithRole('Editor')},
|
|
|
|
|
browseUsers: {method: 'GET', path: '/users/?limit=100&include=roles', response: responseFixtures.users}
|
|
|
|
|
}});
|
|
|
|
|
|
|
|
|
|
await page.goto('/');
|
|
|
|
|
|
|
|
|
|
await expect(page.getByTestId('users')).toBeVisible();
|
|
|
|
|
await expect(page.getByTestId('sidebar')).toBeHidden();
|
|
|
|
|
await expect(page.getByTestId('title-and-description')).toBeHidden();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Authors can only see their own profile', async ({page}) => {
|
|
|
|
|
await mockApi({page, requests: {
|
|
|
|
|
...globalDataRequests,
|
|
|
|
|
browseMe: {...globalDataRequests.browseMe, response: meWithRole('Author')}
|
|
|
|
|
}});
|
|
|
|
|
|
|
|
|
|
await page.goto('/');
|
|
|
|
|
|
|
|
|
|
await expect(page.getByTestId('user-detail-modal')).toBeVisible();
|
|
|
|
|
await expect(page.getByTestId('sidebar')).toBeHidden();
|
|
|
|
|
await expect(page.getByTestId('users')).toBeHidden();
|
|
|
|
|
await expect(page.getByTestId('title-and-description')).toBeHidden();
|
|
|
|
|
|
|
|
|
|
expect(page.url()).toMatch(/\/owner$/);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Contributors can only see their own profile', async ({page}) => {
|
|
|
|
|
await mockApi({page, requests: {
|
|
|
|
|
...globalDataRequests,
|
|
|
|
|
browseMe: {...globalDataRequests.browseMe, response: meWithRole('Contributor')}
|
|
|
|
|
}});
|
|
|
|
|
|
|
|
|
|
await page.goto('/');
|
|
|
|
|
|
|
|
|
|
await expect(page.getByTestId('user-detail-modal')).toBeVisible();
|
|
|
|
|
await expect(page.getByTestId('sidebar')).toBeHidden();
|
|
|
|
|
await expect(page.getByTestId('users')).toBeHidden();
|
|
|
|
|
await expect(page.getByTestId('title-and-description')).toBeHidden();
|
|
|
|
|
|
|
|
|
|
expect(page.url()).toMatch(/\/owner$/);
|
|
|
|
|
});
|
|
|
|
|
});
|
