chore: adds tests for relationship population

payloadcms · Oct 4, 2021 · 1c69441 · 1c69441
1 parent a201109
commit 1c69441
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 0 deletions.
diff --git a/demo/collections/RelationshipB.ts b/demo/collections/RelationshipB.ts
@@ -33,6 +33,11 @@ const RelationshipB: CollectionConfig = {
       hasMany: true,
       relationTo: ['localized-posts', 'previewable-post'],
     },
+    {
+      name: 'strictAccess',
+      type: 'relationship',
+      relationTo: 'strict-access',
+    },
   ],
   timestamps: true,
 };

diff --git a/src/collections/tests/relationships.spec.js b/src/collections/tests/relationships.spec.js
@@ -35,8 +35,23 @@ describe('Collections - REST', () => {
   describe('Relationships', () => {
     let documentA;
     let documentB;
+    let strictAccessDoc;
 
     beforeAll(async (done) => {
+      const strictAccessRes = await fetch(`${url}/api/strict-access`, {
+        body: JSON.stringify({
+          address: '123 Test Lane',
+          city: 'Grand Rapids',
+          state: 'MI',
+          zip: 49504,
+        }),
+        headers,
+        method: 'post',
+      });
+
+      const strictAccessJSON = await strictAccessRes.json();
+      strictAccessDoc = strictAccessJSON.doc;
+
       // create document a
       const createA = await fetch(`${url}/api/relationship-a`, {
         body: JSON.stringify({}),
@@ -48,6 +63,7 @@ describe('Collections - REST', () => {
       const createB = await fetch(`${url}/api/relationship-b`, {
         body: JSON.stringify({
           post: [createAData.doc.id],
+          strictAccess: strictAccessDoc.id,
         }),
         headers,
         method: 'post',
@@ -73,6 +89,22 @@ describe('Collections - REST', () => {
       expect(documentB.post).toHaveLength(1);
     });
 
+    it('should prevent an unauthorized population of strict access', async () => {
+      const response = await fetch(`${url}/api/relationship-b/${documentB.id}`);
+      const data = await response.json();
+
+      expect(data.strictAccess).toBeNull();
+    });
+
+    it('should populate strict access when authorized', async () => {
+      const response = await fetch(`${url}/api/relationship-b/${documentB.id}`, {
+        headers,
+      });
+
+      const data = await response.json();
+      expect(typeof data.strictAccess).toBe('object');
+    });
+
     it('should use depth to limit the number of relationships returned', async () => {
       const response = await fetch(`${url}/api/relationship-a?depth=3`, {
         headers,