From 1c69441f1734e9a7fad6cbda6925bcb0f8276442 Mon Sep 17 00:00:00 2001
From: James <james@trbl.design>
Date: Mon, 4 Oct 2021 11:19:03 -0400
Subject: [PATCH] chore: adds tests for relationship population

---
 demo/collections/RelationshipB.ts           |  5 ++++
 src/collections/tests/relationships.spec.js | 32 +++++++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/demo/collections/RelationshipB.ts b/demo/collections/RelationshipB.ts
index 9b77ab92ea7..5adab1b05d4 100644
--- a/demo/collections/RelationshipB.ts
+++ b/demo/collections/RelationshipB.ts
@@ -33,6 +33,11 @@ const RelationshipB: CollectionConfig = {
       hasMany: true,
       relationTo: ['localized-posts', 'previewable-post'],
     },
+    {
+      name: 'strictAccess',
+      type: 'relationship',
+      relationTo: 'strict-access',
+    },
   ],
   timestamps: true,
 };
diff --git a/src/collections/tests/relationships.spec.js b/src/collections/tests/relationships.spec.js
index 41d96b0b25a..0259628e6c6 100644
--- a/src/collections/tests/relationships.spec.js
+++ b/src/collections/tests/relationships.spec.js
@@ -35,8 +35,23 @@ describe('Collections - REST', () => {
   describe('Relationships', () => {
     let documentA;
     let documentB;
+    let strictAccessDoc;
 
     beforeAll(async (done) => {
+      const strictAccessRes = await fetch(`${url}/api/strict-access`, {
+        body: JSON.stringify({
+          address: '123 Test Lane',
+          city: 'Grand Rapids',
+          state: 'MI',
+          zip: 49504,
+        }),
+        headers,
+        method: 'post',
+      });
+
+      const strictAccessJSON = await strictAccessRes.json();
+      strictAccessDoc = strictAccessJSON.doc;
+
       // create document a
       const createA = await fetch(`${url}/api/relationship-a`, {
         body: JSON.stringify({}),
@@ -48,6 +63,7 @@ describe('Collections - REST', () => {
       const createB = await fetch(`${url}/api/relationship-b`, {
         body: JSON.stringify({
           post: [createAData.doc.id],
+          strictAccess: strictAccessDoc.id,
         }),
         headers,
         method: 'post',
@@ -73,6 +89,22 @@ describe('Collections - REST', () => {
       expect(documentB.post).toHaveLength(1);
     });
 
+    it('should prevent an unauthorized population of strict access', async () => {
+      const response = await fetch(`${url}/api/relationship-b/${documentB.id}`);
+      const data = await response.json();
+
+      expect(data.strictAccess).toBeNull();
+    });
+
+    it('should populate strict access when authorized', async () => {
+      const response = await fetch(`${url}/api/relationship-b/${documentB.id}`, {
+        headers,
+      });
+
+      const data = await response.json();
+      expect(typeof data.strictAccess).toBe('object');
+    });
+
     it('should use depth to limit the number of relationships returned', async () => {
       const response = await fetch(`${url}/api/relationship-a?depth=3`, {
         headers,