| ~/code/Patchrcloud @ Jaymacpro-2 (jaymassena)
| => npm test
patchrcloud@2.0.0 test /Users/jaymassena/Code/Patchrcloud
mocha --recursive --ui bdd --reporter spec
Patchr security rules
Root security
✓ nobody but worker can read database root
✓ nobody can write database root
Users
User writes
✓ user cannot be created without required keys
✓ user cannot be created with unknown key
✓ user cannot be created with garbage data
✓ user cannot be created for user who is not the current authenticated user
✓ user can only be created by current authenticated user
✓ user can only be updated by creator or worker
✓ user can only be deleted by creator or worker
User reads
✓ user can only be read by authenticated user or worker
Groups
Group writes
✓ group cannot be created without required keys
✓ group cannot be created with unknown key
✓ group cannot be created with garbage data
✓ group cannot be created if current user is not primary owner
✓ group can only be created by current authenticated user
✓ group can only be updated by group owner or worker
✓ group can only be deleted by worker
Group reads
✓ group can only be read by group members
Channels
Channel writes
✓ channel can only be created by group member or group owner
✓ channel cannot be created by group guest
✓ channel can only be updated by channel owner or worker
✓ channel can only be deleted by worker
✓ general channel cannot be deleted by anyone except worker
Channel reads
✓ open channel can only be read by group members and worker
✓ private channel can only be read by channel members and worker
Messages
Message writes
✓ messages can only be created by channel member
✓ messages can only be updated by message creator
✓ messages can only be deleted by message creator
✓ system message can be created on behalf of channel member
Message reactions
✓ jane can like and unlike her own message in private channel
✓ mary can like and unlike janes message in private channel
✓ tarzan cannot like janes message because he not a channel member
Message reads
✓ open channel messages can only be read by group members or worker
✓ private channel messages can only be read by channel members or worker
Invites
Invite writes
✓ non-worker cannot create invites
✓ worker can create invite from jane to mary
✓ cheeta is not group member and cannot update invite status
✓ tarzan is group member and can update jane's status for invite to mary
✓ tarzan is group member and cannot revert jane's status for invite to mary to pending
✓ jane is inviter and can revert janes status for invite to mary to pending
✓ only jane as the inviter can update the whole invite
✓ mary is group member and can accept the invite
✓ only jane as inviter can delete invite
Invite reads
✓ only jane or worker can read her invites for a group
Group Membership
Group membership writes
✓ jane as group owner can add herself to janetime as a member without invite
✓ cheeta cannot join treehouse using invite to janetime
✓ mary cannot join janetime using invite that has already been used
✓ mary cannot join janetime using invite with wrong role
✓ mary cannot join janetime using invite that does not exist
✓ mary can join janetime using valid invite
Group membership updates and deletes
✓ only worker, creator, group owner role can update membership
✓ only worker, creator, group owner role can update membership
Group membership reads
✓ only user or worker can read their group memberships
✓ only group member or worker can read user memberships for the group
✓ group guest cannot read user memberships for the group
Channel Membership
Public channel membership writes
✓ cheeta as non group member cannot join a public channel
✓ jane as group member can join a public channel
✓ tarzan as group member can join public channel using valid invite from jane
Private channel membership writes
✓ cheeta cannot join a private channel without invite
✓ jane as channel primary owner can join without invite
✓ mary cannot join private channel using invite to different channel
✓ mary cannot join private channel using invite that has already been used
✓ mary cannot join private channel as owner using invite
✓ mary cannot join private channel using invite that does not exist
✓ mary can join private channel using valid invite from jane
Channel membership updates and deletes
✓ only worker, creator, owner (group or channel) can update public channel membership
✓ only worker, creator, owner (group or channel) can delete public channel membership
✓ only worker, creator, owner (group or channel) can update private channel membership
✓ only worker, creator, owner (group or channel) can delete private channel membership
Channel membership reads
✓ only user or worker can read their channel memberships
✓ only group member or worker can read user memberships for a public channel
✓ only channel member or worker can read user memberships for a private channel
✓ group guest cannot read user memberships for the group
Operational
Client info security
✓ anyone can read client node
✓ nobody can write to client node
Counters security
✓ tarzan and worker can read tarzan unread count
✓ jane cannot read tarzans unread count
✓ tarzan and worker can write tarzan unread count
✓ tarzan cannot write garbage to unread count
✓ jane cannot write tarzan unread count
Installs security
✓ worker can read tarzans installs
✓ jane cannot read tarzans installs
✓ tarzan and worker can write tarzan installs
✓ tarzan cannot write garbage install
Queue root security
✓ only worker can read the queue
✓ only worker can read the queue
Queue invites security
✓ non group member cannot write group invite task to the invites queue
✓ only inviter can write invite task to the invites queue
✓ worker can remove invite task from the invites queue
Queue deletes security
✓ group owner can write channel delete task to the deletes queue
✓ channel owner can write channel delete task to the deletes queue
✓ non group or channel owner cannot write channel delete task to the deletes queue
✓ only group owner can write group delete task to the deletes queue
✓ worker can remove delete task from the deletes queue
Typing indicator security
✓ only typer, channel member and worker can write
✓ only channel member or worker can read typers for the channel
Unreads security
✓ only worker can create unreads
✓ only current user or worker can read their unreads
✓ only current user or worker can remove unreads
✓ only worker can clear unreads
| ~/code/Patchrcloud @ Jaymacpro-2 (jaymassena) | => firebase-bolt rules.bolt bolt: Generating rules.json...
| ~/code/Patchrcloud @ Jaymacpro-2 (jaymassena) | => npm test
Patchr security rules Root security ✓ nobody but worker can read database root ✓ nobody can write database root
Users User writes ✓ user cannot be created without required keys ✓ user cannot be created with unknown key ✓ user cannot be created with garbage data ✓ user cannot be created for user who is not the current authenticated user ✓ user can only be created by current authenticated user ✓ user can only be updated by creator or worker ✓ user can only be deleted by creator or worker User reads ✓ user can only be read by authenticated user or worker
Groups Group writes ✓ group cannot be created without required keys ✓ group cannot be created with unknown key ✓ group cannot be created with garbage data ✓ group cannot be created if current user is not primary owner ✓ group can only be created by current authenticated user ✓ group can only be updated by group owner or worker ✓ group can only be deleted by worker Group reads ✓ group can only be read by group members
Channels Channel writes ✓ channel can only be created by group member or group owner ✓ channel cannot be created by group guest ✓ channel can only be updated by channel owner or worker ✓ channel can only be deleted by worker ✓ general channel cannot be deleted by anyone except worker Channel reads ✓ open channel can only be read by group members and worker ✓ private channel can only be read by channel members and worker
Messages Message writes ✓ messages can only be created by channel member ✓ messages can only be updated by message creator ✓ messages can only be deleted by message creator ✓ system message can be created on behalf of channel member Message reactions ✓ jane can like and unlike her own message in private channel ✓ mary can like and unlike janes message in private channel ✓ tarzan cannot like janes message because he not a channel member Message reads ✓ open channel messages can only be read by group members or worker ✓ private channel messages can only be read by channel members or worker
Invites Invite writes ✓ non-worker cannot create invites ✓ worker can create invite from jane to mary ✓ cheeta is not group member and cannot update invite status ✓ tarzan is group member and can update jane's status for invite to mary ✓ tarzan is group member and cannot revert jane's status for invite to mary to pending ✓ jane is inviter and can revert janes status for invite to mary to pending ✓ only jane as the inviter can update the whole invite ✓ mary is group member and can accept the invite ✓ only jane as inviter can delete invite Invite reads ✓ only jane or worker can read her invites for a group
Group Membership Group membership writes ✓ jane as group owner can add herself to janetime as a member without invite ✓ cheeta cannot join treehouse using invite to janetime ✓ mary cannot join janetime using invite that has already been used ✓ mary cannot join janetime using invite with wrong role ✓ mary cannot join janetime using invite that does not exist ✓ mary can join janetime using valid invite Group membership updates and deletes ✓ only worker, creator, group owner role can update membership ✓ only worker, creator, group owner role can update membership Group membership reads ✓ only user or worker can read their group memberships ✓ only group member or worker can read user memberships for the group ✓ group guest cannot read user memberships for the group
Channel Membership Public channel membership writes ✓ cheeta as non group member cannot join a public channel ✓ jane as group member can join a public channel ✓ tarzan as group member can join public channel using valid invite from jane Private channel membership writes ✓ cheeta cannot join a private channel without invite ✓ jane as channel primary owner can join without invite ✓ mary cannot join private channel using invite to different channel ✓ mary cannot join private channel using invite that has already been used ✓ mary cannot join private channel as owner using invite ✓ mary cannot join private channel using invite that does not exist ✓ mary can join private channel using valid invite from jane Channel membership updates and deletes ✓ only worker, creator, owner (group or channel) can update public channel membership ✓ only worker, creator, owner (group or channel) can delete public channel membership ✓ only worker, creator, owner (group or channel) can update private channel membership ✓ only worker, creator, owner (group or channel) can delete private channel membership Channel membership reads ✓ only user or worker can read their channel memberships ✓ only group member or worker can read user memberships for a public channel ✓ only channel member or worker can read user memberships for a private channel ✓ group guest cannot read user memberships for the group
Operational Client info security ✓ anyone can read client node ✓ nobody can write to client node Counters security ✓ tarzan and worker can read tarzan unread count ✓ jane cannot read tarzans unread count ✓ tarzan and worker can write tarzan unread count ✓ tarzan cannot write garbage to unread count ✓ jane cannot write tarzan unread count Installs security ✓ worker can read tarzans installs ✓ jane cannot read tarzans installs ✓ tarzan and worker can write tarzan installs ✓ tarzan cannot write garbage install Queue root security ✓ only worker can read the queue ✓ only worker can read the queue Queue invites security ✓ non group member cannot write group invite task to the invites queue ✓ only inviter can write invite task to the invites queue ✓ worker can remove invite task from the invites queue Queue deletes security ✓ group owner can write channel delete task to the deletes queue ✓ channel owner can write channel delete task to the deletes queue ✓ non group or channel owner cannot write channel delete task to the deletes queue ✓ only group owner can write group delete task to the deletes queue ✓ worker can remove delete task from the deletes queue Typing indicator security ✓ only typer, channel member and worker can write ✓ only channel member or worker can read typers for the channel Unreads security ✓ only worker can create unreads ✓ only current user or worker can read their unreads ✓ only current user or worker can remove unreads ✓ only worker can clear unreads
100 passing (839ms)