Marc Mintel
9ac74f5046
Some checks failed
CI / lint-typecheck (pull_request) Failing after 12s
CI / tests (pull_request) Has been skipped
CI / contract-tests (pull_request) Has been skipped
CI / e2e-tests (pull_request) Has been skipped
CI / comment-pr (pull_request) Has been skipped
CI / commit-types (pull_request) Has been skipped
211 lines
6.0 KiB
TypeScript
211 lines
6.0 KiB
TypeScript
import { describe, expect, it, vi, beforeEach, afterEach } from 'vitest';
|
|
import { ForbiddenException } from '@nestjs/common';
|
|
import { requireLeagueAdminOrOwner } from './LeagueAuthorization';
|
|
|
|
// Mock the auth module
|
|
vi.mock('../auth/getActorFromRequestContext', () => ({
|
|
getActorFromRequestContext: vi.fn(),
|
|
}));
|
|
|
|
import { getActorFromRequestContext } from '../auth/getActorFromRequestContext';
|
|
|
|
describe('requireLeagueAdminOrOwner', () => {
|
|
const mockGetActorFromRequestContext = vi.mocked(getActorFromRequestContext);
|
|
const mockGetLeagueAdminPermissionsUseCase = {
|
|
execute: vi.fn(),
|
|
};
|
|
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
});
|
|
|
|
afterEach(() => {
|
|
vi.restoreAllMocks();
|
|
});
|
|
|
|
it('should allow access for demo session role "league-admin"', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'league-admin',
|
|
});
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should allow access for demo session role "league-owner"', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'league-owner',
|
|
});
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should allow access for demo session role "super-admin"', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'super-admin',
|
|
});
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should allow access for demo session role "system-owner"', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'system-owner',
|
|
});
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it('should check permissions for non-demo roles', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'user',
|
|
});
|
|
|
|
const mockResult = {
|
|
isErr: () => false,
|
|
};
|
|
|
|
mockGetLeagueAdminPermissionsUseCase.execute.mockResolvedValue(mockResult);
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).toHaveBeenCalledWith({
|
|
leagueId: 'league-123',
|
|
performerDriverId: 'driver-123',
|
|
});
|
|
});
|
|
|
|
it('should throw ForbiddenException when permission check fails', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'user',
|
|
});
|
|
|
|
const mockResult = {
|
|
isErr: () => true,
|
|
};
|
|
|
|
mockGetLeagueAdminPermissionsUseCase.execute.mockResolvedValue(mockResult);
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).rejects.toThrow(ForbiddenException);
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).toHaveBeenCalledWith({
|
|
leagueId: 'league-123',
|
|
performerDriverId: 'driver-123',
|
|
});
|
|
});
|
|
|
|
it('should throw ForbiddenException with correct message', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'user',
|
|
});
|
|
|
|
const mockResult = {
|
|
isErr: () => true,
|
|
};
|
|
|
|
mockGetLeagueAdminPermissionsUseCase.execute.mockResolvedValue(mockResult);
|
|
|
|
try {
|
|
await requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase);
|
|
expect(true).toBe(false); // Should not reach here
|
|
} catch (error: any) {
|
|
expect(error).toBeInstanceOf(ForbiddenException);
|
|
expect(error.message).toBe('Forbidden');
|
|
}
|
|
});
|
|
|
|
it('should handle different league IDs', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: 'user',
|
|
});
|
|
|
|
const mockResult = {
|
|
isErr: () => false,
|
|
};
|
|
|
|
mockGetLeagueAdminPermissionsUseCase.execute.mockResolvedValue(mockResult);
|
|
|
|
await requireLeagueAdminOrOwner('league-456', mockGetLeagueAdminPermissionsUseCase);
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).toHaveBeenCalledWith({
|
|
leagueId: 'league-456',
|
|
performerDriverId: 'driver-123',
|
|
});
|
|
});
|
|
|
|
it('should handle actor without role', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: undefined,
|
|
});
|
|
|
|
const mockResult = {
|
|
isErr: () => false,
|
|
};
|
|
|
|
mockGetLeagueAdminPermissionsUseCase.execute.mockResolvedValue(mockResult);
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).toHaveBeenCalled();
|
|
});
|
|
|
|
it('should handle actor with null role', async () => {
|
|
mockGetActorFromRequestContext.mockReturnValue({
|
|
userId: 'user-123',
|
|
driverId: 'driver-123',
|
|
role: undefined,
|
|
});
|
|
|
|
const mockResult = {
|
|
isErr: () => false,
|
|
};
|
|
|
|
mockGetLeagueAdminPermissionsUseCase.execute.mockResolvedValue(mockResult);
|
|
|
|
await expect(
|
|
requireLeagueAdminOrOwner('league-123', mockGetLeagueAdminPermissionsUseCase)
|
|
).resolves.not.toThrow();
|
|
|
|
expect(mockGetLeagueAdminPermissionsUseCase.execute).toHaveBeenCalled();
|
|
});
|
|
});
|