Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

test(resource): cover self-service linked resource access

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 13:15:16 +02:00
parent 94ad3004b7
commit 01e5f273c6
1 changed files with 80 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/__tests__/resource-router-auth.test.ts
+80 -1
View File
@@ -1,5 +1,15 @@
import { SystemRole } from "@capakraken/shared"; import { SystemRole } from "@capakraken/shared";
import { describe, expect, it, vi } from "vitest"; import { beforeEach, describe, expect, it, vi } from "vitest";
vi.mock("../lib/anonymization.js", () => ({
anonymizeResource: vi.fn((resource: Record<string, unknown>) => resource),
anonymizeResources: vi.fn((resources: unknown[]) => resources),
anonymizeSearchMatches: vi.fn((matches: unknown[]) => matches),
getAnonymizationDirectory: vi.fn().mockResolvedValue(null),
resolveResourceIdsByDisplayedEids: vi.fn().mockResolvedValue(new Map()),
}));
import { anonymizeResource, getAnonymizationDirectory } from "../lib/anonymization.js";
import { resourceRouter } from "../router/resource.js"; import { resourceRouter } from "../router/resource.js";
import { createCallerFactory } from "../trpc.js"; import { createCallerFactory } from "../trpc.js";
@@ -33,6 +43,10 @@ function createContext(
} }
describe("resource router authorization", () => { describe("resource router authorization", () => {
beforeEach(() => {
vi.clearAllMocks();
});
it("requires authentication for chapter lookups", async () => { it("requires authentication for chapter lookups", async () => {
const findMany = vi.fn(); const findMany = vi.fn();
const caller = createCaller(createContext({ const caller = createCaller(createContext({
@@ -93,4 +107,69 @@ describe("resource router authorization", () => {
expect(findUnique).not.toHaveBeenCalled(); expect(findUnique).not.toHaveBeenCalled();
expect(update).not.toHaveBeenCalled(); expect(update).not.toHaveBeenCalled();
}); });
it("requires authentication for self-service resource lookups", async () => {
const findUnique = vi.fn();
const caller = createCaller(createContext({
user: {
findUnique,
},
}, { session: false }));
await expect(caller.getMyResource()).rejects.toMatchObject({
code: "UNAUTHORIZED",
message: "Authentication required",
});
expect(findUnique).not.toHaveBeenCalled();
});
it("returns null when the authenticated user has no linked resource", async () => {
const findUnique = vi.fn().mockResolvedValue({ resource: null });
const caller = createCaller(createContext({
user: {
findUnique,
},
}));
const result = await caller.getMyResource();
expect(result).toBeNull();
expect(findUnique).toHaveBeenCalledWith({
where: { email: "user@example.com" },
select: {
resource: {
select: {
id: true,
displayName: true,
eid: true,
chapter: true,
},
},
},
});
expect(getAnonymizationDirectory).toHaveBeenCalledOnce();
expect(anonymizeResource).not.toHaveBeenCalled();
});
it("returns the linked resource for authenticated self-service callers", async () => {
const resource = {
id: "res_1",
displayName: "Alice Example",
eid: "E-001",
chapter: "CGI",
};
const findUnique = vi.fn().mockResolvedValue({ resource });
const caller = createCaller(createContext({
user: {
findUnique,
},
}));
const result = await caller.getMyResource();
expect(result).toEqual(resource);
expect(getAnonymizationDirectory).toHaveBeenCalledOnce();
expect(anonymizeResource).toHaveBeenCalledWith(resource, null);
});
}); });