Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(staffing): enforce planning and cost audiences

Browse Source
This commit is contained in:
Hartmut Nörenberg
2026-03-30 09:36:38 +02:00
parent a960d43ed1
commit 3aac946443
4 changed files with 248 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/api/src/__tests__/assistant-router.test.ts
+31 -1
View File
@@ -208,8 +208,12 @@ describe("assistant router tool gating", () => {
});
it("hides advanced tools unless the dedicated assistant permission is granted", () => {
const withoutAdvanced = getToolNames([PermissionKey.VIEW_COSTS]);
const withoutAdvanced = getToolNames([
PermissionKey.VIEW_PLANNING,
PermissionKey.VIEW_COSTS,
]);
const withAdvanced = getToolNames([
PermissionKey.VIEW_PLANNING,
PermissionKey.VIEW_COSTS,
PermissionKey.USE_ASSISTANT_ADVANCED_TOOLS,
]);
@@ -382,9 +386,35 @@ describe("assistant router tool gating", () => {
expect(userWithoutPlanning).not.toContain("list_allocations");
expect(userWithoutPlanning).not.toContain("list_demands");
expect(userWithoutPlanning).not.toContain("check_resource_availability");
expect(userWithoutPlanning).not.toContain("find_capacity");
expect(userWithoutPlanning).not.toContain("get_staffing_suggestions");
expect(userWithoutPlanning).not.toContain("find_best_project_resource");
expect(userWithPlanning).toContain("list_allocations");
expect(userWithPlanning).toContain("list_demands");
expect(userWithPlanning).toContain("check_resource_availability");
expect(userWithPlanning).toContain("find_capacity");
expect(userWithPlanning).not.toContain("get_staffing_suggestions");
expect(userWithPlanning).not.toContain("find_best_project_resource");
});
it("keeps cost-aware staffing assistant tools behind cost and advanced gates", () => {
const planningOnly = getToolNames([PermissionKey.VIEW_PLANNING], SystemRole.USER);
const planningAndCosts = getToolNames([
PermissionKey.VIEW_PLANNING,
PermissionKey.VIEW_COSTS,
], SystemRole.USER);
const planningCostsAndAdvanced = getToolNames([
PermissionKey.VIEW_PLANNING,
PermissionKey.VIEW_COSTS,
PermissionKey.USE_ASSISTANT_ADVANCED_TOOLS,
], SystemRole.USER);
expect(planningOnly).not.toContain("get_staffing_suggestions");
expect(planningOnly).not.toContain("find_best_project_resource");
expect(planningAndCosts).toContain("get_staffing_suggestions");
expect(planningAndCosts).not.toContain("find_best_project_resource");
expect(planningCostsAndAdvanced).toContain("get_staffing_suggestions");
expect(planningCostsAndAdvanced).toContain("find_best_project_resource");
});
it("keeps controller-only project and dashboard reads hidden from plain users", () => {