fix(api): harden user self-service and resource linking

2026-03-31 21:02:36 +02:00
parent e8c0d3c3eb
commit 99db52929f
24 changed files with 2882 additions and 38 deletions
@@ -0,0 +1,116 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { SystemRole } from "@capakraken/shared";
+
+vi.mock("@capakraken/application", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("@capakraken/application")>();
+  return {
+    ...actual,
+    getDashboardBudgetForecast: vi.fn().mockResolvedValue([]),
+    getDashboardPeakTimes: vi.fn().mockResolvedValue([]),
+    listAssignmentBookings: vi.fn().mockResolvedValue([]),
+  };
+});
+
+import { executeTool } from "../router/assistant-tools.js";
+import { createToolContext } from "./assistant-tools-user-admin-test-helpers.js";
+
+describe("assistant user admin tools resource linking", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("links a user to a resource for admin users and returns an invalidation action", async () => {
+    const userFindUnique = vi.fn().mockResolvedValue({ id: "user_1" });
+    const resourceFindUnique = vi.fn().mockResolvedValue({ id: "resource_1", userId: null });
+    const updateMany = vi.fn().mockResolvedValueOnce({ count: 1 }).mockResolvedValueOnce({ count: 1 });
+    const ctx = createToolContext(
+      {
+        user: {
+          findUnique: userFindUnique,
+        },
+        resource: {
+          findUnique: resourceFindUnique,
+          updateMany,
+        },
+      },
+      SystemRole.ADMIN,
+    );
+
+    const result = await executeTool(
+      "link_user_resource",
+      JSON.stringify({ userId: "user_1", resourceId: "resource_1" }),
+      ctx,
+    );
+
+    expect(result.action).toEqual({
+      type: "invalidate",
+      scope: ["user", "resource"],
+    });
+    expect(result.data).toEqual({
+      success: true,
+      message: "Linked user to resource.",
+    });
+    expect(userFindUnique).toHaveBeenCalledWith({
+      where: { id: "user_1" },
+      select: { id: true },
+    });
+    expect(resourceFindUnique).toHaveBeenCalledWith({
+      where: { id: "resource_1" },
+      select: { id: true, userId: true },
+    });
+    expect(updateMany).toHaveBeenNthCalledWith(1, {
+      where: {
+        userId: "user_1",
+        NOT: { id: "resource_1" },
+      },
+      data: { userId: null },
+    });
+    expect(updateMany).toHaveBeenNthCalledWith(2, {
+      where: {
+        id: "resource_1",
+        OR: [{ userId: null }, { userId: "user_1" }],
+      },
+      data: { userId: "user_1" },
+    });
+  });
+
+  it("unlinks a user resource for admin users and returns an invalidation action", async () => {
+    const userFindUnique = vi.fn().mockResolvedValue({ id: "user_1" });
+    const updateMany = vi.fn().mockResolvedValue({ count: 1 });
+    const ctx = createToolContext(
+      {
+        user: {
+          findUnique: userFindUnique,
+        },
+        resource: {
+          findUnique: vi.fn(),
+          updateMany,
+        },
+      },
+      SystemRole.ADMIN,
+    );
+
+    const result = await executeTool(
+      "link_user_resource",
+      JSON.stringify({ userId: "user_1", resourceId: null }),
+      ctx,
+    );
+
+    expect(result.action).toEqual({
+      type: "invalidate",
+      scope: ["user", "resource"],
+    });
+    expect(result.data).toEqual({
+      success: true,
+      message: "Unlinked user resource.",
+    });
+    expect(userFindUnique).toHaveBeenCalledWith({
+      where: { id: "user_1" },
+      select: { id: true },
+    });
+    expect(updateMany).toHaveBeenCalledWith({
+      where: { userId: "user_1" },
+      data: { userId: null },
+    });
+  });
+});