fix(api): harden user self-service and resource linking

2026-03-31 21:02:36 +02:00
parent e8c0d3c3eb
commit 99db52929f
24 changed files with 2882 additions and 38 deletions
@@ -0,0 +1,73 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { SystemRole } from "@capakraken/shared";
+
+vi.mock("@capakraken/application", async (importOriginal) => {
+  const actual = await importOriginal<typeof import("@capakraken/application")>();
+  return {
+    ...actual,
+    getDashboardBudgetForecast: vi.fn().mockResolvedValue([]),
+    getDashboardPeakTimes: vi.fn().mockResolvedValue([]),
+    listAssignmentBookings: vi.fn().mockResolvedValue([]),
+  };
+});
+
+import { executeTool } from "../router/assistant-tools.js";
+import { createToolContext } from "./assistant-tools-user-self-service-test-helpers.js";
+
+describe("assistant user self-service profile tools", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("reads the current user profile through the real user router path", async () => {
+    const db = {
+      user: {
+        findUnique: vi.fn().mockResolvedValue({
+          id: "user_1",
+          name: "Assistant User",
+          email: "assistant@example.com",
+          systemRole: SystemRole.ADMIN,
+          permissionOverrides: null,
+          createdAt: new Date("2026-03-28T10:00:00.000Z"),
+        }),
+      },
+    };
+    const ctx = createToolContext(db, SystemRole.ADMIN);
+
+    const result = await executeTool("get_current_user", "{}", ctx);
+
+    expect(db.user.findUnique).toHaveBeenCalledWith({
+      where: { id: "user_1" },
+      select: {
+        id: true,
+        name: true,
+        email: true,
+        systemRole: true,
+        permissionOverrides: true,
+        createdAt: true,
+      },
+    });
+    expect(JSON.parse(result.content)).toEqual({
+      id: "user_1",
+      name: "Assistant User",
+      email: "assistant@example.com",
+      systemRole: SystemRole.ADMIN,
+      permissionOverrides: null,
+      createdAt: "2026-03-28T10:00:00.000Z",
+    });
+  });
+
+  it("returns a stable error when reading the current user profile for a missing user", async () => {
+    const ctx = createToolContext({
+      user: {
+        findUnique: vi.fn().mockResolvedValue(null),
+      },
+    }, SystemRole.ADMIN);
+
+    const result = await executeTool("get_current_user", "{}", ctx);
+
+    expect(JSON.parse(result.content)).toEqual({
+      error: "User not found with the given criteria.",
+    });
+  });
+});