97 lines
2.5 KiB
TypeScript
97 lines
2.5 KiB
TypeScript
import { SystemRole } from "@capakraken/shared";
|
|
import { describe, expect, it, vi } from "vitest";
|
|
import { resourceRouter } from "../router/resource.js";
|
|
import { createCallerFactory } from "../trpc.js";
|
|
|
|
const createCaller = createCallerFactory(resourceRouter);
|
|
|
|
function createContext(
|
|
db: Record<string, unknown>,
|
|
options: {
|
|
role?: SystemRole;
|
|
session?: boolean;
|
|
} = {},
|
|
) {
|
|
const { role = SystemRole.USER, session = true } = options;
|
|
|
|
return {
|
|
session: session
|
|
? {
|
|
user: { email: "user@example.com", name: "User", image: null },
|
|
expires: "2099-01-01T00:00:00.000Z",
|
|
}
|
|
: null,
|
|
db: db as never,
|
|
dbUser: session
|
|
? {
|
|
id: role === SystemRole.MANAGER ? "user_mgr" : "user_1",
|
|
systemRole: role,
|
|
permissionOverrides: null,
|
|
}
|
|
: null,
|
|
};
|
|
}
|
|
|
|
describe("resource router authorization", () => {
|
|
it("requires authentication for chapter lookups", async () => {
|
|
const findMany = vi.fn();
|
|
const caller = createCaller(createContext({
|
|
resource: {
|
|
findMany,
|
|
},
|
|
}, { session: false }));
|
|
|
|
await expect(caller.chapters()).rejects.toMatchObject({
|
|
code: "UNAUTHORIZED",
|
|
message: "Authentication required",
|
|
});
|
|
|
|
expect(findMany).not.toHaveBeenCalled();
|
|
});
|
|
|
|
it("keeps chapter lookups available to authenticated users as safe lookup data", async () => {
|
|
const findMany = vi.fn().mockResolvedValue([
|
|
{ chapter: "Art Direction" },
|
|
{ chapter: "Project Management" },
|
|
]);
|
|
const caller = createCaller(createContext({
|
|
resource: {
|
|
findMany,
|
|
},
|
|
}));
|
|
|
|
const result = await caller.chapters();
|
|
|
|
expect(result).toEqual(["Art Direction", "Project Management"]);
|
|
expect(findMany).toHaveBeenCalledWith({
|
|
where: { isActive: true, chapter: { not: null } },
|
|
select: { chapter: true },
|
|
distinct: ["chapter"],
|
|
orderBy: { chapter: "asc" },
|
|
});
|
|
});
|
|
|
|
it("requires authentication for self-service skill matrix imports", async () => {
|
|
const findUnique = vi.fn();
|
|
const update = vi.fn();
|
|
const caller = createCaller(createContext({
|
|
user: {
|
|
findUnique,
|
|
},
|
|
resource: {
|
|
update,
|
|
},
|
|
}, { session: false }));
|
|
|
|
await expect(caller.importSkillMatrix({
|
|
skills: [{ skill: "Maya", proficiency: 4 }],
|
|
})).rejects.toMatchObject({
|
|
code: "UNAUTHORIZED",
|
|
message: "Authentication required",
|
|
});
|
|
|
|
expect(findUnique).not.toHaveBeenCalled();
|
|
expect(update).not.toHaveBeenCalled();
|
|
});
|
|
});
|