busya/ss-tools
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
274510fc385f03c6d6706add54cb2dac95181db1
ss-tools/frontend/src/lib/auth/__tests__/permissions.test.js
busya 274510fc38 refactor(semantics): migrate legacy @TIER to @COMPLEXITY annotations 
- Replaced @TIER: TRIVIAL with @COMPLEXITY: 1
- Replaced @TIER: STANDARD with @COMPLEXITY: 3
- Replaced @TIER: CRITICAL with @COMPLEXITY: 5
- Manually elevated specific critical/complex components to levels 2 and 4
- Ignored legacy, specs, and node_modules directories
- Updated generated semantic map
2026-03-16 10:06:44 +03:00

103 lines
2.7 KiB
JavaScript
Raw Blame History

// [DEF:frontend.src.lib.auth.__tests__.permissions:Module]
// @COMPLEXITY: 3
// @SEMANTICS: tests, auth, permissions, rbac
// @PURPOSE: Verifies frontend RBAC permission parsing and access checks.
// @LAYER: UI (Tests)
// @RELATION: TESTS -> frontend/src/lib/auth/permissions.js
import { describe, it, expect } from "vitest";
import {
normalizePermissionRequirement,
isAdminUser,
hasPermission,
} from "../permissions.js";
describe("auth.permissions", () => {
it("normalizes resource-only requirement with default READ action", () => {
expect(normalizePermissionRequirement("admin:settings")).toEqual({
resource: "admin:settings",
action: "READ",
});
});
it("normalizes explicit resource:action requirement", () => {
expect(normalizePermissionRequirement("admin:settings:write")).toEqual({
resource: "admin:settings",
action: "WRITE",
});
});
it("detects admin role case-insensitively", () => {
const user = {
roles: [{ name: "ADMIN" }],
};
expect(isAdminUser(user)).toBe(true);
});
it("denies when user is absent and permission is required", () => {
expect(hasPermission(null, "tasks", "READ")).toBe(false);
});
it("grants when permission object matches resource and action", () => {
const user = {
roles: [
{
name: "Operator",
permissions: [{ resource: "tasks", action: "READ" }],
},
],
};
expect(hasPermission(user, "tasks", "READ")).toBe(true);
});
it("grants when requirement is provided as resource:action", () => {
const user = {
roles: [
{
name: "Operator",
permissions: [{ resource: "admin:settings", action: "READ" }],
},
],
};
expect(hasPermission(user, "admin:settings:READ")).toBe(true);
});
it("grants when string permission entry matches", () => {
const user = {
roles: [
{
name: "Operator",
permissions: ["plugin:migration:READ"],
},
],
};
expect(hasPermission(user, "plugin:migration", "READ")).toBe(true);
});
it("denies when action does not match", () => {
const user = {
roles: [
{
name: "Operator",
permissions: [{ resource: "tasks", action: "READ" }],
},
],
};
expect(hasPermission(user, "tasks", "WRITE")).toBe(false);
});
it("always grants for admin role regardless of explicit permissions", () => {
const adminUser = {
roles: [{ name: "Admin", permissions: [] }],
};
expect(hasPermission(adminUser, "admin:users", "READ")).toBe(true);
expect(hasPermission(adminUser, "plugin:migration", "EXECUTE")).toBe(true);
});
});
// [/DEF:frontend.src.lib.auth.__tests__.permissions:Module]
Reference in New Issue View Git Blame Copy Permalink