import { describe, it, expect, beforeEach, jest } from '@jest/globals'; import { checkPermission, requirePermission } from './check-permission'; jest.mock('../auth', () => ({ auth: jest.fn(), })); import { auth } from '../auth'; const mockAuth = auth as jest.MockedFunction; describe('check-permission', () => { beforeEach(() => { jest.clearAllMocks(); }); describe('checkPermission', () => { it('should return allowed: false when no session', async () => { mockAuth.mockResolvedValue(null as any); const result = await checkPermission('content', 'read'); expect(result).toEqual({ allowed: false }); }); it('should return allowed: false when no user', async () => { mockAuth.mockResolvedValue({} as any); const result = await checkPermission('content', 'read'); expect(result).toEqual({ allowed: false }); }); it('should return allowed: true for admin with valid permission', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-1', role: 'admin', }, } as any); const result = await checkPermission('content', 'create'); expect(result.allowed).toBe(true); expect(result.userId).toBe('user-1'); expect(result.role).toBe('admin'); }); it('should return allowed: false for viewer with invalid permission', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-2', role: 'viewer', }, } as any); const result = await checkPermission('content', 'create'); expect(result.allowed).toBe(false); expect(result.userId).toBe('user-2'); expect(result.role).toBe('viewer'); }); it('should return allowed: true for editor with valid permission', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-3', role: 'editor', }, } as any); const result = await checkPermission('content', 'update'); expect(result.allowed).toBe(true); expect(result.userId).toBe('user-3'); expect(result.role).toBe('editor'); }); it('should return allowed: false for editor with delete permission', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-4', role: 'editor', }, } as any); const result = await checkPermission('content', 'delete'); expect(result.allowed).toBe(false); }); it('should handle different resources', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-5', role: 'admin', }, } as any); const result = await checkPermission('users', 'delete'); expect(result.allowed).toBe(true); }); }); describe('requirePermission', () => { it('should throw error when no permission', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-6', role: 'viewer', }, } as any); await expect(requirePermission('content', 'create')).rejects.toThrow('无权限执行此操作'); }); it('should return userId and role when has permission', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-7', role: 'admin', }, } as any); const result = await requirePermission('content', 'create'); expect(result).toEqual({ userId: 'user-7', role: 'admin', }); }); it('should throw error when no session', async () => { mockAuth.mockResolvedValue(null as any); await expect(requirePermission('content', 'read')).rejects.toThrow('无权限执行此操作'); }); it('should allow editor to publish content', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-8', role: 'editor', }, } as any); const result = await requirePermission('content', 'publish'); expect(result.userId).toBe('user-8'); expect(result.role).toBe('editor'); }); it('should deny viewer to update config', async () => { mockAuth.mockResolvedValue({ user: { id: 'user-9', role: 'viewer', }, } as any); await expect(requirePermission('config', 'update')).rejects.toThrow('无权限执行此操作'); }); }); });