novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e8dffa4f0585a8ab105169e57b419275d347fb2d
novalon-website/src/lib/auth/check-permission.test.ts
T

166 lines
4.4 KiB
TypeScript
Raw Blame History

import { describe, it, expect, beforeEach, jest } from '@jest/globals';
import { checkPermission, requirePermission } from './check-permission';
jest.mock('../auth', () => ({
auth: jest.fn(),
}));
import { auth } from '../auth';
const mockAuth = auth as jest.MockedFunction<typeof auth>;
describe('check-permission', () => {
beforeEach(() => {
jest.clearAllMocks();
});
describe('checkPermission', () => {
it('should return allowed: false when no session', async () => {
mockAuth.mockResolvedValue(null as any);
const result = await checkPermission('content', 'read');
expect(result).toEqual({ allowed: false });
});
it('should return allowed: false when no user', async () => {
mockAuth.mockResolvedValue({} as any);
const result = await checkPermission('content', 'read');
expect(result).toEqual({ allowed: false });
});
it('should return allowed: true for admin with valid permission', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-1',
role: 'admin',
},
} as any);
const result = await checkPermission('content', 'create');
expect(result.allowed).toBe(true);
expect(result.userId).toBe('user-1');
expect(result.role).toBe('admin');
});
it('should return allowed: false for viewer with invalid permission', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-2',
role: 'viewer',
},
} as any);
const result = await checkPermission('content', 'create');
expect(result.allowed).toBe(false);
expect(result.userId).toBe('user-2');
expect(result.role).toBe('viewer');
});
it('should return allowed: true for editor with valid permission', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-3',
role: 'editor',
},
} as any);
const result = await checkPermission('content', 'update');
expect(result.allowed).toBe(true);
expect(result.userId).toBe('user-3');
expect(result.role).toBe('editor');
});
it('should return allowed: false for editor with delete permission', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-4',
role: 'editor',
},
} as any);
const result = await checkPermission('content', 'delete');
expect(result.allowed).toBe(false);
});
it('should handle different resources', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-5',
role: 'admin',
},
} as any);
const result = await checkPermission('users', 'delete');
expect(result.allowed).toBe(true);
});
});
describe('requirePermission', () => {
it('should throw error when no permission', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-6',
role: 'viewer',
},
} as any);
await expect(requirePermission('content', 'create')).rejects.toThrow('无权限执行此操作');
});
it('should return userId and role when has permission', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-7',
role: 'admin',
},
} as any);
const result = await requirePermission('content', 'create');
expect(result).toEqual({
userId: 'user-7',
role: 'admin',
});
});
it('should throw error when no session', async () => {
mockAuth.mockResolvedValue(null as any);
await expect(requirePermission('content', 'read')).rejects.toThrow('无权限执行此操作');
});
it('should allow editor to publish content', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-8',
role: 'editor',
},
} as any);
const result = await requirePermission('content', 'publish');
expect(result.userId).toBe('user-8');
expect(result.role).toBe('editor');
});
it('should deny viewer to update config', async () => {
mockAuth.mockResolvedValue({
user: {
id: 'user-9',
role: 'viewer',
},
} as any);
await expect(requirePermission('config', 'update')).rejects.toThrow('无权限执行此操作');
});
});
});
Reference in New Issue View Git Blame Copy Permalink