@declaro/data 2.0.0-beta.9 → 2.0.0-beta.91

package/src/application/model-controller.test.ts

@@ -0,0 +1,488 @@
+import { AuthValidator, getMockAuthSession, mockAuthConfig, MockAuthService } from '@declaro/auth'
+import { EventManager, PermissionError } from '@declaro/core'
+import { beforeEach, describe, expect, it } from 'bun:test'
+import { ModelService } from '../domain/services/model-service'
+import { MockBookSchema } from '../test/mock/models/mock-book-models'
+import { MockMemoryRepository } from '../test/mock/repositories/mock-memory-repository'
+import { ModelController } from './model-controller'
+
+describe('ModelController', () => {
+    const namespace = 'books'
+    const mockSchema = MockBookSchema
+    const authService = new MockAuthService(mockAuthConfig)
+
+    let repository: MockMemoryRepository<typeof mockSchema>
+    let service: ModelService<typeof mockSchema>
+    let authValidator: AuthValidator
+    let invalidAuthValidator: AuthValidator
+    let readAuthValidator: AuthValidator
+
+    beforeEach(() => {
+        repository = new MockMemoryRepository({ schema: mockSchema })
+        authValidator = new AuthValidator(
+            getMockAuthSession({
+                claims: ['books::book.write:all'],
+            }),
+            authService,
+        )
+        invalidAuthValidator = new AuthValidator(
+            getMockAuthSession({
+                claims: ['authors::author.write:all'],
+            }),
+            authService,
+        )
+        readAuthValidator = new AuthValidator(
+            getMockAuthSession({
+                claims: ['books::book.read:all'],
+            }),
+            authService,
+        )
+        service = new ModelService({
+            repository,
+            emitter: new EventManager(),
+            schema: mockSchema,
+            namespace,
+        })
+    })
+
+    it('should create a record if permissions are valid', async () => {
+        const controller = new ModelController(service, authValidator)
+
+        const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+        const record = await controller.create(input)
+
+        expect(record).toEqual(input)
+    })
+
+    it('should throw PermissionError if permissions are invalid for create', async () => {
+        const controller = new ModelController(service, invalidAuthValidator)
+
+        const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+        await expect(controller.create(input)).rejects.toThrow(PermissionError)
+    })
+
+    it('should update a record if permissions are valid', async () => {
+        const controller = new ModelController(service, authValidator)
+
+        const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+        await repository.create(input)
+
+        const updatedInput = { title: 'Updated Title', author: 'Updated Author', publishedDate: new Date() }
+        const updatedRecord = await controller.update({ id: 42 }, updatedInput)
+
+        expect(updatedRecord).toEqual({ id: 42, ...updatedInput })
+    })
+
+    it('should throw PermissionError if permissions are invalid for update', async () => {
+        const controller = new ModelController(service, invalidAuthValidator)
+
+        const updatedInput = { title: 'Updated Title', author: 'Updated Author', publishedDate: new Date() }
+        await expect(controller.update({ id: 42 }, updatedInput)).rejects.toThrow(PermissionError)
+    })
+
+    it('should remove a record if permissions are valid', async () => {
+        const controller = new ModelController(service, authValidator)
+
+        const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+        await repository.create(input)
+
+        const removedRecord = await controller.remove({ id: 42 })
+
+        expect(removedRecord).toEqual(input)
+    })
+
+    it('should throw PermissionError if permissions are invalid for remove', async () => {
+        const controller = new ModelController(service, invalidAuthValidator)
+
+        await expect(controller.remove({ id: 42 })).rejects.toThrow(PermissionError)
+    })
+
+    it('should restore a record if permissions are valid', async () => {
+        const controller = new ModelController(service, authValidator)
+
+        const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+        await repository.create(input)
+        await service.remove({ id: 42 })
+
+        const restoredRecord = await controller.restore({ id: 42 })
+
+        expect(restoredRecord).toEqual(input)
+    })
+
+    it('should throw PermissionError if permissions are invalid for restore', async () => {
+        const controller = new ModelController(service, invalidAuthValidator)
+
+        await expect(controller.restore({ id: 42 })).rejects.toThrow(PermissionError)
+    })
+
+    // Test inherited search functionality from ReadOnlyModelController
+    it('should search records with pagination and sorting', async () => {
+        const controller = new ModelController(service, readAuthValidator)
+
+        // Create test data
+        const books = [
+            { id: 1, title: 'Book A', author: 'Author 1', publishedDate: new Date('2020-01-01') },
+            { id: 2, title: 'Book B', author: 'Author 2', publishedDate: new Date('2021-01-01') },
+            { id: 3, title: 'Book C', author: 'Author 3', publishedDate: new Date('2022-01-01') },
+        ]
+
+        for (const book of books) {
+            await repository.create(book)
+        }
+
+        // Test search with pagination
+        const paginatedResult = await controller.search(
+            {},
+            {
+                pagination: { page: 1, pageSize: 2 },
+            },
+        )
+
+        expect(paginatedResult.results).toHaveLength(2)
+        expect(paginatedResult.pagination.total).toBe(3)
+        expect(paginatedResult.pagination.page).toBe(1)
+        expect(paginatedResult.pagination.pageSize).toBe(2)
+
+        // Test search with sorting
+        const sortedResult = await controller.search(
+            {},
+            {
+                sort: [{ title: 'desc' }],
+            },
+        )
+
+        expect(sortedResult.results).toHaveLength(3)
+        expect(sortedResult.results[0].title).toBe('Book C')
+        expect(sortedResult.results[1].title).toBe('Book B')
+        expect(sortedResult.results[2].title).toBe('Book A')
+
+        // Test search with both pagination and sorting
+        const combinedResult = await controller.search(
+            {},
+            {
+                pagination: { page: 1, pageSize: 1 },
+                sort: [{ title: 'desc' }],
+            },
+        )
+
+        expect(combinedResult.results).toHaveLength(1)
+        expect(combinedResult.results[0].title).toBe('Book C')
+        expect(combinedResult.pagination.total).toBe(3)
+    })
+
+    it('should search records with filters', async () => {
+        // Create a repository with a custom filter function for search
+        const repositoryWithFilter = new MockMemoryRepository({
+            schema: mockSchema,
+            filter: (data, filters) => {
+                if (filters.text) {
+                    return data.title.toLowerCase().includes(filters.text.toLowerCase())
+                }
+                return true
+            },
+        })
+
+        const serviceWithFilter = new ModelService({
+            repository: repositoryWithFilter,
+            emitter: new EventManager(),
+            schema: mockSchema,
+            namespace,
+        })
+
+        const controller = new ModelController(serviceWithFilter, readAuthValidator)
+
+        // Create test data
+        const books = [
+            { id: 1, title: 'Test Book', author: 'Author 1', publishedDate: new Date('2020-01-01') },
+            { id: 2, title: 'Another Book', author: 'Author 2', publishedDate: new Date('2021-01-01') },
+        ]
+
+        for (const book of books) {
+            await repositoryWithFilter.create(book)
+        }
+
+        // Test search with filter
+        const filteredResult = await controller.search({ text: 'Test' })
+
+        expect(filteredResult.results).toHaveLength(1)
+        expect(filteredResult.results[0].title).toBe('Test Book')
+    })
+
+    it('should upsert a record if permissions are valid', async () => {
+        const controller = new ModelController(service, authValidator)
+
+        // Test creating a new record via upsert
+        const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+        const upsertedRecord = await controller.upsert(input)
+
+        expect(upsertedRecord).toEqual(input)
+
+        // Test updating an existing record via upsert
+        const updateInput = { id: 42, title: 'Updated Book', author: 'Updated Author', publishedDate: new Date() }
+        const updatedRecord = await controller.upsert(updateInput)
+
+        expect(updatedRecord).toEqual(updateInput)
+    })
+
+    it('should throw PermissionError if permissions are invalid for upsert', async () => {
+        const controller = new ModelController(service, invalidAuthValidator)
+
+        const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+
+        await expect(controller.upsert(input)).rejects.toThrow(PermissionError)
+    })
+
+    it('should bulk upsert records if permissions are valid', async () => {
+        const controller = new ModelController(service, authValidator)
+
+        const inputs = [
+            { id: 1, title: 'Book 1', author: 'Author 1', publishedDate: new Date() },
+            { id: 2, title: 'Book 2', author: 'Author 2', publishedDate: new Date() },
+        ]
+
+        const upsertedRecords = await controller.bulkUpsert(inputs)
+
+        expect(upsertedRecords).toHaveLength(2)
+        expect(upsertedRecords).toEqual(inputs)
+
+        // Test updating existing records via bulk upsert
+        const updateInputs = [
+            { id: 1, title: 'Updated Book 1', author: 'Updated Author 1', publishedDate: new Date() },
+            { id: 2, title: 'Updated Book 2', author: 'Updated Author 2', publishedDate: new Date() },
+        ]
+
+        const updatedRecords = await controller.bulkUpsert(updateInputs)
+
+        expect(updatedRecords).toHaveLength(2)
+        expect(updatedRecords).toEqual(updateInputs)
+    })
+
+    it('should throw PermissionError if permissions are invalid for bulkUpsert', async () => {
+        const controller = new ModelController(service, invalidAuthValidator)
+
+        const inputs = [
+            { id: 1, title: 'Book 1', author: 'Author 1', publishedDate: new Date() },
+            { id: 2, title: 'Book 2', author: 'Author 2', publishedDate: new Date() },
+        ]
+
+        await expect(controller.bulkUpsert(inputs)).rejects.toThrow(PermissionError)
+    })
+
+    describe('upsert and bulkUpsert permission logic', () => {
+        it('should allow upsert with create AND update permissions', async () => {
+            const createUpdateValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.create:all', 'books::book.update:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, createUpdateValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+            const upsertedRecord = await controller.upsert(input)
+
+            expect(upsertedRecord).toEqual(input)
+        })
+
+        it('should allow bulkUpsert with create AND update permissions', async () => {
+            const createUpdateValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.create:all', 'books::book.update:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, createUpdateValidator)
+
+            const inputs = [
+                { id: 1, title: 'Book 1', author: 'Author 1', publishedDate: new Date() },
+                { id: 2, title: 'Book 2', author: 'Author 2', publishedDate: new Date() },
+            ]
+
+            const upsertedRecords = await controller.bulkUpsert(inputs)
+
+            expect(upsertedRecords).toEqual(inputs)
+        })
+
+        it('should reject upsert with only create permission', async () => {
+            const createOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.create:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, createOnlyValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+
+            await expect(controller.upsert(input)).rejects.toThrow(PermissionError)
+        })
+
+        it('should reject upsert with only update permission', async () => {
+            const updateOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.update:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, updateOnlyValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+
+            await expect(controller.upsert(input)).rejects.toThrow(PermissionError)
+        })
+
+        it('should reject bulkUpsert with only create permission', async () => {
+            const createOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.create:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, createOnlyValidator)
+
+            const inputs = [
+                { id: 1, title: 'Book 1', author: 'Author 1', publishedDate: new Date() },
+                { id: 2, title: 'Book 2', author: 'Author 2', publishedDate: new Date() },
+            ]
+
+            await expect(controller.bulkUpsert(inputs)).rejects.toThrow(PermissionError)
+        })
+
+        it('should reject bulkUpsert with only update permission', async () => {
+            const updateOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.update:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, updateOnlyValidator)
+
+            const inputs = [
+                { id: 1, title: 'Book 1', author: 'Author 1', publishedDate: new Date() },
+                { id: 2, title: 'Book 2', author: 'Author 2', publishedDate: new Date() },
+            ]
+
+            await expect(controller.bulkUpsert(inputs)).rejects.toThrow(PermissionError)
+        })
+
+        it('should allow upsert and bulkUpsert with write permission', async () => {
+            // This is already tested in the main tests, but including here for completeness
+            const controller = new ModelController(service, authValidator) // authValidator has write:all
+
+            // Test upsert
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+            const upsertedRecord = await controller.upsert(input)
+            expect(upsertedRecord).toEqual(input)
+
+            // Test bulkUpsert
+            const inputs = [
+                { id: 1, title: 'Book 1', author: 'Author 1', publishedDate: new Date() },
+                { id: 2, title: 'Book 2', author: 'Author 2', publishedDate: new Date() },
+            ]
+            const upsertedRecords = await controller.bulkUpsert(inputs)
+            expect(upsertedRecords).toEqual(inputs)
+        })
+    })
+
+    describe('granular permission testing', () => {
+        it('should allow create with specific create permission', async () => {
+            const createOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.create:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, createOnlyValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+            const record = await controller.create(input)
+
+            expect(record).toEqual(input)
+        })
+
+        it('should allow update with specific update permission', async () => {
+            const updateOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.update:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, updateOnlyValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+            await repository.create(input)
+
+            const updatedInput = { title: 'Updated Title', author: 'Updated Author', publishedDate: new Date() }
+            const updatedRecord = await controller.update({ id: 42 }, updatedInput)
+
+            expect(updatedRecord).toEqual({ id: 42, ...updatedInput })
+        })
+
+        it('should allow remove with specific remove permission', async () => {
+            const removeOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.remove:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, removeOnlyValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+            await repository.create(input)
+
+            const removedRecord = await controller.remove({ id: 42 })
+
+            expect(removedRecord).toEqual(input)
+        })
+
+        it('should allow restore with specific restore permission', async () => {
+            const restoreOnlyValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::book.restore:all'],
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, restoreOnlyValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+            await repository.create(input)
+            await service.remove({ id: 42 })
+
+            const restoredRecord = await controller.restore({ id: 42 })
+
+            expect(restoredRecord).toEqual(input)
+        })
+
+        it('should reject operations with wrong namespace permissions', async () => {
+            const wrongNamespaceValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['users::user.write:all'], // Wrong namespace
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, wrongNamespaceValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+
+            await expect(controller.create(input)).rejects.toThrow(PermissionError)
+            await expect(controller.upsert(input)).rejects.toThrow(PermissionError)
+            await expect(controller.bulkUpsert([input])).rejects.toThrow(PermissionError)
+        })
+
+        it('should reject operations with wrong resource permissions', async () => {
+            const wrongResourceValidator = new AuthValidator(
+                getMockAuthSession({
+                    claims: ['books::author.write:all'], // Wrong resource
+                }),
+                authService,
+            )
+            const controller = new ModelController(service, wrongResourceValidator)
+
+            const input = { id: 42, title: 'Test Book', author: 'Author Name', publishedDate: new Date() }
+
+            await expect(controller.create(input)).rejects.toThrow(PermissionError)
+            await expect(controller.upsert(input)).rejects.toThrow(PermissionError)
+            await expect(controller.bulkUpsert([input])).rejects.toThrow(PermissionError)
+        })
+    })
+})

package/src/application/model-controller.ts

@@ -0,0 +1,92 @@
+import type { AuthValidator } from '@declaro/auth'
+import { PermissionValidator, type AnyModelSchema } from '@declaro/core'
+import type { ModelService, ICreateOptions, IUpdateOptions } from '../domain/services/model-service'
+import type { InferDetail, InferInput, InferLookup, InferSummary } from '../shared/utils/schema-inference'
+import { ReadOnlyModelController } from './read-only-model-controller'
+
+export class ModelController<TSchema extends AnyModelSchema> extends ReadOnlyModelController<TSchema> {
+    constructor(protected readonly service: ModelService<TSchema>, protected readonly authValidator: AuthValidator) {
+        super(service, authValidator)
+    }
+
+    async create(input: InferInput<TSchema>): Promise<InferDetail<TSchema>> {
+        this.authValidator.validatePermissions((v) =>
+            v.someOf([
+                this.service.getDescriptor('create', '*').toString(),
+                this.service.getDescriptor('write', '*').toString(),
+            ]),
+        )
+        return this.service.create(input)
+    }
+
+    async update(lookup: InferLookup<TSchema>, input: InferInput<TSchema>): Promise<InferDetail<TSchema>> {
+        this.authValidator.validatePermissions((v) =>
+            v.someOf([
+                this.service.getDescriptor('update', '*').toString(),
+                this.service.getDescriptor('write', '*').toString(),
+            ]),
+        )
+        return this.service.update(lookup, input)
+    }
+
+    async remove(lookup: InferLookup<TSchema>): Promise<InferSummary<TSchema>> {
+        this.authValidator.validatePermissions((v) =>
+            v.someOf([
+                this.service.getDescriptor('remove', '*').toString(),
+                this.service.getDescriptor('write', '*').toString(),
+            ]),
+        )
+        return this.service.remove(lookup)
+    }
+
+    async restore(lookup: InferLookup<TSchema>): Promise<InferSummary<TSchema>> {
+        this.authValidator.validatePermissions((v) =>
+            v.someOf([
+                this.service.getDescriptor('restore', '*').toString(),
+                this.service.getDescriptor('write', '*').toString(),
+            ]),
+        )
+        return this.service.restore(lookup)
+    }
+
+    /**
+     * Upserts a record (creates if it doesn't exist, updates if it does).
+     * @param input The input data for the upsert operation.
+     * @param options Optional create or update options.
+     * @returns The upserted record.
+     */
+    async upsert(input: InferInput<TSchema>, options?: ICreateOptions | IUpdateOptions): Promise<InferDetail<TSchema>> {
+        // Create nested validator for (create AND update) permissions
+        const createAndUpdateValidator = PermissionValidator.create().allOf([
+            this.service.getDescriptor('create', '*').toString(),
+            this.service.getDescriptor('update', '*').toString(),
+        ])
+
+        this.authValidator.validatePermissions((v) =>
+            v.someOf([createAndUpdateValidator, this.service.getDescriptor('write', '*').toString()]),
+        )
+        return this.service.upsert(input, options)
+    }
+
+    /**
+     * Bulk upserts multiple records (creates if they don't exist, updates if they do).
+     * @param inputs Array of input data for the bulk upsert operation.
+     * @param options Optional create or update options.
+     * @returns Array of upserted records.
+     */
+    async bulkUpsert(
+        inputs: InferInput<TSchema>[],
+        options?: ICreateOptions | IUpdateOptions,
+    ): Promise<InferDetail<TSchema>[]> {
+        // Create nested validator for (create AND update) permissions
+        const createAndUpdateValidator = PermissionValidator.create().allOf([
+            this.service.getDescriptor('create', '*').toString(),
+            this.service.getDescriptor('update', '*').toString(),
+        ])
+
+        this.authValidator.validatePermissions((v) =>
+            v.someOf([createAndUpdateValidator, this.service.getDescriptor('write', '*').toString()]),
+        )
+        return this.service.bulkUpsert(inputs, options)
+    }
+}