@edifice.io/communities-tests 1.0.0-develop-pedago.20250725171105

package/it/scenarios/api-community-role-check.spec.ts

@@ -0,0 +1,868 @@
+import { check, group } from "k6";
+// @ts-ignore
+import { chai, describe } from "https://jslib.k6.io/k6chaijs/4.3.4.0/index.js";
+import { sleep } from "k6";
+
+import {
+  authenticateWeb,
+  getUsersOfSchool,
+  getRandomUserWithProfile,
+  initStructure,
+  Structure,
+  logout,
+  createAndSetRole,
+  getRolesOfStructure,
+  linkRoleToUsers,
+  UserInfo,
+} from "../../node_modules/edifice-k6-commons/dist/index.js";
+
+import {
+  createCommunityOrFail,
+  getCommunity,
+  getSecretCode,
+  getCommunityStats,
+  updateCommunity,
+  updateWelcomeNote,
+  deleteCommunity,
+  listCommunities,
+} from "./utils/_community-api.utils.ts";
+
+import {
+  listCommunityMembers,
+  updateMemberRole,
+  leaveCommunity,
+  removeMember,
+  removeMembers,
+} from "./utils/_membership-api.utils.ts";
+
+import {
+  createInvitations,
+  listCommunityInvitations,
+  MembershipRole,
+  deleteInvitation,
+  deleteInvitationsBatch,
+  listMyInvitations,
+  updateInvitationStatus,
+  InvitationStatus,
+  joinCommunity,
+  updateRequestStatus,
+} from "./utils/_invitation-api.utils.ts";
+import {
+  AppName,
+  countResources,
+  createResource,
+  deleteResource,
+  getResource,
+  listCommunityResources,
+  processMarkedResources,
+  ResourceType,
+  updateResource,
+} from "./utils/_resource-api.utils.ts";
+
+// Add chai configuration
+chai.config.logFailures = true;
+
+// Add K6 options configuration
+export const options = {
+  setupTimeout: "1h",
+  maxRedirects: 0,
+  thresholds: {
+    checks: ["rate == 1.00"],
+  },
+  scenarios: {
+    roleGuardTest: {
+      exec: "testCommunityRoleGuards",
+      executor: "per-vu-iterations",
+      vus: 1,
+      maxDuration: "1m30s", // Slightly longer for role tests
+      gracefulStop: "5s",
+    },
+  },
+};
+
+const schoolName = `IT Community Roles`;
+
+// Setup function to create structure and configure roles
+export function setup(): Structure {
+  let structure: Structure = {} as Structure;
+  describe("[Community Roles] Initialize data", () => {
+    authenticateWeb(__ENV.ADMC_LOGIN, __ENV.ADMC_PASSWORD);
+    structure = initStructure(schoolName, "tiny");
+
+    // Create Communities role
+    const role = createAndSetRole("Communities");
+
+    // Assign role to all groups/users in structure
+    const groups = getRolesOfStructure(structure.id);
+    linkRoleToUsers(
+      structure,
+      role,
+      groups.map((g: any) => g.name),
+    );
+  });
+  return structure;
+}
+
+/**
+ * Test to verify that RequireCommunityRole guards restrict access
+ * based on the user's role in a community
+ */
+export function testCommunityRoleGuards(structure: Structure) {
+  let adminUser: UserInfo;
+  let memberUser: UserInfo;
+  let nonMemberUser: UserInfo;
+  let communityId: number;
+  let communitySecretCode: string;
+  let resourceId: number; // Add this to track test resource ID
+
+  describe("[Community API Role Guards Test]", () => {
+    // First authenticate as admin to get users
+    authenticateWeb(__ENV.ADMC_LOGIN, __ENV.ADMC_PASSWORD);
+
+    // Use structure from parameter instead of initializing
+    const users = getUsersOfSchool(structure);
+
+    // Get test users while still authenticated as admin
+    adminUser = getRandomUserWithProfile(users, "Teacher");
+    memberUser = getRandomUserWithProfile(users, "Student", [adminUser]);
+    nonMemberUser = getRandomUserWithProfile(users, "Student", [
+      adminUser,
+      memberUser,
+    ]);
+
+    // Log out after getting users
+    logout();
+
+    // Create a test community with the admin user
+    group("Setup: Admin creates a test community", () => {
+      authenticateWeb(adminUser.login, "password");
+
+      communityId = Number(
+        createCommunityOrFail({
+          title: "Role Test Community",
+          type: "CLASS",
+          schoolYearStart: 2025,
+          schoolYearEnd: 2026,
+        }),
+      );
+      console.log(`Created test community with ID: ${communityId}`);
+
+      // Get the secret code
+      const secretCode = getSecretCode(communityId);
+      check(secretCode, {
+        "Admin can get secret code": (r) => r !== null,
+      });
+
+      if (secretCode) {
+        communitySecretCode = secretCode;
+        console.log(`Retrieved secret code: ${communitySecretCode}`);
+      }
+
+      // Add resource creation for testing
+      const resource = createResource(communityId, {
+        type: ResourceType.ENT,
+        appName: AppName.EXTERNAL_LINK,
+        title: "Test Resource for Role Checks",
+        resourceUrl: "https://example.com/test",
+        openInNewTab: true,
+      });
+
+      check(resource, {
+        "Admin can create a test resource": (r) => r !== null,
+      });
+
+      if (resource) {
+        resourceId = resource.id;
+        console.log(`Created test resource with ID: ${resourceId}`);
+      }
+
+      logout();
+    });
+
+    // Add a regular member to the community
+    group("Setup: Add a regular member to the community", () => {
+      // 1. The member user joins the community
+      authenticateWeb(memberUser.login, "password");
+
+      const joinRequest = joinCommunity(communitySecretCode);
+      check(joinRequest, {
+        "Join request created successfully": (r) => r !== null,
+        "Join request has REQUEST status": (r) =>
+          r !== null && r.status === InvitationStatus.REQUEST,
+      });
+
+      // Save the request ID for later use
+      const requestInvitationId = joinRequest?.id;
+      console.log(`Created join request with ID: ${requestInvitationId}`);
+
+      logout();
+
+      // 2. Admin approves the join request
+      authenticateWeb(adminUser.login, "password");
+
+      const approvedRequest = updateRequestStatus(
+        communityId,
+        requestInvitationId!,
+        InvitationStatus.REQUEST_ACCEPTED,
+      );
+
+      check(approvedRequest, {
+        "Admin approved join request successfully": (r) => r !== null,
+        "Status changed to REQUEST_ACCEPTED": (r) =>
+          r !== null && r.status === InvitationStatus.REQUEST_ACCEPTED,
+      });
+
+      // 3. Check if the member is now part of the community
+      const members = listCommunityMembers(communityId);
+      const isMember = members?.items.some(
+        (m) => m.user.entId === memberUser.id,
+      );
+
+      check(isMember, {
+        "User is now a community member after admin approval": (result) =>
+          result === true,
+      });
+
+      logout();
+    });
+
+    // Test access with non-member user
+    group("Test API access with non-member user", () => {
+      authenticateWeb(nonMemberUser.login, "password");
+
+      // Tests requiring MEMBER or ADMIN roles (should all fail)
+      const community = getCommunity(communityId);
+      check(community, {
+        "Non-member can get community details": (c) => c === null,
+      });
+
+      const secretCode = getSecretCode(communityId);
+      check(secretCode, {
+        "Non-member cannot get secret code": (s) => s === null,
+      });
+
+      const stats = getCommunityStats(String(communityId));
+      check(stats, {
+        "Non-member cannot get community stats": (s) => s === null,
+      });
+
+      const updatedCommunity = updateCommunity(String(communityId), {
+        title: "Updated Title",
+        type: "CLASS",
+      });
+      check(updatedCommunity, {
+        "Non-member cannot update community": (c) => c === null,
+      });
+
+      const welcomeNote = updateWelcomeNote(
+        String(communityId),
+        "New welcome note",
+      );
+      check(welcomeNote, {
+        "Non-member cannot update welcome note": (w) => w === null,
+      });
+
+      const members = listCommunityMembers(communityId);
+      check(members, {
+        "Non-member cannot list members": (m) => m === null,
+      });
+
+      const invitations = createInvitations(communityId, {
+        users: [{ userId: nonMemberUser.id, role: MembershipRole.MEMBER }],
+      });
+      check(invitations, {
+        "Non-member cannot create invitations": (i) => i === null,
+      });
+
+      const invitationsList = listCommunityInvitations(communityId);
+      check(invitationsList, {
+        "Non-member cannot list invitations": (i) => i === null,
+      });
+
+      // Test role update permission for non-members
+      const roleUpdate = updateMemberRole(
+        communityId,
+        memberUser.id,
+        MembershipRole.ADMIN,
+      );
+      check(roleUpdate, {
+        "Non-member cannot update member roles": (r) => r === null,
+      });
+
+      // Test global listing endpoint - should work for all users regardless of membership
+      const communityList = listCommunities();
+      check(communityList, {
+        "Non-member can list all communities": (c) => c !== null,
+      });
+
+      // Test leaving community - should fail for non-members
+      const leaveResult = leaveCommunity(communityId);
+      check(leaveResult, {
+        "Non-member cannot leave a community they're not part of": (r) =>
+          r !== true,
+      });
+
+      // Test removing members - should fail for non-members
+      const removeResult = removeMember(communityId, memberUser.id);
+      check(removeResult, {
+        "Non-member cannot remove other members": (r) => r !== true,
+      });
+
+      // Test invitation management - should fail for non-members
+      // First, we need an invitation to work with (will be created by admin later)
+      const myInvitations = listMyInvitations();
+      check(myInvitations, {
+        "Non-member can list their own invitations": (i) => i !== null,
+      });
+
+      const deleteInvResult = deleteInvitation(communityId, 9999); // Using dummy ID
+      check(deleteInvResult, {
+        "Non-member cannot delete invitations": (r) => r !== true,
+      });
+
+      const deleteBatchResult = deleteInvitationsBatch(communityId, [9999]);
+      check(deleteBatchResult, {
+        "Non-member cannot batch delete invitations": (r) => r !== true,
+      });
+
+      // Update invitation status should work for personal invitations, but non-member has none
+      // Will test this functionality with the invited user later
+
+      // Test batch removing members - should fail for non-members
+      const batchRemoveResult = removeMembers(communityId, [memberUser.id]);
+      check(batchRemoveResult, {
+        "Non-member cannot remove members in batch": (r) => r === null,
+      });
+      // Resource API tests for non-members
+      const resources = listCommunityResources(communityId);
+      check(resources, {
+        "Non-member cannot list community resources": (r) => r === null,
+      });
+
+      const resource = getResource(communityId, resourceId);
+      check(resource, {
+        "Non-member cannot get resource details": (r) => r === null,
+      });
+
+      const resourceCount = countResources(communityId);
+      check(resourceCount, {
+        "Non-member cannot count resources": (r) => r === null,
+      });
+
+      const newResource = createResource(communityId, {
+        type: ResourceType.ENT,
+        appName: AppName.EXTERNAL_LINK,
+        title: "Unauthorized Resource",
+        resourceUrl: "https://example.com/unauthorized",
+        openInNewTab: true,
+      });
+
+      check(newResource, {
+        "Non-member cannot create resources": (r) => r === null,
+      });
+
+      const updatedResource = updateResource(communityId, resourceId, {
+        title: "Updated by Non-member",
+      });
+
+      check(updatedResource, {
+        "Non-member cannot update resources": (r) => r === null,
+      });
+
+      const deleteResult = deleteResource(communityId, resourceId);
+
+      check(deleteResult, {
+        "Non-member cannot delete resources": (r) => r === false,
+      });
+
+      const cleanupResult = processMarkedResources(communityId);
+
+      check(cleanupResult, {
+        "Non-member cannot access admin-only cleanup endpoint": (r) =>
+          r === null,
+      });
+
+      logout();
+    });
+
+    // Test access with regular member
+    group("Test API access with regular member", () => {
+      authenticateWeb(memberUser.login, "password");
+
+      // Tests requiring MEMBER role (should succeed)
+      const community = getCommunity(String(communityId));
+      check(community, {
+        "Member can get community details": (c) => c !== null,
+      });
+
+      const stats = getCommunityStats(String(communityId));
+      check(stats, {
+        "Member can get community stats": (s) => s !== null,
+      });
+
+      const members = listCommunityMembers(communityId);
+      check(members, {
+        "Member can list members": (m) => m !== null,
+      });
+
+      // Tests requiring ADMIN role (should fail)
+      const secretCode = getSecretCode(communityId);
+      check(secretCode, {
+        "Member cannot get secret code (admin only)": (s) => s === null,
+      });
+
+      const updatedCommunity = updateCommunity(String(communityId), {
+        title: "Updated Title",
+        type: "CLASS",
+      });
+      check(updatedCommunity, {
+        "Member cannot update community (admin only)": (c) => c === null,
+      });
+
+      const welcomeNote = updateWelcomeNote(
+        String(communityId),
+        "New welcome note",
+      );
+      check(welcomeNote, {
+        "Member cannot update welcome note (admin only)": (w) => w === null,
+      });
+
+      const invitations = createInvitations(communityId, {
+        users: [{ userId: nonMemberUser.id, role: MembershipRole.MEMBER }],
+      });
+      check(invitations, {
+        "Member cannot create invitations (admin only)": (i) => i === null,
+      });
+
+      // Test role update permission for regular members
+      const roleUpdate = updateMemberRole(
+        communityId,
+        memberUser.id,
+        MembershipRole.ADMIN,
+      );
+      check(roleUpdate, {
+        "Regular member cannot promote themselves to admin": (r) => r === null,
+      });
+
+      // Test global listing endpoint
+      const communityList = listCommunities();
+      check(communityList, {
+        "Member can list all communities": (c) => c !== null,
+      });
+
+      // Test removing members - should fail for regular members
+      const removeResult = removeMember(communityId, memberUser.id);
+      check(removeResult, {
+        "Regular member cannot remove other members": (r) => r !== true,
+      });
+      // Test batch removing members - should fail for regular members
+      const batchRemoveResult = removeMembers(communityId, [memberUser.id]);
+      check(batchRemoveResult, {
+        "Regular member cannot remove members in batch (admin only)": (r) =>
+          r === null,
+      });
+      // Test invitation management - should fail for regular members
+      const myInvitations = listMyInvitations();
+      check(myInvitations, {
+        "Member can list their own invitations": (i) => i !== null,
+      });
+
+      const deleteInvResult = deleteInvitation(communityId, 9999); // Using dummy ID
+      check(deleteInvResult, {
+        "Regular member cannot delete invitations": (r) => r !== true,
+      });
+
+      const deleteBatchResult = deleteInvitationsBatch(communityId, [9999]);
+      check(deleteBatchResult, {
+        "Regular member cannot batch delete invitations": (r) => r !== true,
+      });
+
+      // Resource API tests for members (read-only access)
+      const resources = listCommunityResources(communityId);
+      check(resources, {
+        "Member can list community resources": (r) => r !== null,
+        "Resource list contains test resource": (r) => {
+          if (!r || !r.items) return false;
+          return r.items.some((item) => item.id === resourceId);
+        },
+      });
+
+      const resource = getResource(communityId, resourceId);
+      check(resource, {
+        "Member can get resource details": (r) => r !== null,
+        "Resource details are correct": (r) =>
+          r !== null && r.id === resourceId,
+      });
+
+      const resourceCount = countResources(communityId);
+      check(resourceCount, {
+        "Member can count resources": (r) => r !== null,
+        "Resource count returns positive number": (r) =>
+          r !== null && r.count > 0,
+      });
+
+      // Tests requiring ADMIN role (should fail)
+      const newResource = createResource(communityId, {
+        type: ResourceType.ENT,
+        appName: AppName.EXTERNAL_LINK,
+        title: "Member Resource Attempt",
+        resourceUrl: "https://example.com/member-attempt",
+        openInNewTab: true,
+      });
+
+      check(newResource, {
+        "Member cannot create resources (admin only)": (r) => r === null,
+      });
+
+      const updatedResource = updateResource(communityId, resourceId, {
+        title: "Updated by Member",
+      });
+
+      check(updatedResource, {
+        "Member cannot update resources (admin only)": (r) => r === null,
+      });
+
+      const deleteResult = deleteResource(communityId, resourceId);
+
+      check(deleteResult, {
+        "Member cannot delete resources (admin only)": (r) => r === false,
+      });
+
+      const cleanupResult = processMarkedResources(communityId);
+
+      check(cleanupResult, {
+        "Member cannot access admin-only cleanup endpoint": (r) => r === null,
+      });
+
+      // Leave community - should succeed for members
+      // We do this last as it changes member's status
+      const leaveResult = leaveCommunity(communityId);
+      check(leaveResult, {
+        "Member can leave a community": (r) => r === true,
+      });
+
+      // Verify the member actually left
+      authenticateWeb(adminUser.login, "password");
+      const membersAfterLeaving = listCommunityMembers(communityId);
+      logout();
+      authenticateWeb(memberUser.login, "password"); // Log back in as member
+
+      if (membersAfterLeaving && membersAfterLeaving.items) {
+        const memberStillExists = membersAfterLeaving.items.some(
+          (member) => member.user.entId === memberUser.id,
+        );
+        check(memberStillExists, {
+          "Member no longer appears in community member list": (exists) =>
+            !exists,
+        });
+      }
+
+      logout();
+    });
+
+    // Test access with admin user
+    group("Test API access with admin user", () => {
+      authenticateWeb(adminUser.login, "password");
+
+      // All operations should succeed for admin
+
+      // Member-level operations
+      const community = getCommunity(String(communityId));
+      check(community, {
+        "Admin can get community details": (c) => c !== null,
+      });
+
+      const stats = getCommunityStats(String(communityId));
+      check(stats, {
+        "Admin can get community stats": (s) => s !== null,
+      });
+
+      const members = listCommunityMembers(communityId);
+      check(members, {
+        "Admin can list members": (m) => m !== null,
+      });
+
+      // Admin-level operations
+      const secretCode = getSecretCode(communityId);
+      check(secretCode, {
+        "Admin can get secret code": (s) => s !== null,
+      });
+
+      const updatedCommunity = updateCommunity(String(communityId), {
+        title: "Admin Updated Title",
+        type: "CLASS",
+      });
+      check(updatedCommunity, {
+        "Admin can update community": (c) => c !== null,
+      });
+
+      const welcomeNote = updateWelcomeNote(
+        String(communityId),
+        "Admin updated welcome note",
+      );
+      check(welcomeNote, {
+        "Admin can update welcome note": (w) => w !== null,
+      });
+
+      const invitations = createInvitations(communityId, {
+        users: [{ userId: nonMemberUser.id, role: MembershipRole.MEMBER }],
+        message: "Please join our community",
+      });
+      check(invitations, {
+        "Admin can create invitations": (i) => i !== null,
+      });
+      const userId =
+        invitations && invitations.length > 0
+          ? invitations[0].receiver?.id
+          : null;
+      check(userId, {
+        "Admin created an invitation for a user": (i) => i != null,
+      });
+
+      // The invited user must accept the invitation before we can update their role
+      // First save invitation details
+      const tmpInvitationId =
+        invitations && invitations.length > 0 ? invitations[0].id : null;
+
+      // Switch to the invited user to accept the invitation
+      logout();
+      authenticateWeb(nonMemberUser.login, "password");
+
+      // Accept the invitation
+      if (tmpInvitationId) {
+        const acceptResult = updateInvitationStatus(
+          tmpInvitationId,
+          InvitationStatus.ACCEPTED,
+        );
+
+        check(acceptResult, {
+          "Non-member successfully accepted invitation": (r) => r !== null,
+        });
+
+        // Verify the user is now a member
+        const membershipCheck = getCommunity(String(communityId));
+        check(membershipCheck, {
+          "User is now a community member after accepting invitation": (m) =>
+            m !== null,
+        });
+      }
+
+      // Switch back to admin
+      logout();
+      authenticateWeb(adminUser.login, "password");
+
+      // Now that the user is a member, we can update their role
+      const roleUpdate = updateMemberRole(
+        communityId,
+        userId!,
+        MembershipRole.ADMIN,
+      );
+      check(roleUpdate, {
+        "Admin can update member roles": (r) => r !== null,
+      });
+
+      // Verify the member was successfully promoted
+      const updatedMembers = listCommunityMembers(communityId);
+      if (updatedMembers && updatedMembers.items) {
+        const promotedMember = updatedMembers.items.find(
+          (member) => member.user.id === userId,
+        );
+        check(promotedMember, {
+          "Member was successfully promoted to admin": (m) =>
+            !!m && m.role === MembershipRole.ADMIN,
+        });
+      }
+
+      // Test global listing endpoint
+      const communityList = listCommunities();
+      check(communityList, {
+        "Admin can list all communities": (c) => c !== null,
+      });
+
+      // Test invitation operations for admin
+      // Create separate invitations specifically for testing deletion
+      // These will remain in PENDING status
+      const deletionTestInvitations = createInvitations(communityId, {
+        users: [{ userId: memberUser.id, role: MembershipRole.MEMBER }],
+        message: "Invitation for testing deletion (will remain pending)",
+      });
+
+      // Verify the test invitations were created
+      check(deletionTestInvitations, {
+        "Admin created pending invitations for deletion testing": (i) =>
+          i !== null && i.length > 0,
+      });
+
+      // Now test deletion with a pending invitation
+      if (deletionTestInvitations && deletionTestInvitations.length > 0) {
+        const pendingInvitationId = deletionTestInvitations[0].id;
+
+        // Test deleting a specific invitation
+        const deleteInvResult = deleteInvitation(
+          communityId,
+          pendingInvitationId,
+        );
+        check(deleteInvResult, {
+          "Admin can delete a specific pending invitation": (r) => r === true,
+        });
+
+        // Create more pending invitations for batch delete test
+        const batchInvitations = createInvitations(communityId, {
+          users: [
+            { userId: memberUser.id, role: MembershipRole.MEMBER },
+            { userId: memberUser.id, role: MembershipRole.ADMIN },
+          ],
+          message: "Batch deletion test (pending invitations)",
+        });
+
+        if (batchInvitations && batchInvitations.length > 0) {
+          const pendingInvitationIds = batchInvitations.map((inv) => inv.id);
+
+          // Test batch deletion of pending invitations
+          const batchDeleteResult = deleteInvitationsBatch(
+            communityId,
+            pendingInvitationIds,
+          );
+          check(batchDeleteResult, {
+            "Admin can batch delete pending invitations": (r) => r === true,
+          });
+        }
+      }
+
+      // Test member removal
+      // First, we need a new member to remove
+      authenticateWeb(nonMemberUser.login, "password");
+      joinCommunity(communitySecretCode);
+      logout();
+      authenticateWeb(adminUser.login, "password"); // Log back in as admin
+      // Re-fetch the community to get the latest member list
+      const listMembers = listCommunityMembers(communityId);
+      check(listMembers, {
+        "Admin can list community members": (m) => m !== null,
+      });
+      check(listMembers?.items, {
+        "Community has members to remove": (m) => m !== null && m!.length > 0,
+      });
+      // Test removing a member
+      const removeResult = removeMember(
+        communityId,
+        listMembers?.items[0].user.id!,
+      );
+      check(removeResult, {
+        "Admin can remove a member from the community": (r) => r === true,
+      });
+
+      const batchRemoveResult = removeMembers(communityId, [
+        listMembers?.items[0].user.id!,
+      ]);
+      check(batchRemoveResult, {
+        "Admin can remove members in batch (admin only)": (r) => r !== null,
+      });
+      // Verify the member was removed
+      const membersAfterRemoval = listCommunityMembers(communityId);
+      if (membersAfterRemoval && membersAfterRemoval.items) {
+        const removedMemberStillExists = membersAfterRemoval.items.some(
+          (member) => member.user.entId === nonMemberUser.id,
+        );
+        check(removedMemberStillExists, {
+          "Member was successfully removed from community": (exists) => !exists,
+        });
+      }
+
+      // Admin should be able to view their own invitations
+      const myInvitations = listMyInvitations();
+      check(myInvitations, {
+        "Admin can list their own invitations": (i) => i !== null,
+      });
+
+      sleep(1); // Small pause before cleanup
+
+      // Cleanup - delete the community
+      const deleted = deleteCommunity(communityId);
+      check(deleted, {
+        "Admin can delete the community": (r) => r === true,
+      });
+
+      logout();
+    });
+
+    // Test invitation acceptance/rejection flow
+    group("Test invitation management with invited user", () => {
+      // Admin creates an invitation
+      authenticateWeb(adminUser.login, "password");
+
+      // We need a new community for this test to avoid conflicts
+      const inviteCommunityId = Number(
+        createCommunityOrFail({
+          title: "Invitation Test Community",
+          type: "CLASS",
+          schoolYearStart: 2025,
+          schoolYearEnd: 2026,
+        }),
+      );
+
+      // Create invitation for non-member
+      const invitation = createInvitations(inviteCommunityId, {
+        users: [{ userId: nonMemberUser.id, role: MembershipRole.MEMBER }],
+        message: "Please test this invitation",
+      });
+
+      check(invitation, {
+        "Admin created invitation for user": (i) => i !== null && i.length > 0,
+      });
+
+      if (invitation && invitation.length > 0) {
+        // Non-member checks and updates their invitation
+        logout();
+        authenticateWeb(nonMemberUser.login, "password");
+
+        // Check user can list their invitations
+        const pendingInvitations = listMyInvitations();
+        check(pendingInvitations, {
+          "Invited user can list their pending invitations": (i) =>
+            i !== null && i.items && i.items.length > 0,
+        });
+
+        // Find our test invitation
+        let testInvitation;
+        if (pendingInvitations && pendingInvitations.items) {
+          testInvitation = pendingInvitations.items.find(
+            (inv) => Number(inv.communityId) === inviteCommunityId,
+          );
+        }
+
+        check(testInvitation, {
+          "Invitation appears in user's list": (i) => i !== undefined,
+        });
+
+        if (testInvitation) {
+          // Accept the invitation
+          const updateResult = updateInvitationStatus(
+            testInvitation.id,
+            InvitationStatus.ACCEPTED,
+          );
+
+          check(updateResult, {
+            "User can accept their own invitation": (r) => r !== null,
+          });
+
+          // Verify user is now a member
+          const membership = getCommunity(String(inviteCommunityId));
+          check(membership, {
+            "User can now access the community after accepting invitation": (
+              m,
+            ) => m !== null,
+          });
+        }
+
+        logout();
+        authenticateWeb(adminUser.login, "password");
+
+        // Clean up this test community
+        deleteCommunity(inviteCommunityId);
+      }
+
+      logout();
+    });
+  });
+}