@edifice.io/communities-tests 1.0.0-develop-pedago.20250725171105

package/it/scenarios/api-permission-check.spec.ts

@@ -0,0 +1,424 @@
+import { check, group } from "k6";
+// @ts-ignore
+import { chai, describe } from "https://jslib.k6.io/k6chaijs/4.3.4.0/index.js";
+
+import {
+  authenticateWeb,
+  createAndSetRole,
+  initStructure,
+  getUsersOfSchool,
+  getRandomUserWithProfile,
+  Structure,
+  logout,
+  UserInfo,
+  Role,
+  linkRoleToUsers,
+  getRolesOfStructure,
+} from "../../node_modules/edifice-k6-commons/dist/index.js";
+
+import {
+  createCommunity,
+  listCommunities,
+  getCommunity,
+  getSecretCode,
+  getCommunityStats,
+  updateCommunity,
+  updateWelcomeNote,
+  deleteCommunity,
+  createCommunityOrFail,
+} from "./utils/_community-api.utils.ts";
+
+import {
+  listCommunityMembers,
+  MembershipRole,
+  leaveCommunity,
+  removeMember,
+  updateMemberRole,
+  removeMembers,
+} from "./utils/_membership-api.utils.ts";
+
+import {
+  createInvitations,
+  listCommunityInvitations,
+  deleteInvitation,
+  deleteInvitationsBatch,
+  listMyInvitations,
+  updateInvitationStatus,
+  InvitationStatus,
+  joinCommunity,
+} from "./utils/_invitation-api.utils.ts";
+
+import {
+  createResource,
+  listCommunityResources,
+  getResource,
+  updateResource,
+  deleteResource,
+  countResources,
+  processMarkedResources,
+  ResourceType,
+  AppName,
+} from "./utils/_resource-api.utils.ts";
+
+interface StructureWithRole extends Structure {
+  communityRole?: Role;
+}
+// Add chai configuration
+chai.config.logFailures = true;
+
+// Add K6 options configuration
+export const options = {
+  setupTimeout: "1h",
+  maxRedirects: 0,
+  thresholds: {
+    checks: ["rate == 1.00"],
+  },
+  scenarios: {
+    permissionGuardTest: {
+      exec: "testPermissionGuards",
+      executor: "per-vu-iterations",
+      vus: 1,
+      maxDuration: "1m",
+      gracefulStop: "5s",
+    },
+  },
+};
+
+const schoolName = `IT Community Permissions Tests V2`;
+// Setup function to create structure and configure roles
+export function setup(): StructureWithRole {
+  let structure: StructureWithRole = {} as StructureWithRole;
+  describe("[Community Permissions] Initialize data", () => {
+    authenticateWeb(__ENV.ADMC_LOGIN, __ENV.ADMC_PASSWORD);
+    structure = initStructure(schoolName, "tiny");
+
+    // Create Communities role WITH SPECIFIC PERMISSIONS
+    // Change this line to add explicit permissions
+    const role = createAndSetRole("Communities");
+
+    // Store role directly in the structure object
+    structure.communityRole = role;
+
+    logout();
+  });
+  return structure;
+}
+
+// Update the main test function to work similarly to the role-check test
+export function testPermissionGuards(structure: StructureWithRole) {
+  let normalUser: UserInfo;
+  let noPermissionsUser: UserInfo;
+  let communityId: number;
+
+  describe("[Community API Permission Guards Test]", () => {
+    // First authenticate as admin to get users - same approach as in role-check
+    authenticateWeb(__ENV.ADMC_LOGIN, __ENV.ADMC_PASSWORD);
+
+    const users = getUsersOfSchool(structure);
+    // Get test users while still authenticated as admin
+    normalUser = getRandomUserWithProfile(users, "Teacher");
+    noPermissionsUser = getRandomUserWithProfile(users, "Student", [
+      normalUser,
+    ]);
+    const roles = getRolesOfStructure(structure.id);
+    // Assign Communities role only to normal user
+    linkRoleToUsers(
+      structure,
+      structure.communityRole!,
+      roles
+        .filter((r: Role) => r.name.includes("Teacher"))
+        .map((r: Role) => r.name),
+    );
+
+    logout();
+
+    // We need a test community
+    group("Admin creates a test community", () => {
+      // Login as admin
+      authenticateWeb(__ENV.ADMC_LOGIN, __ENV.ADMC_PASSWORD);
+
+      // Create a community to test with
+      communityId = Number(
+        createCommunityOrFail({
+          title: "Permission Test Community",
+          type: "FREE",
+          schoolYearEnd: 2023,
+          schoolYearStart: 2023,
+        }),
+      );
+
+      // No logout needed
+    });
+
+    // Test access with the user who has no permissions
+    group("Test API access with user without permissions", () => {
+      authenticateWeb(noPermissionsUser.login, "password");
+
+      // Using utility functions directly with expectations of failure
+      const communities = listCommunities();
+      check(communities, {
+        "List communities fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to create a community
+      const communityResponse = createCommunity({
+        title: "Should Fail Community",
+        type: "FREE",
+        schoolYearEnd: 2023,
+        schoolYearStart: 2023,
+      });
+      check(communityResponse, {
+        "Create community fails for user without permissions": (r) =>
+          r.status === 401 || r.status === 403,
+      });
+
+      // Try to get a community
+      const community = getCommunity(communityId);
+      check(community, {
+        "Get community fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to get secret code
+      const secretCode = getSecretCode(communityId);
+      check(secretCode, {
+        "Get secret code fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to get community stats
+      const stats = getCommunityStats(String(communityId));
+      check(stats, {
+        "Get community stats fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to update a community
+      const updatedCommunity = updateCommunity(String(communityId), {
+        title: "Updated Title",
+      });
+      check(updatedCommunity, {
+        "Update community fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to update welcome note
+      const welcomeNote = updateWelcomeNote(
+        String(communityId),
+        "New welcome note",
+      );
+      check(welcomeNote, {
+        "Update welcome note fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to list members
+      const members = listCommunityMembers(communityId);
+      check(members, {
+        "List members fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to create invitations
+      const invitations = createInvitations(communityId, {
+        users: [{ userId: normalUser.id, role: MembershipRole.MEMBER }],
+      });
+      check(invitations, {
+        "Create invitations fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to list invitations
+      const invitationsList = listCommunityInvitations(communityId);
+      check(invitationsList, {
+        "List invitations fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to join a community
+      const joinResult = joinCommunity("DUMMY_SECRET_CODE");
+      check(joinResult, {
+        "Join community fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to leave a community (would fail even if they were a member)
+      const leaveResult = leaveCommunity(communityId);
+      check(leaveResult, {
+        "Leave community fails for user without permissions": (r) => r !== true,
+      });
+
+      // Try to remove a member
+      const removeResult = removeMember(communityId, normalUser.id);
+      check(removeResult, {
+        "Remove member fails for user without permissions": (r) => r !== true,
+      });
+
+      // Try to remove members in batch
+      const removeMembersResult = removeMembers(communityId, [normalUser.id]);
+      check(removeMembersResult, {
+        "Remove members in batch fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to update a member's role
+      const roleUpdateResult = updateMemberRole(
+        communityId,
+        normalUser.id,
+        MembershipRole.ADMIN,
+      );
+      check(roleUpdateResult, {
+        "Update member role fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to delete an invitation (using a dummy ID)
+      const deleteInvResult = deleteInvitation(communityId, 9999);
+      check(deleteInvResult, {
+        "Delete invitation fails for user without permissions": (r) =>
+          r !== true,
+      });
+
+      // Try to delete invitations in batch
+      const batchDeleteResult = deleteInvitationsBatch(communityId, [9999]);
+      check(batchDeleteResult, {
+        "Batch delete invitations fails for user without permissions": (r) =>
+          r !== true,
+      });
+
+      // Try to list personal invitations
+      // This might actually succeed as it's a personal endpoint, but include for completeness
+      const myInvitations = listMyInvitations();
+      check(myInvitations, {
+        "List personal invitations result is consistent with permissions": (
+          r,
+        ) => r === null || r.items.length > 0,
+      });
+
+      // Try to update an invitation status (using a dummy ID)
+      const updateStatusResult = updateInvitationStatus(
+        9999,
+        InvitationStatus.ACCEPTED,
+      );
+      check(updateStatusResult, {
+        "Update invitation status fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      // Try to list resources
+      const resources = listCommunityResources(communityId);
+      check(resources, {
+        "List resources fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to get resource count
+      const resourceCount = countResources(communityId);
+      check(resourceCount, {
+        "Count resources fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to create a resource
+      const newResource = createResource(communityId, {
+        type: ResourceType.ENT,
+        appName: AppName.EXTERNAL_LINK,
+        title: "Test Resource",
+        resourceUrl: "https://example.com",
+        openInNewTab: true,
+      });
+      check(newResource, {
+        "Create resource fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to get a resource (using dummy ID)
+      const resource = getResource(communityId, 9999);
+      check(resource, {
+        "Get resource fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to update a resource (using dummy ID)
+      const updatedResource = updateResource(communityId, 9999, {
+        title: "Updated Title",
+      });
+      check(updatedResource, {
+        "Update resource fails for user without permissions": (r) => r === null,
+      });
+
+      // Try to delete a resource (using dummy ID)
+      const deleteResult = deleteResource(communityId, 9999);
+      check(deleteResult, {
+        "Delete resource fails for user without permissions": (r) =>
+          r === false,
+      });
+
+      // Try to access ADMC-only endpoint for cleanup
+      const cleanupResult = processMarkedResources(communityId);
+      check(cleanupResult, {
+        "Resource cleanup fails for user without permissions": (r) =>
+          r === null,
+      });
+
+      logout();
+    });
+
+    // Test ADMC-specific features
+    group("Test ADMC-specific resource operations", () => {
+      authenticateWeb(__ENV.ADMC_LOGIN, __ENV.ADMC_PASSWORD);
+
+      // Full flow - Create community, add resource, mark for deletion, cleanup, delete community
+      const testCommunityId = Number(
+        createCommunityOrFail({
+          title: "ADMC Cleanup Test Community",
+          type: "FREE",
+          schoolYearStart: 2025,
+          schoolYearEnd: 2026,
+        }),
+      );
+
+      console.log(
+        `Created test community for ADMC cleanup test with ID: ${testCommunityId}`,
+      );
+
+      // Create a test resource
+      const testResource = createResource(testCommunityId, {
+        type: ResourceType.ENT,
+        appName: AppName.EXTERNAL_LINK,
+        title: "Resource for Cleanup Test",
+        resourceUrl: "https://example.com/cleanup-test",
+        openInNewTab: true,
+      });
+
+      check(testResource, {
+        "ADMC created resource for cleanup test": (r) => r !== null,
+      });
+
+      // In a real scenario, we would mark the resource for deletion here
+      // Since we can't directly call the API to mark a resource for deletion in this test,
+      // we'll just test the cleanup endpoint functionality
+
+      // Run cleanup on the test community
+      const testCleanupResult = processMarkedResources(testCommunityId);
+      check(testCleanupResult, {
+        "ADMC can run cleanup on test community": (r) => r !== null,
+      });
+
+      // Delete the test community
+      const deleteTestCommunity = deleteCommunity(testCommunityId);
+      check(deleteTestCommunity, {
+        "ADMC successfully deleted test community": (r) => r === true,
+      });
+
+      logout();
+    });
+
+    // Cleanup
+    group("Cleanup test data", () => {
+      authenticateWeb(__ENV.ADMC_LOGIN, __ENV.ADMC_PASSWORD);
+
+      if (communityId) {
+        const deleted = deleteCommunity(communityId);
+        check(deleted, {
+          "Test community was deleted": (r) => r === true,
+        });
+      }
+
+      logout();
+    });
+  });
+}