npm - @jmruthers/pace-core - Versions diffs - 0.5.4 → 0.5.6 - Mend

@jmruthers/pace-core 0.5.4 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (158) hide show

package/src/hooks/__tests__/useRBAC.unit.test.ts ADDED Viewed

@@ -0,0 +1,856 @@
+import { renderHook, waitFor } from '@testing-library/react';
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { useRBAC } from '../../rbac/hooks/useRBAC';
+import { createMockSupabaseClient, testDataGenerators } from '../../__tests__/helpers/test-utils';
+// Mock the providers
+const mockUseUnifiedAuth = vi.fn();
+const mockUseOrganisations = vi.fn();
+const mockUseEvents = vi.fn();
+vi.mock('../../providers/UnifiedAuthProvider', () => ({
+  useUnifiedAuth: () => mockUseUnifiedAuth()
+}));
+vi.mock('../../providers/OrganisationProvider', () => ({
+  useOrganisations: () => mockUseOrganisations()
+}));
+vi.mock('../../providers/EventProvider', () => ({
+  useEvents: () => mockUseEvents()
+}));
+// Mock Supabase client
+const mockSupabase = createMockSupabaseClient();
+// Ensure rpc is properly mocked
+vi.spyOn(mockSupabase, 'rpc').mockResolvedValue({
+  data: { permissions: {}, roles: [], access_level: 'viewer' },
+  error: null
+});
+describe('useRBAC', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Default mock implementations
+    mockUseUnifiedAuth.mockReturnValue({
+      user: { id: 'test-user-id' },
+      session: { access_token: 'test-token' },
+      supabase: mockSupabase,
+      appName: 'test-app'
+    });
+    mockUseOrganisations.mockReturnValue({
+      selectedOrganisation: { id: 'test-org-id' }
+    });
+    mockUseEvents.mockReturnValue({
+      selectedEvent: { event_id: 'test-event-id' }
+    });
+  });
+  describe('Initial State', () => {
+    it('returns initial state when no user is provided', () => {
+      mockUseUnifiedAuth.mockReturnValue({
+        user: null,
+        supabase: null,
+        appName: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      expect(result.current.globalRole).toBeNull();
+      expect(result.current.organisationRole).toBeNull();
+      expect(result.current.eventAppRole).toBeNull();
+      expect(result.current.isLoading).toBe(false);
+      expect(result.current.error).toBeNull();
+    });
+    it('returns initial state when no supabase client is provided', () => {
+      mockUseUnifiedAuth.mockReturnValue({
+        user: { id: 'test-user-id' },
+        supabase: null,
+        appName: 'test-app'
+      });
+      const { result } = renderHook(() => useRBAC());
+      expect(result.current.globalRole).toBeNull();
+      expect(result.current.organisationRole).toBeNull();
+      expect(result.current.eventAppRole).toBeNull();
+      expect(result.current.isLoading).toBe(false);
+      expect(result.current.error).toBeNull();
+    });
+    it('returns initial state when no app name is provided', () => {
+      mockUseUnifiedAuth.mockReturnValue({
+        user: { id: 'test-user-id' },
+        supabase: mockSupabase,
+        appName: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      expect(result.current.globalRole).toBeNull();
+      expect(result.current.organisationRole).toBeNull();
+      expect(result.current.eventAppRole).toBeNull();
+      expect(result.current.isLoading).toBe(false);
+      expect(result.current.error).toBeNull();
+    });
+  });
+  describe('Role Detection', () => {
+    it('detects global role from permissions', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'all_permissions',
+          role_name: 'super_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.globalRole).toBe('super_admin');
+        expect(result.current.organisationRole).toBeNull();
+        expect(result.current.eventAppRole).toBeNull();
+      }, { timeout: 3000 });
+    });
+    it('detects organisation role from permissions', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.globalRole).toBeNull();
+        expect(result.current.organisationRole).toBe('org_admin');
+        expect(result.current.eventAppRole).toBeNull();
+      }, { timeout: 3000 });
+    });
+    it('detects event app role from permissions', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'event_app_access',
+          role_name: 'event_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.globalRole).toBeNull();
+        expect(result.current.organisationRole).toBeNull();
+        expect(result.current.eventAppRole).toBe('event_admin');
+      }, { timeout: 3000 });
+    });
+    it('detects multiple roles from permissions', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'all_permissions',
+          role_name: 'super_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        },
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        },
+        {
+          permission_type: 'event_app_access',
+          role_name: 'event_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.globalRole).toBe('super_admin');
+        expect(result.current.organisationRole).toBe('org_admin');
+        expect(result.current.eventAppRole).toBe('event_admin');
+      }, { timeout: 3000 });
+    });
+    it('handles empty permissions array', async () => {
+      mockSupabase.rpc.mockResolvedValue({
+        data: [],
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.globalRole).toBeNull();
+        expect(result.current.organisationRole).toBeNull();
+        expect(result.current.eventAppRole).toBeNull();
+      });
+    });
+  });
+  describe('Permission Checking', () => {
+    it('returns true for super admin regardless of operation', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'all_permissions',
+          role_name: 'super_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.globalRole).toBe('super_admin');
+      }, { timeout: 3000 });
+      const hasPermission = await result.current.hasPermission('read', 'dashboard');
+      expect(hasPermission).toBe(true);
+    });
+    it('checks specific permission with database call', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc
+        .mockResolvedValueOnce({
+          data: mockPermissions,
+          error: null
+        })
+        .mockResolvedValueOnce({
+          data: true,
+          error: null
+        });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('org_admin');
+      }, { timeout: 3000 });
+      const hasPermission = await result.current.hasPermission('read', 'dashboard');
+      expect(hasPermission).toBe(true);
+      expect(mockSupabase.rpc).toHaveBeenCalledWith('check_page_permission', {
+        p_user_id: 'test-user-id',
+        p_app_id: 'test-app-id',
+        p_page_id: 'dashboard',
+        p_operation: 'read',
+        p_event_id: 'test-event-id',
+        p_organisation_id: 'test-org-id'
+      });
+    });
+    it('returns false when permission check fails', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc
+        .mockResolvedValueOnce({
+          data: mockPermissions,
+          error: null
+        })
+        .mockResolvedValueOnce({
+          data: false,
+          error: null
+        });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('org_admin');
+      }, { timeout: 3000 });
+      const hasPermission = await result.current.hasPermission('write', 'admin');
+      expect(hasPermission).toBe(false);
+    });
+    it('returns false when permission check throws error', async () => {
+      const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc
+        .mockResolvedValueOnce({
+          data: mockPermissions,
+          error: null
+        })
+        .mockRejectedValueOnce(new Error('Database error'));
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('org_admin');
+      }, { timeout: 3000 });
+      const hasPermission = await result.current.hasPermission('read', 'dashboard');
+      expect(hasPermission).toBe(false);
+      consoleSpy.mockRestore();
+    });
+    it('uses default pageId when not provided', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc
+        .mockResolvedValueOnce({
+          data: mockPermissions,
+          error: null
+        })
+        .mockResolvedValueOnce({
+          data: true,
+          error: null
+        });
+      const { result } = renderHook(() => useRBAC('default-page'));
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('org_admin');
+      }, { timeout: 3000 });
+      await result.current.hasPermission('read');
+      expect(mockSupabase.rpc).toHaveBeenCalledWith('check_page_permission', {
+        p_user_id: 'test-user-id',
+        p_app_id: 'test-app-id',
+        p_page_id: 'default-page',
+        p_operation: 'read',
+        p_event_id: 'test-event-id',
+        p_organisation_id: 'test-org-id'
+      });
+    });
+  });
+  describe('Global Permission Checking', () => {
+    it('returns true for super admin', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'all_permissions',
+          role_name: 'super_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.isLoading).toBe(false);
+      });
+      expect(result.current.hasGlobalPermission('super_admin')).toBe(true);
+      expect(result.current.hasGlobalPermission('org_admin')).toBe(true);
+      expect(result.current.hasGlobalPermission('any_permission')).toBe(true);
+    });
+    it('returns true for org admin when checking org_admin permission', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.isLoading).toBe(false);
+      });
+      expect(result.current.hasGlobalPermission('org_admin')).toBe(true);
+      expect(result.current.hasGlobalPermission('super_admin')).toBe(false);
+      expect(result.current.hasGlobalPermission('other_permission')).toBe(false);
+    });
+    it('returns false for non-admin users', () => {
+      const mockPermissions = [
+        {
+          permission_type: 'event_app_access',
+          role_name: 'viewer',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      expect(result.current.hasGlobalPermission('super_admin')).toBe(false);
+      expect(result.current.hasGlobalPermission('org_admin')).toBe(false);
+      expect(result.current.hasGlobalPermission('any_permission')).toBe(false);
+    });
+  });
+  describe('Computed Properties', () => {
+    it('correctly computes isSuperAdmin', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'all_permissions',
+          role_name: 'super_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.isSuperAdmin).toBe(true);
+      });
+    });
+    it('correctly computes isOrgAdmin', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.isOrgAdmin).toBe(true);
+      });
+    });
+    it('correctly computes isEventAdmin', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'event_app_access',
+          role_name: 'event_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.isEventAdmin).toBe(true);
+      });
+    });
+    it('correctly computes canManageOrganisation', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.canManageOrganisation).toBe(true);
+      });
+    });
+    it('correctly computes canManageEvent', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'event_app_access',
+          role_name: 'event_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.canManageEvent).toBe(true);
+      });
+    });
+    it('super admin can manage both organisation and event', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'all_permissions',
+          role_name: 'super_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.canManageOrganisation).toBe(true);
+        expect(result.current.canManageEvent).toBe(true);
+      });
+    });
+  });
+  describe('Loading States', () => {
+    it('sets loading state while fetching permissions', async () => {
+      let resolvePermissions: (value: any) => void;
+      const permissionsPromise = new Promise(resolve => {
+        resolvePermissions = resolve;
+      });
+      mockSupabase.rpc.mockReturnValue(permissionsPromise);
+      const { result } = renderHook(() => useRBAC());
+      expect(result.current.isLoading).toBe(true);
+      resolvePermissions!({
+        data: [],
+        error: null
+      });
+      await waitFor(() => {
+        expect(result.current.isLoading).toBe(false);
+      });
+    });
+    it('resets loading state on error', async () => {
+      mockSupabase.rpc.mockRejectedValue(new Error('Network error'));
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.isLoading).toBe(false);
+        expect(result.current.error).toBeInstanceOf(Error);
+      });
+    });
+  });
+  describe('Error Handling', () => {
+    it('handles RPC errors gracefully', async () => {
+      const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+      mockSupabase.rpc.mockResolvedValue({
+        data: null,
+        error: { message: 'Database connection failed' }
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.error).toBeInstanceOf(Error);
+        expect(result.current.error?.message).toContain('Failed to load RBAC permissions');
+      });
+      consoleSpy.mockRestore();
+    });
+    it('handles network errors gracefully', async () => {
+      const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+      mockSupabase.rpc.mockResolvedValue({
+        data: null,
+        error: { message: 'Network timeout' }
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.error).toBeInstanceOf(Error);
+        expect(result.current.error?.message).toContain('Failed to load RBAC permissions');
+      });
+      consoleSpy.mockRestore();
+    });
+    it('handles unknown errors gracefully', async () => {
+      const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
+      mockSupabase.rpc.mockRejectedValue('Unknown error');
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.error).toBeInstanceOf(Error);
+        expect(result.current.error?.message).toBe('Unknown error loading RBAC context');
+      });
+      consoleSpy.mockRestore();
+    });
+  });
+  describe('Context Dependencies', () => {
+    it('reloads when user changes', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'all_permissions',
+          role_name: 'super_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result, rerender } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.globalRole).toBe('super_admin');
+      });
+      // Change user
+      mockUseUnifiedAuth.mockReturnValue({
+        user: { id: 'different-user-id' },
+        session: { access_token: 'test-token' },
+        supabase: mockSupabase,
+        appName: 'test-app'
+      });
+      rerender();
+      await waitFor(() => {
+        expect(mockSupabase.rpc).toHaveBeenCalledTimes(2);
+      });
+    });
+    it('reloads when organisation changes', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result, rerender } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('org_admin');
+      }, { timeout: 3000 });
+      // Change organisation
+      mockUseOrganisations.mockReturnValue({
+        selectedOrganisation: { id: 'different-org-id' }
+      });
+      rerender();
+      await waitFor(() => {
+        expect(mockSupabase.rpc).toHaveBeenCalledTimes(2);
+      });
+    });
+    it('reloads when event changes', async () => {
+      const mockPermissions = [
+        {
+          permission_type: 'event_app_access',
+          role_name: 'event_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result, rerender } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.eventAppRole).toBe('event_admin');
+      });
+      // Change event
+      mockUseEvents.mockReturnValue({
+        selectedEvent: { event_id: 'different-event-id' }
+      });
+      rerender();
+      await waitFor(() => {
+        expect(mockSupabase.rpc).toHaveBeenCalledTimes(2);
+      });
+    });
+    it('handles missing EventProvider gracefully', () => {
+      const consoleSpy = vi.spyOn(console, 'debug').mockImplementation(() => {});
+      // Mock EventProvider to throw error
+      mockUseEvents.mockImplementation(() => {
+        throw new Error('EventProvider not available');
+      });
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      expect(result.current.eventAppRole).toBeNull();
+      expect(consoleSpy).toHaveBeenCalledWith('useRBAC: EventProvider not available, continuing without event context');
+      consoleSpy.mockRestore();
+    });
+  });
+  describe('User Context', () => {
+    it('includes user in returned context', async () => {
+      const mockUser = testDataGenerators.createUser();
+      mockUseUnifiedAuth.mockReturnValue({
+        user: mockUser,
+        supabase: mockSupabase,
+        appName: 'test-app'
+      });
+      const mockPermissions = [
+        {
+          permission_type: 'organisation_access',
+          role_name: 'org_admin',
+          has_permission: true,
+          granted_at: '2023-01-01T00:00:00Z'
+        }
+      ];
+      mockSupabase.rpc.mockResolvedValue({
+        data: mockPermissions,
+        error: null
+      });
+      const { result } = renderHook(() => useRBAC());
+      await waitFor(() => {
+        expect(result.current.user).toEqual(mockUser);
+      });
+    });
+  });
+});