@jmruthers/pace-core 0.5.42 → 0.5.44

package/src/rbac/__tests__/rbac-core.test.tsx

@@ -0,0 +1,277 @@
+/**
+ * @file RBAC Core Tests
+ * @package @jmruthers/pace-core
+ * @module RBAC/__tests__
+ * @since 0.4.0
+ * 
+ * Comprehensive test suite for RBAC core functionality.
+ * Follows testing guidelines with proper structure, naming, and best practices.
+ */
+
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { setupRBAC, hasPermission, isPermitted, getAccessLevel } from '../api';
+import { Operation, Permission, AccessLevel } from '../types';
+
+// Mock Supabase client
+const mockSupabaseClient = {
+  from: vi.fn(),
+  rpc: vi.fn(),
+};
+
+describe('RBAC Core Functionality', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  describe('Permission Types', () => {
+    it('has all required operation types', () => {
+      // Check that the Operation type includes the expected values
+      const operations: Operation[] = ['read', 'create', 'update', 'delete', 'manage'];
+      operations.forEach(op => {
+        expect(['read', 'create', 'update', 'delete', 'manage']).toContain(op);
+      });
+    });
+
+    it('has all required access levels', () => {
+      // Check that the AccessLevel type includes the expected values
+      const accessLevels: AccessLevel[] = ['viewer', 'participant', 'planner', 'admin', 'super'];
+      accessLevels.forEach(level => {
+        expect(['viewer', 'participant', 'planner', 'admin', 'super']).toContain(level);
+      });
+    });
+  });
+
+  describe('RBAC Setup', () => {
+    it('initializes RBAC system', () => {
+      expect(() => {
+        setupRBAC(mockSupabaseClient as any);
+      }).not.toThrow();
+    });
+
+    it('initializes RBAC system with config', () => {
+      const config = {
+        debug: true,
+        logLevel: 'info' as const,
+      };
+
+      expect(() => {
+        setupRBAC(mockSupabaseClient as any, config);
+      }).not.toThrow();
+    });
+  });
+
+  describe('Permission Checking', () => {
+    it('validates permission strings', () => {
+      const validPermissions: Permission[] = [
+        'read:users',
+        'create:user-profiles',
+        'update:events',
+        'delete:organisations',
+        'manage:base',
+      ];
+
+      validPermissions.forEach(permission => {
+        expect(permission).toMatch(/^(read|create|update|delete|manage):/);
+      });
+    });
+
+    it('handles invalid permission formats', () => {
+      const invalidPermissions = ['invalid', '', 'read', 'manage'];
+
+      invalidPermissions.forEach(permission => {
+        expect(permission).not.toMatch(/^(read|create|update|delete|manage):/);
+      });
+    });
+  });
+
+  describe('Permission Validation', () => {
+    it('validates permission strings correctly', () => {
+      const permission: Permission = 'read:users';
+      expect(permission).toMatch(/^(read|create|update|delete|manage):/);
+    });
+
+    it('validates complex resource names', () => {
+      const permission: Permission = 'create:user-profiles';
+      expect(permission).toMatch(/^(read|create|update|delete|manage):/);
+    });
+
+    it('handles invalid permission formats', () => {
+      const invalidPermissions = ['invalid', '', 'read'];
+
+      invalidPermissions.forEach(permission => {
+        expect(permission).not.toMatch(/^(read|create|update|delete|manage):/);
+      });
+    });
+  });
+
+  describe('Access Level Validation', () => {
+    it('validates access level hierarchy', () => {
+      const levels: AccessLevel[] = ['viewer', 'participant', 'planner', 'admin', 'super'];
+      
+      // Check that all levels are valid
+      levels.forEach(level => {
+        expect(['viewer', 'participant', 'planner', 'admin', 'super']).toContain(level);
+      });
+    });
+
+    it('handles access level comparisons', () => {
+      const levels: AccessLevel[] = ['viewer', 'participant', 'planner', 'admin', 'super'];
+      
+      // viewer < participant < planner < admin < super
+      const levelHierarchy = {
+        viewer: 0,
+        participant: 1,
+        planner: 2,
+        admin: 3,
+        super: 4,
+      };
+
+      levels.forEach(level => {
+        expect(levelHierarchy[level]).toBeGreaterThanOrEqual(0);
+        expect(levelHierarchy[level]).toBeLessThanOrEqual(4);
+      });
+    });
+  });
+
+  describe('Permission String Parsing', () => {
+    it('parses valid permission strings', () => {
+      const parsePermission = (permission: string) => {
+        const match = permission.match(/^(\w+):(.+)$/);
+        if (!match) return null;
+        return {
+          operation: match[1],
+          resource: match[2],
+        };
+      };
+
+      const permission = parsePermission('read:users');
+      expect(permission).toEqual({
+        operation: 'read',
+        resource: 'users',
+      });
+    });
+
+    it('parses complex resource names', () => {
+      const parsePermission = (permission: string) => {
+        const match = permission.match(/^(\w+):(.+)$/);
+        if (!match) return null;
+        return {
+          operation: match[1],
+          resource: match[2],
+        };
+      };
+
+      const permission = parsePermission('write:user-profiles');
+      expect(permission).toEqual({
+        operation: 'write',
+        resource: 'user-profiles',
+      });
+    });
+
+    it('returns null for invalid permissions', () => {
+      const parsePermission = (permission: string) => {
+        const match = permission.match(/^(\w+):(.+)$/);
+        if (!match) return null;
+        return {
+          operation: match[1],
+          resource: match[2],
+        };
+      };
+
+      expect(parsePermission('invalid')).toBeNull();
+      expect(parsePermission('')).toBeNull();
+      expect(parsePermission('read')).toBeNull();
+    });
+  });
+
+  describe('Error Handling', () => {
+    it('handles missing Supabase client gracefully', () => {
+      // The setupRBAC function doesn't throw on null client, it just logs
+      expect(() => {
+        setupRBAC(null as any);
+      }).not.toThrow();
+    });
+
+    it('handles invalid configuration', () => {
+      const invalidConfig = {
+        debug: 'invalid' as any,
+        logLevel: 'invalid' as any,
+      };
+
+      // Should not throw during setup, but may log warnings
+      expect(() => {
+        setupRBAC(mockSupabaseClient as any, invalidConfig);
+      }).not.toThrow();
+    });
+  });
+
+  describe('Type Safety', () => {
+    it('ensures Permission type safety', () => {
+      const validPermissions: Permission[] = [
+        'read:users',
+        'create:events',
+        'update:profiles',
+        'delete:comments',
+        'manage:organisations',
+      ];
+
+      validPermissions.forEach(permission => {
+        expect(typeof permission).toBe('string');
+        expect(permission).toMatch(/^(read|create|update|delete|manage):/);
+      });
+    });
+
+    it('ensures AccessLevel type safety', () => {
+      const validAccessLevels: AccessLevel[] = [
+        'viewer',
+        'participant',
+        'planner',
+        'admin',
+        'super',
+      ];
+
+      validAccessLevels.forEach(level => {
+        expect(typeof level).toBe('string');
+        expect(['viewer', 'participant', 'planner', 'admin', 'super']).toContain(level);
+      });
+    });
+  });
+
+  describe('Permission Logic', () => {
+    it('validates permission hierarchy', () => {
+      const permissionHierarchy = {
+        'read': 1,
+        'create': 2,
+        'update': 3,
+        'delete': 4,
+        'manage': 5,
+      };
+
+      const operations: Operation[] = ['read', 'create', 'update', 'delete', 'manage'];
+      
+      operations.forEach(operation => {
+        expect(permissionHierarchy[operation]).toBeGreaterThan(0);
+      });
+    });
+
+    it('validates access level hierarchy', () => {
+      const accessLevelHierarchy = {
+        'viewer': 1,
+        'participant': 2,
+        'planner': 3,
+        'admin': 4,
+        'super': 5,
+      };
+
+      const levels: AccessLevel[] = ['viewer', 'participant', 'planner', 'admin', 'super'];
+      
+      levels.forEach(level => {
+        expect(accessLevelHierarchy[level]).toBeGreaterThan(0);
+      });
+    });
+  });
+});