@jmruthers/pace-core 0.6.5 → 0.6.7

package/src/rbac/components/__tests__/SecureDataProvider.test.tsx

@@ -1,659 +0,0 @@
-/**
- * @file Secure Data Provider Component Tests (Fixed)
- * @package @jmruthers/pace-core
- * @module RBAC/Components/SecureDataProvider
- * @since 2.0.0
- *
- * Comprehensive test suite for the SecureDataProvider component.
- * Tests cover all functionality including data access control, audit logging,
- * strict mode enforcement, context management, and error scenarios.
- */
-
-import React from 'react';
-import { render, screen, waitFor, act } from '@testing-library/react';
-import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
-import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
-import { renderWithProviders } from '../../../__tests__/helpers';
-
-// Mock the RBAC logger - define inside factory to avoid hoisting issues
-const mockLogger = {
-  debug: vi.fn(),
-  error: vi.fn(),
-  warn: vi.fn(),
-  info: vi.fn(),
-};
-
-vi.mock('../../config', () => ({
-  getRBACLogger: vi.fn(() => mockLogger),
-  getRBACConfig: vi.fn(() => ({
-    debug: true,
-    logLevel: 'debug',
-    developmentMode: true,
-    audit: {
-      enabled: true,
-      logLevel: 'debug'
-    }
-  })),
-  isDebugMode: vi.fn(() => true),
-  isDevelopmentMode: vi.fn(() => true),
-}));
-
-import { 
-  SecureDataProvider, 
-  SecureDataProviderProps, 
-  useSecureData,
-  DataAccessRecord 
-} from '../SecureDataProvider';
-import { useUnifiedAuth } from '../../../providers/services/UnifiedAuthProvider';
-
-// Mock the UnifiedAuthProvider
-const mockUseUnifiedAuthFn = vi.fn();
-vi.mock('../../../providers/services/UnifiedAuthProvider', () => ({
-  useUnifiedAuth: () => mockUseUnifiedAuthFn(),
-  UnifiedAuthProvider: ({ children }: { children: React.ReactNode }) => <div data-testid="unified-auth-provider">{children}</div>
-}));
-
-// useSecureDataAccess has been removed - SecureDataProvider now uses useSecureSupabase internally
-// No mock needed as SecureDataProvider handles validation internally
-
-// Mock useResolvedScope
-const mockUseResolvedScopeFn = vi.fn();
-vi.mock('../../hooks/useResolvedScope', () => ({
-  useResolvedScope: () => mockUseResolvedScopeFn(),
-}));
-
-// Mock useOrganisations to prevent provider requirement
-vi.mock('../../../hooks/useOrganisations', () => ({
-  useOrganisations: vi.fn(() => ({
-    organisations: [],
-    isLoading: false,
-    error: null,
-    refetch: vi.fn(),
-    selectedOrganisation: {
-      id: 'org-456',
-      name: 'Test Org',
-      display_name: 'Test Organisation',
-      description: 'Test',
-      subscription_tier: 'basic',
-      settings: {},
-      is_active: true,
-      created_at: '2023-01-01T00:00:00Z',
-      updated_at: '2023-01-01T00:00:00Z'
-    }
-  }))
-}));
-
-// Mock useEvents
-vi.mock('../../../hooks/useEvents', () => ({
-  useEvents: vi.fn(() => ({
-    events: [],
-    isLoading: false,
-    error: null,
-    refetch: vi.fn(),
-    selectedEvent: {
-      id: 'event-789',
-      event_id: 'event-789',
-      event_name: 'Test Event',
-      event_date: '2023-01-01T00:00:00Z',
-      event_venue: 'Test Venue',
-      event_participants: 100,
-      event_colours: '#FF0000',
-      event_logo: '',
-      organisation_id: 'org-456' as any,
-      is_visible: true,
-      created_at: '2023-01-01T00:00:00Z',
-      updated_at: '2023-01-01T00:00:00Z'
-    },
-    eventLoading: false
-  }))
-}));
-
-// Mock useOrganisationSecurity
-vi.mock('../../../hooks/useOrganisationSecurity', () => ({
-  useOrganisationSecurity: vi.fn(() => ({
-    superAdminContext: {
-      isSuperAdmin: false,
-      isLoading: false
-    },
-    organisationSecurity: {
-      canAccessOrganisation: vi.fn(() => true),
-      canAccessEvent: vi.fn(() => true)
-    }
-  }))
-}));
-
-// Mock supabase client
-const mockSupabase = {
-  from: vi.fn(() => ({
-    select: vi.fn().mockReturnThis(),
-    insert: vi.fn().mockReturnThis(),
-    update: vi.fn().mockReturnThis(),
-    delete: vi.fn().mockReturnThis(),
-    eq: vi.fn().mockReturnThis(),
-    then: vi.fn((resolve) => resolve({ data: [], error: null }))
-  }))
-} as any;
-
-// Test data
-const mockUser = {
-  user: {
-    id: 'user-123',
-    email: 'test@example.com',
-  },
-  supabase: mockSupabase,
-  selectedOrganisation: {
-    id: 'org-456',
-    name: 'Test Org',
-    display_name: 'Test Organisation',
-    description: 'Test',
-    subscription_tier: 'basic',
-    settings: {},
-    is_active: true,
-    created_at: '2023-01-01T00:00:00Z',
-    updated_at: '2023-01-01T00:00:00Z'
-  },
-  selectedEvent: {
-    id: 'event-789',
-    event_id: 'event-789',
-    event_name: 'Test Event',
-    event_date: '2023-01-01T00:00:00Z',
-    event_venue: 'Test Venue',
-    event_participants: 100,
-    event_colours: '#FF0000',
-    event_logo: '',
-    organisation_id: 'org-456' as any,
-    is_visible: true,
-    created_at: '2023-01-01T00:00:00Z',
-    updated_at: '2023-01-01T00:00:00Z'
-  }
-};
-
-const mockScope = {
-  organisationId: 'org-456',
-  eventId: 'event-789',
-  appId: undefined
-};
-
-// Test component that uses the context
-const TestComponent: React.FC<{ testId?: string }> = ({ testId = 'test-component' }) => {
-  const context = useSecureData();
-  
-  return (
-    <div data-testid={testId}>
-      <div data-testid="is-enabled">{context.isEnabled.toString()}</div>
-      <div data-testid="is-strict-mode">{context.isStrictMode.toString()}</div>
-      <div data-testid="is-audit-log-enabled">{context.isAuditLogEnabled.toString()}</div>
-      <div data-testid="data-access-allowed">
-        {context.isDataAccessAllowed('test_table', 'read').toString()}
-      </div>
-      <div data-testid="permissions">
-        {JSON.stringify(context.getDataAccessPermissions())}
-      </div>
-      <div data-testid="history-length">
-        {context.getDataAccessHistory().length}
-      </div>
-    </div>
-  );
-};
-
-// Test wrapper component
-const TestWrapper: React.FC<{ 
-  children: React.ReactNode; 
-  providerProps?: Partial<SecureDataProviderProps> 
-}> = ({ children, providerProps = {} }) => {
-  const queryClient = new QueryClient({
-    defaultOptions: {
-      queries: { retry: false },
-      mutations: { retry: false }
-    }
-  });
-
-  return (
-    <QueryClientProvider client={queryClient}>
-      <SecureDataProvider {...providerProps}>
-        {children}
-      </SecureDataProvider>
-    </QueryClientProvider>
-  );
-};
-
-describe('SecureDataProvider', () => {
-  beforeEach(() => {
-    vi.clearAllMocks();
-    
-    mockUseUnifiedAuthFn.mockReturnValue({
-      ...mockUser,
-      supabase: {} as any,
-    });
-    
-    // Mock useResolvedScope to return resolved scope
-    mockUseResolvedScopeFn.mockReturnValue({
-      resolvedScope: mockScope,
-      isLoading: false,
-      error: null,
-    });
-    
-    // mockValidateContext removed - SecureDataProvider handles validation internally
-  });
-
-  afterEach(() => {
-    vi.clearAllMocks();
-  });
-
-  describe('Basic Functionality', () => {
-    it('should render children correctly', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <div data-testid="simple-test">Test Content</div>
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('simple-test')).toBeInTheDocument();
-    });
-
-    it('should provide context values with defaults', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('is-enabled')).toHaveTextContent('true');
-      expect(screen.getByTestId('is-strict-mode')).toHaveTextContent('true');
-      expect(screen.getByTestId('is-audit-log-enabled')).toHaveTextContent('true');
-    });
-
-    it('should allow data access when enabled', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      // When enabled with valid user and scope, isDataAccessAllowed returns true
-      expect(screen.getByTestId('data-access-allowed')).toHaveTextContent('true');
-    });
-
-    it('should return empty permissions initially', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('permissions')).toHaveTextContent('{}');
-    });
-
-    it('should return empty history initially', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('history-length')).toHaveTextContent('0');
-    });
-  });
-
-  describe('Configuration Options', () => {
-    it('should respect strictMode prop', () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ strictMode: true }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('is-strict-mode')).toHaveTextContent('true');
-    });
-
-    it('should respect auditLog prop', () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ auditLog: true }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('is-audit-log-enabled')).toHaveTextContent('true');
-    });
-
-    it('should respect maxHistorySize prop', () => {
-      const onDataAccess = vi.fn();
-      
-      renderWithProviders(
-        <TestWrapper providerProps={{ maxHistorySize: 50, onDataAccess }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-
-    it('should respect enforceRLS prop', () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ enforceRLS: true }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-  });
-
-  describe('Data Access Control', () => {
-    it('should allow data access when user is authenticated', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      // When user is authenticated with valid scope, isDataAccessAllowed returns true
-      expect(screen.getByTestId('data-access-allowed')).toHaveTextContent('true');
-    });
-
-    it('should deny data access when user is not authenticated', () => {
-      mockUseUnifiedAuthFn.mockReturnValue({ ...mockUser, user: null });
-      
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('data-access-allowed')).toHaveTextContent('false');
-    });
-
-    it('should deny data access when organisation context is missing (org-required app)', () => {
-      // For org-required apps, selectedOrganisation is required
-      // For event-required apps, selectedOrganisation is null and org is derived from event
-      mockUseUnifiedAuthFn.mockReturnValue({ 
-        ...mockUser, 
-        selectedOrganisation: null,
-        selectedEvent: null, // No event either, so no context available
-        supabase: {} as any,
-      });
-      
-      // Mock useResolvedScope to return null scope when no context available
-      mockUseResolvedScopeFn.mockReturnValue({
-        resolvedScope: null,
-        isLoading: false,
-        error: null,
-      });
-      
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('data-access-allowed')).toHaveTextContent('false');
-    });
-
-    it('should allow data access when disabled', () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ isEnabled: false }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      // When disabled, isDataAccessAllowed returns true (allows all access)
-      expect(screen.getByTestId('data-access-allowed')).toHaveTextContent('true');
-    });
-  });
-
-  describe('Context Validation', () => {
-    it('should validate context successfully', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      // The component should render without errors
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-
-    it('should handle context validation errors', () => {
-      // Context validation is handled internally by SecureDataProvider
-      // We can't directly mock it anymore, so we'll test the error through the component behavior
-      // For now, this test verifies the component renders without crashing
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      // The component should render without errors
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-  });
-
-  describe('Audit Logging', () => {
-    it('should log strict mode status when enabled', async () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ strictMode: true, auditLog: true }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      await waitFor(() => {
-        expect(mockLogger.debug).toHaveBeenCalledWith(
-          'Strict mode enabled - all data access attempts will be logged and enforced'
-        );
-      });
-    });
-
-    it('should log RLS enforcement when enabled', async () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ enforceRLS: true, auditLog: true }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      await waitFor(() => {
-        expect(mockLogger.debug).toHaveBeenCalledWith(
-          'Strict mode enabled - all data access attempts will be logged and enforced'
-        );
-      });
-    });
-
-    it('should not log when audit logging is disabled', async () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ strictMode: true, auditLog: false }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      await waitFor(() => {
-        expect(mockLogger.debug).not.toHaveBeenCalledWith(
-          'Strict mode enabled - all data access attempts will be logged and enforced'
-        );
-      });
-    });
-  });
-
-  describe('History Management', () => {
-    it('should clear data access history', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('history-length')).toHaveTextContent('0');
-    });
-
-    it('should maintain history within maxHistorySize limit', () => {
-      renderWithProviders(
-        <TestWrapper providerProps={{ maxHistorySize: 5 }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('history-length')).toHaveTextContent('0');
-    });
-  });
-
-  describe('Error Handling', () => {
-    it('should handle missing user gracefully', () => {
-      mockUseUnifiedAuthFn.mockReturnValue({ user: null, selectedOrganisation: null, selectedEvent: null });
-      
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('data-access-allowed')).toHaveTextContent('false');
-    });
-
-    it('should handle missing organisation context gracefully', () => {
-      mockUseUnifiedAuthFn.mockReturnValue({ 
-        ...mockUser, 
-        selectedOrganisation: null,
-        selectedEvent: null, // No event either
-        supabase: {} as any,
-      });
-      
-      // Mock useResolvedScope to return null scope when no context available
-      mockUseResolvedScopeFn.mockReturnValue({
-        resolvedScope: null,
-        isLoading: false,
-        error: null,
-      });
-      
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('data-access-allowed')).toHaveTextContent('false');
-    });
-  });
-
-  describe('useSecureData Hook', () => {
-    it('should throw error when used outside provider', () => {
-      // Suppress console.error for this test
-      const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
-      
-      expect(() => {
-        renderWithProviders(<TestComponent />);
-      }).toThrow('useSecureData must be used within a SecureDataProvider');
-      
-      consoleSpy.mockRestore();
-    });
-
-    it('should return context when used within provider', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-  });
-
-  describe('Callback Functions', () => {
-    it('should call onDataAccess callback when provided', () => {
-      const onDataAccess = vi.fn();
-      
-      renderWithProviders(
-        <TestWrapper providerProps={{ onDataAccess }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-
-    it('should call onStrictModeViolation callback when provided', () => {
-      const onStrictModeViolation = vi.fn();
-      
-      renderWithProviders(
-        <TestWrapper providerProps={{ onStrictModeViolation }}>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-  });
-
-  describe('Scope Management', () => {
-    it('should create scope with organisation and event IDs', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-
-    it('should handle missing event ID in scope', () => {
-      mockUseUnifiedAuthFn.mockReturnValue({ ...mockUser, selectedEvent: null });
-      
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-  });
-
-  describe('Performance', () => {
-    it('should memoize context value', () => {
-      const { rerender } = renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      const initialHistoryLength = screen.getByTestId('history-length').textContent;
-      
-      rerender(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('history-length')).toHaveTextContent(initialHistoryLength!);
-    });
-  });
-
-  describe('Integration', () => {
-    it('should work with multiple consumers', () => {
-      renderWithProviders(
-        <TestWrapper>
-          <TestComponent testId="component-1" />
-          <TestComponent testId="component-2" />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('component-1')).toBeInTheDocument();
-      expect(screen.getByTestId('component-2')).toBeInTheDocument();
-    });
-
-    it('should maintain state across re-renders', () => {
-      const { rerender } = renderWithProviders(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-      
-      rerender(
-        <TestWrapper>
-          <TestComponent />
-        </TestWrapper>
-      );
-
-      expect(screen.getByTestId('test-component')).toBeInTheDocument();
-    });
-  });
-});