npm - @jskit-ai/users-core - Versions diffs - 0.1.4 - Mend

@jskit-ai/users-core 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (148) hide show

package/test/workspaceRouteVisibilityResolver.test.js ADDED Viewed

@@ -0,0 +1,83 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { createWorkspaceRouteVisibilityResolver } from "../src/server/common/contributors/workspaceRouteVisibilityResolver.js";
+test("workspace route visibility resolver contributes workspace_user scope and actor ownership", async () => {
+  const resolver = createWorkspaceRouteVisibilityResolver({
+    workspaceService: {
+      async resolveWorkspaceContextForUserBySlug() {
+        throw new Error("should not be called");
+      }
+    }
+  });
+  const contribution = await resolver.resolve({
+    visibility: "workspace_user",
+    context: {
+      actor: {
+        id: "user_42"
+      },
+      workspace: {
+        id: 11
+      }
+    }
+  });
+  assert.deepEqual(contribution, {
+    scopeKind: "workspace_user",
+    requiresActorScope: true,
+    scopeOwnerId: 11,
+    userOwnerId: "user_42"
+  });
+});
+test("workspace route visibility resolver keeps workspace-only visibility actor-agnostic", async () => {
+  const resolver = createWorkspaceRouteVisibilityResolver({
+    workspaceService: {
+      async resolveWorkspaceContextForUserBySlug() {
+        throw new Error("should not be called");
+      }
+    }
+  });
+  const contribution = await resolver.resolve({
+    visibility: "workspace",
+    context: {
+      workspace: {
+        id: 11
+      }
+    }
+  });
+  assert.deepEqual(contribution, {
+    scopeKind: "workspace",
+    requiresActorScope: false,
+    scopeOwnerId: 11
+  });
+});
+test("workspace route visibility resolver still marks workspace_user as actor-scoped when workspace is unresolved", async () => {
+  const resolver = createWorkspaceRouteVisibilityResolver({
+    workspaceService: {
+      async resolveWorkspaceContextForUserBySlug() {
+        return {};
+      }
+    }
+  });
+  const contribution = await resolver.resolve({
+    visibility: "workspace_user",
+    context: {
+      actor: {
+        id: "user_99"
+      }
+    },
+    input: {}
+  });
+  assert.deepEqual(contribution, {
+    scopeKind: "workspace_user",
+    requiresActorScope: true,
+    userOwnerId: "user_99"
+  });
+});

package/test/workspaceService.test.js ADDED Viewed

@@ -0,0 +1,480 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { createService } from "../src/server/common/services/workspaceContextService.js";
+function createWorkspaceRoles() {
+  return {
+    defaultInviteRole: "member",
+    roles: {
+      owner: {
+        assignable: false,
+        permissions: ["*"]
+      },
+      member: {
+        assignable: true,
+        permissions: ["workspace.settings.view"]
+      }
+    }
+  };
+}
+function createWorkspaceServiceFixture({
+  tenancyMode = "workspace",
+  tenancyPolicy = {},
+  workspaceRoles = createWorkspaceRoles(),
+  additionalWorkspaces = [],
+  userWorkspaceRows = null,
+  membershipResolver = null,
+  personalWorkspace = {
+    id: 1,
+    slug: "tonymobily3",
+    name: "TonyMobily3",
+    ownerUserId: 7,
+    isPersonal: true,
+    avatarUrl: "",
+    color: "#0F6B54"
+  }
+} = {}) {
+  const calls = {
+    findPersonalByOwnerUserId: 0,
+    listForUserId: 0,
+    insert: 0,
+    ensureOwnerMembership: 0
+  };
+  let nextWorkspaceId = 10;
+  const personalWorkspaceState =
+    personalWorkspace && typeof personalWorkspace === "object" ? { ...personalWorkspace } : null;
+  const insertedPayloads = [];
+  const workspaceBySlug = new Map();
+  if (personalWorkspaceState?.slug) {
+    workspaceBySlug.set(String(personalWorkspaceState.slug).trim().toLowerCase(), {
+      ...personalWorkspaceState
+    });
+  }
+  for (const workspace of Array.isArray(additionalWorkspaces) ? additionalWorkspaces : []) {
+    if (!workspace || typeof workspace !== "object") {
+      continue;
+    }
+    const slug = String(workspace.slug || "").trim().toLowerCase();
+    if (!slug) {
+      continue;
+    }
+    workspaceBySlug.set(slug, {
+      ...workspace
+    });
+  }
+  const service = createService({
+    appConfig: {
+      tenancyMode,
+      tenancyPolicy,
+      workspaceRoles: workspaceRoles && typeof workspaceRoles === "object" ? { ...workspaceRoles } : workspaceRoles
+    },
+    workspacesRepository: {
+      async findBySlug(slug) {
+        const normalizedSlug = String(slug || "").trim().toLowerCase();
+        const workspace = workspaceBySlug.get(normalizedSlug);
+        if (!workspace) {
+          return null;
+        }
+        return { ...workspace };
+      },
+      async findPersonalByOwnerUserId() {
+        calls.findPersonalByOwnerUserId += 1;
+        return personalWorkspaceState ? { ...personalWorkspaceState } : null;
+      },
+      async listForUserId() {
+        calls.listForUserId += 1;
+        if (Array.isArray(userWorkspaceRows)) {
+          return userWorkspaceRows;
+        }
+        return [
+          {
+            id: 1,
+            slug: "tonymobily3",
+            name: "TonyMobily3",
+            avatarUrl: "",
+            color: "#0F6B54",
+            roleId: "owner",
+            membershipStatus: "active"
+          },
+          {
+            id: 2,
+            slug: "pending-workspace",
+            name: "Pending Workspace",
+            avatarUrl: "",
+            color: "#0F6B54",
+            roleId: "member",
+            membershipStatus: "pending"
+          }
+        ];
+      },
+      async insert(payload) {
+        calls.insert += 1;
+        insertedPayloads.push(payload);
+        const workspaceId = nextWorkspaceId++;
+        const inserted = {
+          id: workspaceId,
+          slug: String(payload.slug || ""),
+          name: String(payload.name || ""),
+          ownerUserId: Number(payload.ownerUserId),
+          isPersonal: payload.isPersonal === true,
+          avatarUrl: String(payload.avatarUrl || ""),
+          color: String(payload.color || "#0F6B54")
+        };
+        workspaceBySlug.set(String(inserted.slug).trim().toLowerCase(), inserted);
+        return inserted;
+      }
+    },
+    workspaceMembershipsRepository: {
+      async ensureOwnerMembership() {
+        calls.ensureOwnerMembership += 1;
+      },
+      async findByWorkspaceIdAndUserId(workspaceId, userId) {
+        if (typeof membershipResolver === "function") {
+          return membershipResolver(workspaceId, userId);
+        }
+        return {
+          workspaceId,
+          userId,
+          roleId: "owner",
+          status: "active"
+        };
+      }
+    },
+    workspaceSettingsRepository: {
+      async ensureForWorkspaceId() {
+        return {
+          invitesEnabled: true
+        };
+      }
+    }
+  });
+  return { service, calls, insertedPayloads };
+}
+test("workspaceService no longer exposes bootstrap payload assembly", () => {
+  const { service } = createWorkspaceServiceFixture();
+  assert.equal(service.buildBootstrapPayload, undefined);
+});
+test("workspaceService.listWorkspacesForUser returns only accessible workspaces", async () => {
+  const { service, calls } = createWorkspaceServiceFixture();
+  const workspaces = await service.listWorkspacesForUser({
+    id: 7,
+    email: "chiaramobily@gmail.com",
+    displayName: "Chiara"
+  });
+  assert.equal(workspaces.length, 1);
+  assert.equal(workspaces[0].slug, "tonymobily3");
+  assert.equal(workspaces[0].roleId, "owner");
+  assert.equal(calls.listForUserId, 1);
+  assert.equal(calls.insert, 0);
+});
+test("workspaceService.listWorkspacesForUser no longer provisions personal workspace in workspace mode", async () => {
+  const { service, calls } = createWorkspaceServiceFixture({
+    tenancyMode: "workspace",
+    personalWorkspace: null
+  });
+  await service.listWorkspacesForUser({
+    id: 7,
+    email: "chiaramobily@gmail.com",
+    displayName: "Chiara"
+  });
+  assert.equal(calls.findPersonalByOwnerUserId, 0);
+  assert.equal(calls.insert, 0);
+});
+test("workspaceService.listWorkspacesForUser returns all active memberships in personal tenancy", async () => {
+  const { service, calls } = createWorkspaceServiceFixture({
+    tenancyMode: "personal",
+    userWorkspaceRows: [
+      {
+        id: 1,
+        slug: "chiaramobily",
+        name: "Chiara Personal",
+        avatarUrl: "",
+        color: "#0F6B54",
+        roleId: "owner",
+        membershipStatus: "active"
+      },
+      {
+        id: 2,
+        slug: "tonymobily",
+        name: "Tony Workspace",
+        avatarUrl: "",
+        color: "#0F6B54",
+        roleId: "member",
+        membershipStatus: "active"
+      },
+      {
+        id: 3,
+        slug: "pending-workspace",
+        name: "Pending Workspace",
+        avatarUrl: "",
+        color: "#0F6B54",
+        roleId: "member",
+        membershipStatus: "pending"
+      }
+    ]
+  });
+  const workspaces = await service.listWorkspacesForUser({
+    id: 7,
+    email: "chiaramobily@gmail.com",
+    displayName: "Chiara"
+  });
+  assert.deepEqual(
+    workspaces.map((workspace) => workspace.slug),
+    ["chiaramobily", "tonymobily"]
+  );
+  assert.equal(calls.findPersonalByOwnerUserId, 0);
+  assert.equal(calls.listForUserId, 1);
+});
+test("workspaceService.provisionWorkspaceForNewUser provisions personal workspace only in personal tenancy", async () => {
+  const { service, calls, insertedPayloads } = createWorkspaceServiceFixture({
+    tenancyMode: "personal",
+    personalWorkspace: null
+  });
+  const workspace = await service.provisionWorkspaceForNewUser({
+    id: 7,
+    email: "chiaramobily@gmail.com",
+    displayName: "Chiara"
+  });
+  assert.equal(Number(workspace.ownerUserId), 7);
+  assert.equal(calls.findPersonalByOwnerUserId, 1);
+  assert.equal(calls.insert, 1);
+  assert.equal(calls.ensureOwnerMembership, 1);
+  assert.equal(insertedPayloads[0].isPersonal, true);
+});
+test("workspaceService.provisionWorkspaceForNewUser is a no-op outside personal tenancy", async () => {
+  const { service, calls } = createWorkspaceServiceFixture({
+    tenancyMode: "workspace"
+  });
+  const result = await service.provisionWorkspaceForNewUser({
+    id: 7,
+    email: "chiaramobily@gmail.com",
+    displayName: "Chiara"
+  });
+  assert.equal(result, null);
+  assert.equal(calls.insert, 0);
+});
+test("workspaceService.createWorkspaceForAuthenticatedUser creates non-personal workspace in workspace tenancy", async () => {
+  const { service, calls, insertedPayloads } = createWorkspaceServiceFixture({
+    tenancyMode: "workspace",
+    tenancyPolicy: {
+      workspace: {
+        allowSelfCreate: true
+      }
+    }
+  });
+  const workspace = await service.createWorkspaceForAuthenticatedUser(
+    {
+      id: 7,
+      email: "chiaramobily@gmail.com",
+      displayName: "Chiara"
+    },
+    {
+      name: "Operations Team",
+      slug: "ops-team"
+    }
+  );
+  assert.equal(workspace.slug, "ops-team");
+  assert.equal(calls.insert, 1);
+  assert.equal(calls.ensureOwnerMembership, 1);
+  assert.equal(insertedPayloads[0].isPersonal, false);
+  assert.equal(insertedPayloads[0].ownerUserId, 7);
+});
+test("workspaceService.createWorkspaceForAuthenticatedUser rejects creation when self-create policy is disabled", async () => {
+  const { service } = createWorkspaceServiceFixture({
+    tenancyMode: "workspace"
+  });
+  await assert.rejects(
+    () =>
+      service.createWorkspaceForAuthenticatedUser(
+        {
+          id: 7,
+          email: "chiaramobily@gmail.com",
+          displayName: "Chiara"
+        },
+        {
+          name: "Operations Team"
+        }
+      ),
+    /Workspace creation is disabled for this tenancy mode/
+  );
+});
+test("workspaceService.resolveWorkspaceContextForUserBySlug returns workspace-not-found when requested slug does not exist", async () => {
+  const { service } = createWorkspaceServiceFixture({
+    tenancyMode: "personal",
+    personalWorkspace: null
+  });
+  await assert.rejects(
+    () =>
+      service.resolveWorkspaceContextForUserBySlug(
+        {
+          id: 7,
+          email: "chiaramobily@gmail.com",
+          displayName: "Chiara"
+        },
+        "tonymobily3"
+      ),
+    /Workspace not found/
+  );
+});
+test("workspaceService.resolveWorkspaceContextForUserBySlug allows personal tenancy access when membership is active", async () => {
+  const { service } = createWorkspaceServiceFixture({
+    tenancyMode: "personal",
+    personalWorkspace: {
+      id: 1,
+      slug: "my-personal",
+      name: "My Personal",
+      ownerUserId: 7,
+      isPersonal: true,
+      avatarUrl: "",
+      color: "#0F6B54"
+    },
+    additionalWorkspaces: [
+      {
+        id: 42,
+        slug: "team-alpha",
+        name: "Team Alpha",
+        ownerUserId: 99,
+        isPersonal: false,
+        avatarUrl: "",
+        color: "#0F6B54"
+      }
+    ]
+  });
+  const context = await service.resolveWorkspaceContextForUserBySlug(
+    {
+      id: 7,
+      email: "chiaramobily@gmail.com",
+      displayName: "Chiara"
+    },
+    "team-alpha"
+  );
+  assert.equal(context.workspace.slug, "team-alpha");
+  assert.equal(context.membership.roleId, "owner");
+  assert.deepEqual(context.permissions, ["*"]);
+});
+test("workspaceService.resolveWorkspaceContextForUserBySlug grants owner access even when membership row is missing", async () => {
+  let ensuredMembershipCount = 0;
+  let membershipRecord = null;
+  const service = createService({
+    appConfig: {
+      tenancyMode: "personal",
+      workspaceRoles: createWorkspaceRoles()
+    },
+    workspacesRepository: {
+      async findBySlug(slug) {
+        if (String(slug) !== "tonymobily") {
+          return null;
+        }
+        return {
+          id: 1,
+          slug: "tonymobily",
+          name: "TonyMobily",
+          ownerUserId: 7,
+          isPersonal: true,
+          avatarUrl: "",
+          color: "#0F6B54"
+        };
+      },
+      async findPersonalByOwnerUserId() {
+        return null;
+      },
+      async listForUserId() {
+        return [];
+      },
+      async insert() {
+        throw new Error("not implemented");
+      }
+    },
+    workspaceMembershipsRepository: {
+      async findByWorkspaceIdAndUserId() {
+        return membershipRecord;
+      },
+      async ensureOwnerMembership(workspaceId, userId) {
+        ensuredMembershipCount += 1;
+        membershipRecord = {
+          workspaceId,
+          userId,
+          roleId: "owner",
+          status: "active"
+        };
+        return membershipRecord;
+      }
+    },
+    workspaceSettingsRepository: {
+      async ensureForWorkspaceId() {
+        return {
+          invitesEnabled: true
+        };
+      }
+    }
+  });
+  const context = await service.resolveWorkspaceContextForUserBySlug(
+    {
+      id: 7,
+      email: "chiaramobily@gmail.com",
+      displayName: "Chiara"
+    },
+    "tonymobily"
+  );
+  assert.equal(ensuredMembershipCount, 1);
+  assert.equal(context.membership.roleId, "owner");
+  assert.deepEqual(context.permissions, ["*"]);
+});
+test("workspaceService.resolveWorkspaceContextForUserBySlug resolves permissions from appConfig.workspaceRoles", async () => {
+  const { service } = createWorkspaceServiceFixture({
+    workspaceRoles: {
+      defaultInviteRole: "member",
+      roles: {
+        owner: {
+          assignable: false,
+          permissions: ["workspace.settings.update"]
+        }
+      }
+    }
+  });
+  const context = await service.resolveWorkspaceContextForUserBySlug(
+    {
+      id: 7,
+      email: "chiaramobily@gmail.com",
+      displayName: "Chiara"
+    },
+    "tonymobily3"
+  );
+  assert.deepEqual(context.permissions, ["workspace.settings.update"]);
+});

package/test/workspaceSettingsActions.test.js ADDED Viewed

@@ -0,0 +1,42 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import "../test-support/registerDefaultSettingsFields.js";
+import { workspaceDirectoryActions } from "../src/server/workspaceDirectory/workspaceDirectoryActions.js";
+import { workspacePendingInvitationsActions } from "../src/server/workspacePendingInvitations/workspacePendingInvitationsActions.js";
+import { workspaceMembersActions } from "../src/server/workspaceMembers/workspaceMembersActions.js";
+import { workspaceSettingsActions } from "../src/server/workspaceSettings/workspaceSettingsActions.js";
+import { workspaceResource } from "../src/shared/resources/workspaceResource.js";
+test("workspace settings actions live in their own action array", () => {
+  assert.deepEqual(
+    workspaceSettingsActions.map((action) => action.id),
+    ["workspace.settings.read", "workspace.settings.update"]
+  );
+  assert.equal(workspaceSettingsActions[0].surfacesFrom, "workspace");
+  assert.equal(workspaceSettingsActions[1].surfacesFrom, "workspace");
+  assert.deepEqual(workspaceSettingsActions[1].channels, ["api", "assistant_tool", "automation", "internal"]);
+  assert.equal(workspaceSettingsActions[1].extensions?.assistant?.description, "Update workspace settings.");
+});
+test("workspace actions array no longer owns workspace settings actions", () => {
+  const otherWorkspaceActionIds = [
+    ...workspaceDirectoryActions,
+    ...workspacePendingInvitationsActions,
+    ...workspaceMembersActions
+  ].map((action) => action.id);
+  assert.equal(
+    otherWorkspaceActionIds.includes("workspace.settings.read"),
+    false
+  );
+  assert.equal(
+    otherWorkspaceActionIds.includes("workspace.settings.update"),
+    false
+  );
+});
+test("workspace directory actions use the canonical workspace list resource output", () => {
+  const listAction = workspaceDirectoryActions.find((action) => action.id === "workspace.workspaces.list");
+  assert.ok(listAction);
+  assert.equal(listAction.outputValidator, workspaceResource.operations.list.outputValidator);
+});