@stamhoofd/backend 2.83.0 → 2.83.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +10 -10
  2. package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.test.ts +1218 -3
  3. package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.ts +127 -3
  4. package/src/helpers/AdminPermissionChecker.ts +22 -1
package/src/endpoints/organization/dashboard/organization/PatchOrganizationEndpoint.test.ts CHANGED
@@ -1,7 +1,8 @@
1
1
  import { Request } from '@simonbackx/simple-endpoints';
2
- import { OrganizationFactory, Token, UserFactory } from '@stamhoofd/models';
3
- import { Organization, PermissionLevel, Permissions } from '@stamhoofd/structures';
2
+ import { GroupFactory, Organization, OrganizationFactory, Token, User, UserFactory, Webshop, WebshopFactory } from '@stamhoofd/models';
3
+ import { AccessRight, MemberResponsibility, OrganizationPrivateMetaData, Organization as OrganizationStruct, PermissionLevel, PermissionRoleDetailed, PermissionRoleForResponsibility, Permissions, PermissionsResourceType, ResourcePermissions, Version } from '@stamhoofd/structures';
4
4
 
5
+ import { AutoEncoderPatchType, PatchableArray, PatchableArrayAutoEncoder, PatchMap } from '@simonbackx/simple-encoding';
5
6
  import { testServer } from '../../../../../tests/helpers/TestServer';
6
7
  import { PatchOrganizationEndpoint } from './PatchOrganizationEndpoint';
7
8
 
@@ -9,6 +10,12 @@ describe('Endpoint.PatchOrganization', () => {
9
10
  // Test endpoint
10
11
  const endpoint = new PatchOrganizationEndpoint();
11
12
 
13
+ const patchOrganization = async ({ patch, organization, token }: { patch: AutoEncoderPatchType<OrganizationStruct> | OrganizationStruct; organization: Organization; token: Token }) => {
14
+ const request = Request.buildJson('PATCH', `/v${Version}/organization`, organization.getApiHost(), patch);
15
+ request.headers.authorization = 'Bearer ' + token.accessToken;
16
+ return await testServer.test(endpoint, request);
17
+ };
18
+
12
19
  test('Change the name of the organization', async () => {
13
20
  const organization = await new OrganizationFactory({}).create();
14
21
  const user = await new UserFactory({ organization, permissions: Permissions.create({ level: PermissionLevel.Full }) }).create();
@@ -24,7 +31,7 @@ describe('Endpoint.PatchOrganization', () => {
24
31
  const response = await testServer.test(endpoint, r);
25
32
  expect(response.body).toBeDefined();
26
33
 
27
- if (!(response.body instanceof Organization)) {
34
+ if (!(response.body instanceof OrganizationStruct)) {
28
35
  throw new Error('Expected Organization');
29
36
  }
30
37
 
@@ -59,4 +66,1212 @@ describe('Endpoint.PatchOrganization', () => {
59
66
 
60
67
  await expect(testServer.test(endpoint, r)).rejects.toThrow(/permissions/i);
61
68
  });
69
+
70
+ describe('Edit access to webshop', () => {
71
+ describe('full access', () => {
72
+ test('patch responsibilities, roles and inherited responsibility roles should be allowed', async () => {
73
+ // arrange
74
+ const organization = await new OrganizationFactory({ }).create();
75
+ const webshop = await new WebshopFactory({ organizationId: organization.id }).create();
76
+
77
+ const role1 = PermissionRoleDetailed.create({});
78
+ organization.privateMeta.roles = [role1];
79
+
80
+ const inheritedResponsibilityRole1 = PermissionRoleForResponsibility.create({
81
+ responsibilityId: 'doesnotmatter',
82
+ responsibilityGroupId: 'doesnotmatter',
83
+ });
84
+
85
+ organization.privateMeta.inheritedResponsibilityRoles = [inheritedResponsibilityRole1];
86
+
87
+ const inheritedResponsibilityRole2 = PermissionRoleForResponsibility.create({
88
+ responsibilityId: 'doesnotmatter',
89
+ responsibilityGroupId: 'doesnotmatter',
90
+ });
91
+
92
+ const memberResponsibility = MemberResponsibility.create({
93
+ permissions: inheritedResponsibilityRole2,
94
+ });
95
+
96
+ organization.privateMeta.responsibilities = [memberResponsibility];
97
+
98
+ await organization.save();
99
+
100
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
101
+
102
+ rolesPatch.addPatch(PermissionRoleDetailed.patch({
103
+ id: role1.id,
104
+ resources: new PatchMap([
105
+ [PermissionsResourceType.Webshops,
106
+ new Map([
107
+ [webshop.id,
108
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
109
+ ],
110
+ ]),
111
+ ],
112
+ ]),
113
+ }));
114
+
115
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
116
+
117
+ responsibilitiesPatch.addPatch(MemberResponsibility.patch({
118
+ id: memberResponsibility.id,
119
+ permissions: PermissionRoleForResponsibility.patch({
120
+ id: inheritedResponsibilityRole2.id,
121
+ resources: new PatchMap([
122
+ [PermissionsResourceType.Webshops,
123
+ new Map([
124
+ [webshop.id,
125
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
126
+ ],
127
+ ]),
128
+ ],
129
+ ]),
130
+ }),
131
+ }));
132
+
133
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
134
+
135
+ inheritedResponsibilityRolesPatch.addPatch(PermissionRoleForResponsibility.patch({
136
+ id: inheritedResponsibilityRole1.id,
137
+ resources: new PatchMap([
138
+ [PermissionsResourceType.Webshops,
139
+ new Map([
140
+ [webshop.id,
141
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
142
+ ],
143
+ ]),
144
+ ],
145
+ ]),
146
+ }));
147
+
148
+ const patch = OrganizationStruct.patch({
149
+ id: organization.id,
150
+ privateMeta: OrganizationPrivateMetaData.patch({
151
+ roles: rolesPatch,
152
+ responsibilities: responsibilitiesPatch,
153
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
154
+ }),
155
+ });
156
+
157
+ const user = await new UserFactory({
158
+ organization,
159
+ permissions: Permissions.create({ level: PermissionLevel.Full }),
160
+ })
161
+ .create();
162
+
163
+ const token = await Token.createToken(user);
164
+
165
+ // act
166
+ const response = await patchOrganization({
167
+ patch,
168
+ organization,
169
+ token,
170
+ });
171
+
172
+ // assert
173
+ expect(response.body).toBeDefined();
174
+ expect(response.body.privateMeta).not.toBeNull();
175
+
176
+ // roles
177
+ expect(response.body.privateMeta!.roles).toHaveLength(1);
178
+ expect(response.body.privateMeta!.roles[0].id).toBe(role1.id);
179
+ expect(response.body.privateMeta!.roles[0].resources.size).toBe(1);
180
+
181
+ // responsibilities
182
+ expect(response.body.privateMeta!.responsibilities).toHaveLength(1);
183
+ expect(response.body.privateMeta!.responsibilities[0].id).toBe(memberResponsibility.id);
184
+ expect(response.body.privateMeta!.responsibilities[0].permissions).not.toBeNull();
185
+ expect(response.body.privateMeta!.responsibilities[0].permissions?.resources.size).toBe(1);
186
+
187
+ // inherited responsibility roles
188
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles).toHaveLength(1);
189
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].id).toBe(inheritedResponsibilityRole1.id);
190
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].resources.size).toBe(1);
191
+ });
192
+
193
+ test('put responsibilities, roles and inherited responsibility roles should be allowed', async () => {
194
+ // arrange
195
+ const organization = await new OrganizationFactory({ }).create();
196
+ const webshop = await new WebshopFactory({ organizationId: organization.id }).create();
197
+
198
+ const role1 = PermissionRoleDetailed.create({
199
+ resources: new Map([
200
+ [PermissionsResourceType.Webshops,
201
+ new Map([
202
+ [webshop.id,
203
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
204
+ ],
205
+ ]),
206
+ ],
207
+ ]),
208
+ });
209
+
210
+ const inheritedResponsibilityRole1 = PermissionRoleForResponsibility.create({
211
+ responsibilityId: 'doesnotmatter',
212
+ responsibilityGroupId: 'doesnotmatter',
213
+ resources: new Map([
214
+ [PermissionsResourceType.Webshops,
215
+ new Map([
216
+ [webshop.id,
217
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
218
+ ],
219
+ ]),
220
+ ],
221
+ ]),
222
+ });
223
+
224
+ const inheritedResponsibilityRole2 = PermissionRoleForResponsibility.create({
225
+ responsibilityId: 'doesnotmatter',
226
+ responsibilityGroupId: 'doesnotmatter',
227
+ resources: new Map([
228
+ [PermissionsResourceType.Webshops,
229
+ new Map([
230
+ [webshop.id,
231
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
232
+ ],
233
+ ]),
234
+ ],
235
+ ]),
236
+ });
237
+
238
+ const memberResponsibility = MemberResponsibility.create({
239
+ permissions: inheritedResponsibilityRole2,
240
+ });
241
+
242
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
243
+
244
+ rolesPatch.addPut(role1);
245
+
246
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
247
+
248
+ responsibilitiesPatch.addPut(memberResponsibility);
249
+
250
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
251
+
252
+ inheritedResponsibilityRolesPatch.addPut(inheritedResponsibilityRole1);
253
+
254
+ const patch = OrganizationStruct.patch({
255
+ id: organization.id,
256
+ privateMeta: OrganizationPrivateMetaData.patch({
257
+ roles: rolesPatch,
258
+ responsibilities: responsibilitiesPatch,
259
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
260
+ }),
261
+ });
262
+
263
+ const user = await new UserFactory({
264
+ organization,
265
+ permissions: Permissions.create({ level: PermissionLevel.Full }),
266
+ })
267
+ .create();
268
+
269
+ const token = await Token.createToken(user);
270
+
271
+ // act
272
+ const response = await patchOrganization({
273
+ patch,
274
+ organization,
275
+ token,
276
+ });
277
+
278
+ // assert
279
+ expect(response.body).toBeDefined();
280
+ expect(response.body.privateMeta).not.toBeNull();
281
+
282
+ // roles
283
+ expect(response.body.privateMeta!.roles).toHaveLength(1);
284
+ expect(response.body.privateMeta!.roles[0].id).toBe(role1.id);
285
+ expect(response.body.privateMeta!.roles[0].resources.size).toBe(1);
286
+
287
+ // responsibilities
288
+ expect(response.body.privateMeta!.responsibilities).toHaveLength(1);
289
+ expect(response.body.privateMeta!.responsibilities[0].id).toBe(memberResponsibility.id);
290
+ expect(response.body.privateMeta!.responsibilities[0].permissions).not.toBeNull();
291
+ expect(response.body.privateMeta!.responsibilities[0].permissions?.resources.size).toBe(1);
292
+
293
+ // inherited responsibility roles
294
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles).toHaveLength(1);
295
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].id).toBe(inheritedResponsibilityRole1.id);
296
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].resources.size).toBe(1);
297
+ });
298
+ });
299
+
300
+ describe('full access to webshop', () => {
301
+ let user: User;
302
+ let token: Token;
303
+ let organization: Organization;
304
+ let webshop: Webshop;
305
+
306
+ beforeAll(async () => {
307
+ const createWebshopRole = PermissionRoleDetailed.create({
308
+ accessRights: [AccessRight.OrganizationCreateWebshops],
309
+ });
310
+
311
+ organization = await new OrganizationFactory({ roles: [createWebshopRole] }).create();
312
+ webshop = await new WebshopFactory({ organizationId: organization.id }).create();
313
+
314
+ // organization.privateMeta.roles = [createWebshopRole];
315
+ // await organization.save();
316
+
317
+ user = await new UserFactory({
318
+ organization,
319
+ permissions: Permissions.create({ level: PermissionLevel.None, roles: [createWebshopRole], resources: new Map([
320
+ [PermissionsResourceType.Webshops,
321
+ new Map([
322
+ [webshop.id,
323
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
324
+ ],
325
+ ])],
326
+ ]) }),
327
+ })
328
+ .create();
329
+
330
+ token = await Token.createToken(user);
331
+ });
332
+
333
+ test('should throw if put roles', async () => {
334
+ const roleName = 'test role 1';
335
+
336
+ const role1 = PermissionRoleDetailed.create({
337
+ name: roleName,
338
+ level: PermissionLevel.Full,
339
+ accessRights: [AccessRight.MemberReadFinancialData],
340
+ resources: new Map([
341
+ [PermissionsResourceType.Webshops,
342
+ new Map([
343
+ [webshop.id,
344
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
345
+ ],
346
+ ]),
347
+ ],
348
+ ]),
349
+ });
350
+
351
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
352
+
353
+ rolesPatch.addPut(role1);
354
+
355
+ const patch = OrganizationStruct.patch({
356
+ id: organization.id,
357
+ privateMeta: OrganizationPrivateMetaData.patch({
358
+ roles: rolesPatch,
359
+ }),
360
+ });
361
+
362
+ // act
363
+ await expect(patchOrganization({
364
+ patch,
365
+ organization,
366
+ token,
367
+ })).rejects.toThrow('You do not have permissions to add roles');
368
+ });
369
+
370
+ test('should only be able to patch resources of roles', async () => {
371
+ // arrange
372
+ const role1 = PermissionRoleDetailed.create({
373
+ name: 'role1',
374
+ });
375
+ organization.privateMeta.roles = [role1, ...organization.privateMeta.roles];
376
+
377
+ await organization.save();
378
+
379
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
380
+
381
+ rolesPatch.addPatch(PermissionRoleDetailed.patch({
382
+ id: role1.id,
383
+ name: 'new name',
384
+ resources: new PatchMap([
385
+ [PermissionsResourceType.Webshops,
386
+ new Map([
387
+ [webshop.id,
388
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
389
+ ],
390
+ ]),
391
+ ],
392
+ ]),
393
+ level: PermissionLevel.Full,
394
+ }));
395
+
396
+ const patch = OrganizationStruct.patch({
397
+ id: organization.id,
398
+ privateMeta: OrganizationPrivateMetaData.patch({
399
+ roles: rolesPatch,
400
+ }),
401
+ });
402
+
403
+ // act
404
+ const response = await patchOrganization({
405
+ patch,
406
+ organization,
407
+ token,
408
+ });
409
+
410
+ // assert
411
+ expect(response.body).toBeDefined();
412
+ expect(response.body.privateMeta).not.toBeNull();
413
+
414
+ // roles
415
+ expect(response.body.privateMeta!.roles).toHaveLength(2);
416
+ expect(response.body.privateMeta!.roles[0].id).toBe(role1.id);
417
+ expect(response.body.privateMeta!.roles[0].resources.size).toBe(1);
418
+
419
+ // name should not have been changed
420
+ expect(response.body.privateMeta!.roles[0].name).toBe('role1');
421
+ // permission level should not have been changed
422
+ expect(response.body.privateMeta!.roles[0].level).toBe(PermissionLevel.None);
423
+ });
424
+
425
+ test('should throw if put responsibilities', async () => {
426
+ // arrange
427
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
428
+ responsibilityId: 'responsibilityId',
429
+ responsibilityGroupId: 'responsibilityGroupId',
430
+ resources: new Map([
431
+ [PermissionsResourceType.Webshops,
432
+ new Map([
433
+ [webshop.id,
434
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
435
+ ],
436
+ ]),
437
+ ],
438
+ ]),
439
+ level: PermissionLevel.Full,
440
+ accessRights: [AccessRight.MemberReadFinancialData],
441
+ });
442
+
443
+ const memberResponsibility = MemberResponsibility.create({
444
+ permissions: inheritedResponsibilityRole,
445
+ organizationBased: false,
446
+ defaultAgeGroupIds: ['test'],
447
+ organizationTagIds: ['test'],
448
+ groupPermissionLevel: PermissionLevel.Full,
449
+ });
450
+
451
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
452
+
453
+ responsibilitiesPatch.addPut(memberResponsibility);
454
+
455
+ const patch = OrganizationStruct.patch({
456
+ id: organization.id,
457
+ privateMeta: OrganizationPrivateMetaData.patch({
458
+ responsibilities: responsibilitiesPatch,
459
+ }),
460
+ });
461
+
462
+ // act
463
+ await expect(patchOrganization({
464
+ patch,
465
+ organization,
466
+ token,
467
+ })).rejects.toThrow('You do not have permissions to add responsibilities');
468
+ });
469
+
470
+ test('should only be able to patch resources of responsibilities', async () => {
471
+ // arrange
472
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
473
+ name: 'name1',
474
+ responsibilityId: 'doesnotmatter',
475
+ responsibilityGroupId: 'doesnotmatter',
476
+ });
477
+
478
+ const memberResponsibility = MemberResponsibility.create({
479
+ name: 'memberResponsibility1',
480
+ description: 'description1',
481
+ permissions: inheritedResponsibilityRole,
482
+ });
483
+
484
+ organization.privateMeta.responsibilities = [memberResponsibility];
485
+
486
+ await organization.save();
487
+
488
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
489
+
490
+ responsibilitiesPatch.addPatch(MemberResponsibility.patch({
491
+ id: memberResponsibility.id,
492
+ name: 'new name',
493
+ description: 'new description',
494
+ permissions: PermissionRoleForResponsibility.patch({
495
+ name: 'new name',
496
+ level: PermissionLevel.Full,
497
+ id: inheritedResponsibilityRole.id,
498
+ resources: new PatchMap([
499
+ [PermissionsResourceType.Webshops,
500
+ new Map([
501
+ [webshop.id,
502
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
503
+ ],
504
+ ]),
505
+ ],
506
+ ]),
507
+ }),
508
+ }));
509
+
510
+ const patch = OrganizationStruct.patch({
511
+ id: organization.id,
512
+ privateMeta: OrganizationPrivateMetaData.patch({
513
+ responsibilities: responsibilitiesPatch,
514
+ }),
515
+ });
516
+
517
+ // act
518
+ const response = await patchOrganization({
519
+ patch,
520
+ organization,
521
+ token,
522
+ });
523
+
524
+ // assert
525
+ expect(response.body).toBeDefined();
526
+ expect(response.body.privateMeta).not.toBeNull();
527
+
528
+ // responsibilities
529
+ expect(response.body.privateMeta!.responsibilities).toHaveLength(1);
530
+ expect(response.body.privateMeta!.responsibilities[0].id).toBe(memberResponsibility.id);
531
+ expect(response.body.privateMeta!.responsibilities[0].permissions).not.toBeNull();
532
+ expect(response.body.privateMeta!.responsibilities[0].permissions?.resources.size).toBe(1);
533
+
534
+ // other fields should not have changed
535
+ expect(response.body.privateMeta!.responsibilities[0].name).toBe('memberResponsibility1');
536
+ expect(response.body.privateMeta!.responsibilities[0].description).toBe('description1');
537
+ expect(response.body.privateMeta!.responsibilities[0].permissions?.name).toBe('name1');
538
+ expect(response.body.privateMeta!.responsibilities[0].permissions?.level).toBe(PermissionLevel.None);
539
+ });
540
+
541
+ test('should be able to put limited inherited responsibility roles', async () => {
542
+ // arrange
543
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
544
+ responsibilityId: 'responsibilityId',
545
+ responsibilityGroupId: 'responsibilityGroupId',
546
+ resources: new Map([
547
+ [PermissionsResourceType.Webshops,
548
+ new Map([
549
+ [webshop.id,
550
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
551
+ ],
552
+ ]),
553
+ ],
554
+ ]),
555
+ level: PermissionLevel.Full,
556
+ accessRights: [AccessRight.MemberReadFinancialData],
557
+ });
558
+
559
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
560
+
561
+ inheritedResponsibilityRolesPatch.addPut(inheritedResponsibilityRole);
562
+
563
+ const patch = OrganizationStruct.patch({
564
+ id: organization.id,
565
+ privateMeta: OrganizationPrivateMetaData.patch({
566
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
567
+ }),
568
+ });
569
+
570
+ // act
571
+ const response = await patchOrganization({
572
+ patch,
573
+ organization,
574
+ token,
575
+ });
576
+
577
+ // assert
578
+ expect(response.body).toBeDefined();
579
+ expect(response.body.privateMeta).not.toBeNull();
580
+
581
+ // inherited responsibility roles
582
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles).toHaveLength(1);
583
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].id).toBe(inheritedResponsibilityRole.id);
584
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].resources.size).toBe(1);
585
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].responsibilityId).toBe('responsibilityId');
586
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].responsibilityGroupId).toBe('responsibilityGroupId');
587
+
588
+ // other fields should be default fields and not be set
589
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].level).toBe(PermissionLevel.None);
590
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].accessRights).toBeEmpty();
591
+ });
592
+
593
+ test('should only be able to patch resources of inherited responsibility roles', async () => {
594
+ // arrange
595
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
596
+ responsibilityId: 'responsibilityId',
597
+ responsibilityGroupId: 'responsibilityGroupId',
598
+ name: 'name1',
599
+ });
600
+
601
+ organization.privateMeta.inheritedResponsibilityRoles = [inheritedResponsibilityRole];
602
+
603
+ await organization.save();
604
+
605
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
606
+
607
+ inheritedResponsibilityRolesPatch.addPatch(PermissionRoleForResponsibility.patch({
608
+ id: inheritedResponsibilityRole.id,
609
+ name: 'new name',
610
+ responsibilityId: 'new id',
611
+ responsibilityGroupId: 'new group id',
612
+ level: PermissionLevel.Full,
613
+ resources: new PatchMap([
614
+ [PermissionsResourceType.Webshops,
615
+ new Map([
616
+ [webshop.id,
617
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
618
+ ],
619
+ ]),
620
+ ],
621
+ ]),
622
+ }));
623
+
624
+ const patch = OrganizationStruct.patch({
625
+ id: organization.id,
626
+ privateMeta: OrganizationPrivateMetaData.patch({
627
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
628
+ }),
629
+ });
630
+
631
+ // act
632
+ const response = await patchOrganization({
633
+ patch,
634
+ organization,
635
+ token,
636
+ });
637
+
638
+ // assert
639
+ expect(response.body).toBeDefined();
640
+ expect(response.body.privateMeta).not.toBeNull();
641
+
642
+ // inherited responsibility roles
643
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles).toHaveLength(1);
644
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].id).toBe(inheritedResponsibilityRole.id);
645
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].resources.size).toBe(1);
646
+
647
+ // other fields should not have changed
648
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].name).toBe('name1');
649
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].responsibilityId).toBe('responsibilityId');
650
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].responsibilityGroupId).toBe('responsibilityGroupId');
651
+ expect(response.body.privateMeta!.inheritedResponsibilityRoles[0].level).toBe(PermissionLevel.None);
652
+ });
653
+ });
654
+
655
+ describe('no full access to webshop', () => {
656
+ let organization: Organization;
657
+ let webshop: Webshop;
658
+ let usersWithoutFullAccess: { user: User; token: Token }[];
659
+
660
+ beforeAll(async () => {
661
+ const createWebshopRole = PermissionRoleDetailed.create({
662
+ accessRights: [AccessRight.OrganizationCreateWebshops],
663
+ });
664
+
665
+ organization = await new OrganizationFactory({ roles: [createWebshopRole] }).create();
666
+ webshop = await new WebshopFactory({ organizationId: organization.id }).create();
667
+
668
+ const userWithReadAccess = await new UserFactory({
669
+ organization,
670
+ permissions: Permissions.create({ level: PermissionLevel.None, roles: [createWebshopRole], resources: new Map([
671
+ [PermissionsResourceType.Webshops,
672
+ new Map([
673
+ [webshop.id,
674
+ ResourcePermissions.create({ level: PermissionLevel.Read }),
675
+ ],
676
+ ])],
677
+ ]) }),
678
+ })
679
+ .create();
680
+
681
+ const userWithReadAccessToken = await Token.createToken(userWithReadAccess);
682
+
683
+ const userWithWriteAccess = await new UserFactory({
684
+ organization,
685
+ permissions: Permissions.create({ level: PermissionLevel.None, roles: [createWebshopRole], resources: new Map([
686
+ [PermissionsResourceType.Webshops,
687
+ new Map([
688
+ [webshop.id,
689
+ ResourcePermissions.create({ level: PermissionLevel.Read }),
690
+ ],
691
+ ])],
692
+ ]) }),
693
+ })
694
+ .create();
695
+
696
+ const userWithWriteAccessToken = await Token.createToken(userWithReadAccess);
697
+
698
+ const otherWebshop = await new WebshopFactory({ organizationId: organization.id }).create();
699
+
700
+ const userWithFullAccessForOtherWebshop = await new UserFactory({
701
+ organization,
702
+ permissions: Permissions.create({ level: PermissionLevel.None, roles: [createWebshopRole], resources: new Map([
703
+ [PermissionsResourceType.Webshops,
704
+ new Map([
705
+ [otherWebshop.id,
706
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
707
+ ],
708
+ ])],
709
+ ]) }),
710
+ })
711
+ .create();
712
+
713
+ const userWithFullAccessForOtherWebshopToken = await Token.createToken(userWithReadAccess);
714
+
715
+ usersWithoutFullAccess = [
716
+ { user: userWithReadAccess, token: userWithReadAccessToken },
717
+ { user: userWithWriteAccess, token: userWithWriteAccessToken },
718
+ { user: userWithFullAccessForOtherWebshop, token: userWithFullAccessForOtherWebshopToken },
719
+ ];
720
+ });
721
+
722
+ test('should not be able to put roles', async () => {
723
+ const roleName = 'test role 1';
724
+
725
+ const role1 = PermissionRoleDetailed.create({
726
+ name: roleName,
727
+ resources: new Map([
728
+ [PermissionsResourceType.Webshops,
729
+ new Map([
730
+ [webshop.id,
731
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
732
+ ],
733
+ ]),
734
+ ],
735
+ ]),
736
+ });
737
+
738
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
739
+
740
+ rolesPatch.addPut(role1);
741
+
742
+ const patch = OrganizationStruct.patch({
743
+ id: organization.id,
744
+ privateMeta: OrganizationPrivateMetaData.patch({
745
+ roles: rolesPatch,
746
+ }),
747
+ });
748
+
749
+ // act and assert
750
+
751
+ for (const { token } of usersWithoutFullAccess) {
752
+ await expect(patchOrganization({
753
+ patch,
754
+ organization,
755
+ token,
756
+ })).rejects.toThrow('You do not have permissions to add roles');
757
+ }
758
+ });
759
+
760
+ test('should not be able to patch roles', async () => {
761
+ // arrange
762
+ const role1 = PermissionRoleDetailed.create({});
763
+ organization.privateMeta.roles = [role1, ...organization.privateMeta.roles];
764
+
765
+ await organization.save();
766
+
767
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
768
+
769
+ rolesPatch.addPatch(PermissionRoleDetailed.patch({
770
+ id: role1.id,
771
+ resources: new PatchMap([
772
+ [PermissionsResourceType.Webshops,
773
+ new Map([
774
+ [webshop.id,
775
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
776
+ ],
777
+ ]),
778
+ ],
779
+ ]),
780
+ }));
781
+
782
+ const patch = OrganizationStruct.patch({
783
+ id: organization.id,
784
+ privateMeta: OrganizationPrivateMetaData.patch({
785
+ roles: rolesPatch,
786
+ }),
787
+ });
788
+
789
+ // act and assert
790
+ for (const { token } of usersWithoutFullAccess) {
791
+ await expect(patchOrganization({
792
+ patch,
793
+ organization,
794
+ token,
795
+ })).rejects.toThrow('You do not have permissions to edit roles');
796
+ }
797
+ });
798
+
799
+ test('should not be able to put responsibilities', async () => {
800
+ // arrange
801
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
802
+ responsibilityId: 'doesnotmatter',
803
+ responsibilityGroupId: 'doesnotmatter',
804
+ resources: new Map([
805
+ [PermissionsResourceType.Webshops,
806
+ new Map([
807
+ [webshop.id,
808
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
809
+ ],
810
+ ]),
811
+ ],
812
+ ]),
813
+ });
814
+
815
+ const memberResponsibility = MemberResponsibility.create({
816
+ permissions: inheritedResponsibilityRole,
817
+ });
818
+
819
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
820
+
821
+ responsibilitiesPatch.addPut(memberResponsibility);
822
+
823
+ const patch = OrganizationStruct.patch({
824
+ id: organization.id,
825
+ privateMeta: OrganizationPrivateMetaData.patch({
826
+ responsibilities: responsibilitiesPatch,
827
+ }),
828
+ });
829
+
830
+ // act and assert
831
+ for (const { token } of usersWithoutFullAccess) {
832
+ await expect(patchOrganization({
833
+ patch,
834
+ organization,
835
+ token,
836
+ })).rejects.toThrow('You do not have permissions to add responsibilities');
837
+ }
838
+ });
839
+
840
+ test('should not be able to patch responsibilities', async () => {
841
+ // arrange
842
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
843
+ responsibilityId: 'doesnotmatter',
844
+ responsibilityGroupId: 'doesnotmatter',
845
+ });
846
+
847
+ const memberResponsibility = MemberResponsibility.create({
848
+ permissions: inheritedResponsibilityRole,
849
+ });
850
+
851
+ organization.privateMeta.responsibilities = [memberResponsibility];
852
+
853
+ await organization.save();
854
+
855
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
856
+
857
+ responsibilitiesPatch.addPatch(MemberResponsibility.patch({
858
+ id: memberResponsibility.id,
859
+ permissions: PermissionRoleForResponsibility.patch({
860
+ id: inheritedResponsibilityRole.id,
861
+ resources: new PatchMap([
862
+ [PermissionsResourceType.Webshops,
863
+ new Map([
864
+ [webshop.id,
865
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
866
+ ],
867
+ ]),
868
+ ],
869
+ ]),
870
+ }),
871
+ }));
872
+
873
+ const patch = OrganizationStruct.patch({
874
+ id: organization.id,
875
+ privateMeta: OrganizationPrivateMetaData.patch({
876
+ responsibilities: responsibilitiesPatch,
877
+ }),
878
+ });
879
+
880
+ // act and assert
881
+ for (const { token } of usersWithoutFullAccess) {
882
+ await expect(patchOrganization({
883
+ patch,
884
+ organization,
885
+ token,
886
+ })).rejects.toThrow('You do not have permissions to edit responsibilities');
887
+ }
888
+ });
889
+
890
+ test('should not be able to put inherited responsibility roles', async () => {
891
+ // arrange
892
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
893
+ responsibilityId: 'doesnotmatter',
894
+ responsibilityGroupId: 'doesnotmatter',
895
+ resources: new Map([
896
+ [PermissionsResourceType.Webshops,
897
+ new Map([
898
+ [webshop.id,
899
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
900
+ ],
901
+ ]),
902
+ ],
903
+ ]),
904
+ });
905
+
906
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
907
+
908
+ inheritedResponsibilityRolesPatch.addPut(inheritedResponsibilityRole);
909
+
910
+ const patch = OrganizationStruct.patch({
911
+ id: organization.id,
912
+ privateMeta: OrganizationPrivateMetaData.patch({
913
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
914
+ }),
915
+ });
916
+
917
+ // act and assert
918
+ for (const { token } of usersWithoutFullAccess) {
919
+ await expect(patchOrganization({
920
+ patch,
921
+ organization,
922
+ token,
923
+ })).rejects.toThrow('You do not have permissions to add inherited responsibility roles');
924
+ }
925
+ });
926
+
927
+ test('should not be able to patch inherited responsibility roles', async () => {
928
+ // arrange
929
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
930
+ responsibilityId: 'doesnotmatter',
931
+ responsibilityGroupId: 'doesnotmatter',
932
+ });
933
+
934
+ organization.privateMeta.inheritedResponsibilityRoles = [inheritedResponsibilityRole];
935
+
936
+ await organization.save();
937
+
938
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
939
+
940
+ inheritedResponsibilityRolesPatch.addPatch(PermissionRoleForResponsibility.patch({
941
+ id: inheritedResponsibilityRole.id,
942
+ resources: new PatchMap([
943
+ [PermissionsResourceType.Webshops,
944
+ new Map([
945
+ [webshop.id,
946
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
947
+ ],
948
+ ]),
949
+ ],
950
+ ]),
951
+ }));
952
+
953
+ const patch = OrganizationStruct.patch({
954
+ id: organization.id,
955
+ privateMeta: OrganizationPrivateMetaData.patch({
956
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
957
+ }),
958
+ });
959
+
960
+ // act and assert
961
+ for (const { token } of usersWithoutFullAccess) {
962
+ await expect(patchOrganization({
963
+ patch,
964
+ organization,
965
+ token,
966
+ })).rejects.toThrow('You do not have permissions to edit inherited responsibility roles');
967
+ }
968
+ });
969
+ });
970
+
971
+ describe('full access to webshop but extra resource without access', () => {
972
+ let organization: Organization;
973
+ let webshop: Webshop;
974
+ let token: Token;
975
+
976
+ beforeAll(async () => {
977
+ const createWebshopRole = PermissionRoleDetailed.create({
978
+ accessRights: [AccessRight.OrganizationCreateWebshops],
979
+ });
980
+
981
+ organization = await new OrganizationFactory({ roles: [createWebshopRole] }).create();
982
+ webshop = await new WebshopFactory({ organizationId: organization.id }).create();
983
+ const user = await new UserFactory({
984
+ organization,
985
+ permissions: Permissions.create({ level: PermissionLevel.None, roles: [createWebshopRole], resources: new Map([
986
+ [PermissionsResourceType.Webshops,
987
+ new Map([
988
+ [webshop.id,
989
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
990
+ ],
991
+ ])],
992
+ ]) }),
993
+ })
994
+ .create();
995
+
996
+ token = await Token.createToken(user);
997
+ });
998
+
999
+ test('should not be able to put roles', async () => {
1000
+ const roleName = 'test role 1';
1001
+
1002
+ const otherGroup = await new GroupFactory({ organization }).create();
1003
+
1004
+ const role1 = PermissionRoleDetailed.create({
1005
+ name: roleName,
1006
+ resources: new Map([
1007
+ [PermissionsResourceType.Webshops,
1008
+ new Map([
1009
+ [webshop.id,
1010
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1011
+ ],
1012
+ ]),
1013
+ ],
1014
+ [PermissionsResourceType.Groups, new Map([
1015
+ [otherGroup.id,
1016
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1017
+ ],
1018
+ ])],
1019
+ ]),
1020
+ });
1021
+
1022
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
1023
+
1024
+ rolesPatch.addPut(role1);
1025
+
1026
+ const patch = OrganizationStruct.patch({
1027
+ id: organization.id,
1028
+ privateMeta: OrganizationPrivateMetaData.patch({
1029
+ roles: rolesPatch,
1030
+ }),
1031
+ });
1032
+
1033
+ // act and assert
1034
+ await expect(patchOrganization({
1035
+ patch,
1036
+ organization,
1037
+ token,
1038
+ })).rejects.toThrow('You do not have permissions to add roles');
1039
+ });
1040
+
1041
+ test('should not be able to patch roles', async () => {
1042
+ // arrange
1043
+ const role1 = PermissionRoleDetailed.create({});
1044
+ organization.privateMeta.roles = [role1, ...organization.privateMeta.roles];
1045
+
1046
+ await organization.save();
1047
+
1048
+ const rolesPatch: PatchableArrayAutoEncoder<PermissionRoleDetailed> = new PatchableArray();
1049
+
1050
+ const otherGroup = await new GroupFactory({ organization }).create();
1051
+
1052
+ rolesPatch.addPatch(PermissionRoleDetailed.patch({
1053
+ id: role1.id,
1054
+ resources: new PatchMap([
1055
+ [PermissionsResourceType.Webshops,
1056
+ new Map([
1057
+ [webshop.id,
1058
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1059
+ ],
1060
+ ]),
1061
+ ],
1062
+ [PermissionsResourceType.Groups, new Map([
1063
+ [otherGroup.id,
1064
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1065
+ ],
1066
+ ])],
1067
+ ]),
1068
+ }));
1069
+
1070
+ const patch = OrganizationStruct.patch({
1071
+ id: organization.id,
1072
+ privateMeta: OrganizationPrivateMetaData.patch({
1073
+ roles: rolesPatch,
1074
+ }),
1075
+ });
1076
+
1077
+ // act and assert
1078
+ await expect(patchOrganization({
1079
+ patch,
1080
+ organization,
1081
+ token,
1082
+ })).rejects.toThrow('You do not have permissions to edit roles');
1083
+ });
1084
+
1085
+ test('should not be able to put responsibilities', async () => {
1086
+ // arrange
1087
+ const otherGroup = await new GroupFactory({ organization }).create();
1088
+
1089
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
1090
+ responsibilityId: 'doesnotmatter',
1091
+ responsibilityGroupId: 'doesnotmatter',
1092
+ resources: new Map([
1093
+ [PermissionsResourceType.Webshops,
1094
+ new Map([
1095
+ [webshop.id,
1096
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1097
+ ],
1098
+ ]),
1099
+ ],
1100
+ [PermissionsResourceType.Groups, new Map([
1101
+ [otherGroup.id,
1102
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1103
+ ],
1104
+ ])],
1105
+ ]),
1106
+ });
1107
+
1108
+ const memberResponsibility = MemberResponsibility.create({
1109
+ permissions: inheritedResponsibilityRole,
1110
+ });
1111
+
1112
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
1113
+
1114
+ responsibilitiesPatch.addPut(memberResponsibility);
1115
+
1116
+ const patch = OrganizationStruct.patch({
1117
+ id: organization.id,
1118
+ privateMeta: OrganizationPrivateMetaData.patch({
1119
+ responsibilities: responsibilitiesPatch,
1120
+ }),
1121
+ });
1122
+
1123
+ // act and assert
1124
+ await expect(patchOrganization({
1125
+ patch,
1126
+ organization,
1127
+ token,
1128
+ })).rejects.toThrow('You do not have permissions to add responsibilities');
1129
+ });
1130
+
1131
+ test('should not be able to patch responsibilities', async () => {
1132
+ // arrange
1133
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
1134
+ responsibilityId: 'doesnotmatter',
1135
+ responsibilityGroupId: 'doesnotmatter',
1136
+ });
1137
+
1138
+ const memberResponsibility = MemberResponsibility.create({
1139
+ permissions: inheritedResponsibilityRole,
1140
+ });
1141
+
1142
+ organization.privateMeta.responsibilities = [memberResponsibility];
1143
+
1144
+ await organization.save();
1145
+
1146
+ const responsibilitiesPatch: PatchableArrayAutoEncoder<MemberResponsibility> = new PatchableArray();
1147
+
1148
+ const otherGroup = await new GroupFactory({ organization }).create();
1149
+
1150
+ responsibilitiesPatch.addPatch(MemberResponsibility.patch({
1151
+ id: memberResponsibility.id,
1152
+ permissions: PermissionRoleForResponsibility.patch({
1153
+ id: inheritedResponsibilityRole.id,
1154
+ resources: new PatchMap([
1155
+ [PermissionsResourceType.Webshops,
1156
+ new Map([
1157
+ [webshop.id,
1158
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1159
+ ],
1160
+ ]),
1161
+ ],
1162
+ [PermissionsResourceType.Groups, new Map([
1163
+ [otherGroup.id,
1164
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1165
+ ],
1166
+ ])],
1167
+ ]),
1168
+ }),
1169
+ }));
1170
+
1171
+ const patch = OrganizationStruct.patch({
1172
+ id: organization.id,
1173
+ privateMeta: OrganizationPrivateMetaData.patch({
1174
+ responsibilities: responsibilitiesPatch,
1175
+ }),
1176
+ });
1177
+
1178
+ // act and assert
1179
+ await expect(patchOrganization({
1180
+ patch,
1181
+ organization,
1182
+ token,
1183
+ })).rejects.toThrow('You do not have permissions to edit responsibilities');
1184
+ });
1185
+
1186
+ test('should not be able to put inherited responsibility roles', async () => {
1187
+ // arrange
1188
+ const otherGroup = await new GroupFactory({ organization }).create();
1189
+
1190
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
1191
+ responsibilityId: 'doesnotmatter',
1192
+ responsibilityGroupId: 'doesnotmatter',
1193
+ resources: new Map([
1194
+ [PermissionsResourceType.Webshops,
1195
+ new Map([
1196
+ [webshop.id,
1197
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1198
+ ],
1199
+ ]),
1200
+ ],
1201
+ [PermissionsResourceType.Groups, new Map([
1202
+ [otherGroup.id,
1203
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1204
+ ],
1205
+ ])],
1206
+ ]),
1207
+ });
1208
+
1209
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
1210
+
1211
+ inheritedResponsibilityRolesPatch.addPut(inheritedResponsibilityRole);
1212
+
1213
+ const patch = OrganizationStruct.patch({
1214
+ id: organization.id,
1215
+ privateMeta: OrganizationPrivateMetaData.patch({
1216
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
1217
+ }),
1218
+ });
1219
+
1220
+ // act and assert
1221
+ await expect(patchOrganization({
1222
+ patch,
1223
+ organization,
1224
+ token,
1225
+ })).rejects.toThrow('You do not have permissions to add inherited responsibility roles');
1226
+ });
1227
+
1228
+ test('should not be able to patch inherited responsibility roles', async () => {
1229
+ // arrange
1230
+ const inheritedResponsibilityRole = PermissionRoleForResponsibility.create({
1231
+ responsibilityId: 'doesnotmatter',
1232
+ responsibilityGroupId: 'doesnotmatter',
1233
+ });
1234
+
1235
+ const otherGroup = await new GroupFactory({ organization }).create();
1236
+
1237
+ organization.privateMeta.inheritedResponsibilityRoles = [inheritedResponsibilityRole];
1238
+
1239
+ await organization.save();
1240
+
1241
+ const inheritedResponsibilityRolesPatch: PatchableArrayAutoEncoder<PermissionRoleForResponsibility> = new PatchableArray();
1242
+
1243
+ inheritedResponsibilityRolesPatch.addPatch(PermissionRoleForResponsibility.patch({
1244
+ id: inheritedResponsibilityRole.id,
1245
+ resources: new PatchMap([
1246
+ [PermissionsResourceType.Webshops,
1247
+ new Map([
1248
+ [webshop.id,
1249
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1250
+ ],
1251
+ ]),
1252
+ ],
1253
+ [PermissionsResourceType.Groups, new Map([
1254
+ [otherGroup.id,
1255
+ ResourcePermissions.create({ level: PermissionLevel.Full }),
1256
+ ],
1257
+ ])],
1258
+ ]),
1259
+ }));
1260
+
1261
+ const patch = OrganizationStruct.patch({
1262
+ id: organization.id,
1263
+ privateMeta: OrganizationPrivateMetaData.patch({
1264
+ inheritedResponsibilityRoles: inheritedResponsibilityRolesPatch,
1265
+ }),
1266
+ });
1267
+
1268
+ // act and assert
1269
+ await expect(patchOrganization({
1270
+ patch,
1271
+ organization,
1272
+ token,
1273
+ })).rejects.toThrow('You do not have permissions to edit inherited responsibility roles');
1274
+ });
1275
+ });
1276
+ });
62
1277
  });