@tellescope/sdk 1.244.1 → 1.244.2

package/src/tests/api_tests/get_some_projection.test.ts

@@ -0,0 +1,245 @@
+require('source-map-support').install();
+
+import { Session } from "../../sdk"
+import {
+  assert,
+  async_test,
+  log_header,
+} from "@tellescope/testing"
+import { setup_tests } from "../setup"
+
+const host = process.env.API_URL || 'http://localhost:8080' as const
+
+// Main test function that can be called independently
+export const get_some_projection_tests = async ({ sdk, sdkNonAdmin } : { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("getSome Projection Support")
+
+  // Create test enduser
+  const testEnduser = await sdk.api.endusers.createOne({ fname: 'ProjectionTest', lname: 'User', email: 'projection-test@tellescope.com' })
+
+  let observationIds: string[] = []
+
+  try {
+    // Create test observations
+    const obs1 = await sdk.api.enduser_observations.createOne({
+      enduserId: testEnduser.id,
+      status: 'final',
+      category: 'vital-signs',
+      measurement: { value: 120, unit: 'mmHg' },
+    })
+    const obs2 = await sdk.api.enduser_observations.createOne({
+      enduserId: testEnduser.id,
+      status: 'final',
+      category: 'vital-signs',
+      measurement: { value: 80, unit: 'mmHg' },
+    })
+    const obs3 = await sdk.api.enduser_observations.createOne({
+      enduserId: testEnduser.id,
+      status: 'final',
+      category: 'vital-signs',
+      measurement: { value: 98, unit: 'bpm' },
+    })
+    observationIds = [obs1.id, obs2.id, obs3.id]
+
+    // Test 1: Inclusion projection returns only specified fields
+    await async_test(
+      'projection-inclusion',
+      async () => {
+        const results = await sdk.api.enduser_observations.getSome({
+          filter: { enduserId: testEnduser.id },
+          projection: { timestamp: 1, measurement: 1, enduserId: 1 },
+        })
+        assert(results.length === 3, 'Expected 3 observations with projection', 'Got correct count with projection')
+
+        for (const r of results) {
+          assert(r.id !== undefined, 'id should always be present')
+          assert(r.createdAt !== undefined, 'createdAt should always be present')
+          assert(r.measurement !== undefined, 'measurement should be present in projection')
+          assert(r.enduserId !== undefined, 'enduserId should be present in projection')
+          assert(r.timestamp !== undefined, 'timestamp should be present in projection')
+          // Fields NOT in projection should be excluded
+          assert((r as any).status === undefined, 'status should NOT be present when not in projection')
+          assert((r as any).category === undefined, 'category should NOT be present when not in projection')
+        }
+        return results
+      },
+      { onResult: () => true },
+    )
+
+    // Test 2: No projection returns all fields (backward compatibility)
+    await async_test(
+      'no-projection-returns-all-fields',
+      async () => {
+        const results = await sdk.api.enduser_observations.getSome({
+          filter: { enduserId: testEnduser.id },
+        })
+        assert(results.length === 3, 'Expected 3 observations without projection')
+
+        for (const r of results) {
+          assert(r.id !== undefined, 'id should be present')
+          assert(r.status !== undefined, 'status should be present without projection')
+          assert(r.category !== undefined, 'category should be present without projection')
+          assert(r.measurement !== undefined, 'measurement should be present without projection')
+          assert(r.enduserId !== undefined, 'enduserId should be present without projection')
+        }
+        return results
+      },
+      { onResult: () => true },
+    )
+
+    // Test 3: Projection with other filters (filter, limit, sortBy)
+    await async_test(
+      'projection-with-filters',
+      async () => {
+        const results = await sdk.api.enduser_observations.getSome({
+          filter: { enduserId: testEnduser.id },
+          projection: { measurement: 1 },
+          limit: 2,
+          sortBy: 'timestamp',
+        })
+        assert(results.length === 2, 'Expected 2 observations with limit=2', `Got ${results.length}`)
+
+        for (const r of results) {
+          assert(r.measurement !== undefined, 'measurement should be present in projection')
+          assert((r as any).status === undefined, 'status should NOT be present when not in projection')
+        }
+        return results
+      },
+      { onResult: () => true },
+    )
+
+    // Test 4: Projection works across different models (endusers)
+    await async_test(
+      'projection-on-endusers',
+      async () => {
+        const results = await sdk.api.endusers.getSome({
+          filter: { email: 'projection-test@tellescope.com' },
+          projection: { fname: 1, email: 1 },
+        })
+        assert(results.length >= 1, 'Expected at least 1 enduser')
+
+        const enduser = results[0]
+        assert(enduser.id !== undefined, 'id should always be present')
+        assert(enduser.fname !== undefined, 'fname should be present in projection')
+        assert(enduser.email !== undefined, 'email should be present in projection')
+        assert((enduser as any).lname === undefined, 'lname should NOT be present when not in projection')
+        return results
+      },
+      { onResult: () => true },
+    )
+
+    // Test 5: Projection with pagination (lastId)
+    await async_test(
+      'projection-with-pagination',
+      async () => {
+        // First page
+        const page1 = await sdk.api.enduser_observations.getSome({
+          filter: { enduserId: testEnduser.id },
+          projection: { measurement: 1, enduserId: 1 },
+          limit: 2,
+          sort: 'oldFirst',
+        })
+        assert(page1.length === 2, 'Expected 2 observations on first page')
+
+        // Second page using lastId from first page
+        const lastId = page1[page1.length - 1].id
+        const page2 = await sdk.api.enduser_observations.getSome({
+          filter: { enduserId: testEnduser.id },
+          projection: { measurement: 1, enduserId: 1 },
+          limit: 2,
+          sort: 'oldFirst',
+          lastId,
+        })
+        assert(page2.length === 1, 'Expected 1 observation on second page')
+
+        // Verify consistent fields across pages
+        for (const r of [...page1, ...page2]) {
+          assert(r.measurement !== undefined, 'measurement should be present across pages')
+          assert(r.enduserId !== undefined, 'enduserId should be present across pages')
+          assert((r as any).status === undefined, 'status should NOT be present across pages')
+        }
+        return [...page1, ...page2]
+      },
+      { onResult: () => true },
+    )
+
+    // Test 6: Empty projection returns all fields (no crash)
+    await async_test(
+      'empty-projection',
+      async () => {
+        const results = await sdk.api.enduser_observations.getSome({
+          filter: { enduserId: testEnduser.id },
+          projection: {},
+        })
+        assert(results.length === 3, 'Expected 3 observations with empty projection')
+
+        for (const r of results) {
+          assert(r.status !== undefined, 'status should be present with empty projection')
+          assert(r.category !== undefined, 'category should be present with empty projection')
+          assert(r.measurement !== undefined, 'measurement should be present with empty projection')
+        }
+        return results
+      },
+      { onResult: () => true },
+    )
+
+    // Test 7: Non-admin access with projection (RBA still applies)
+    await async_test(
+      'non-admin-projection',
+      async () => {
+        const results = await sdkNonAdmin.api.enduser_observations.getSome({
+          filter: { enduserId: testEnduser.id },
+          projection: { measurement: 1, enduserId: 1 },
+        })
+        // Non-admin should still get results (RBA should apply)
+        assert(Array.isArray(results), 'Non-admin should receive an array response')
+
+        for (const r of results) {
+          assert(r.measurement !== undefined, 'measurement should be present for non-admin projection')
+          assert(r.enduserId !== undefined, 'enduserId should be present for non-admin projection')
+        }
+        return results
+      },
+      { onResult: () => true },
+    )
+
+  } finally {
+    // Cleanup: Delete test resources
+    try {
+      for (const obsId of observationIds) {
+        await sdk.api.enduser_observations.deleteOne(obsId)
+      }
+      await sdk.api.endusers.deleteOne(testEnduser.id)
+    } catch (error) {
+      console.error('Cleanup error:', error)
+      // Try to at least delete the enduser (cascade deletes observations)
+      try {
+        await sdk.api.endusers.deleteOne(testEnduser.id)
+      } catch (deleteError) {
+        console.error('Failed to delete test enduser:', deleteError)
+      }
+    }
+  }
+}
+
+// Allow running this test file independently
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await get_some_projection_tests({ sdk, sdkNonAdmin })
+  }
+
+  runTests()
+    .then(() => {
+      console.log("✅ getSome projection test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ getSome projection test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/tests.ts

@@ -36,6 +36,7 @@ import {
 
 import { Session, APIQuery, EnduserSession } from "../sdk"
 import { enduser_observations_acknowledge_tests } from "./api_tests/enduser_observations_acknowledge.test"
+import { get_some_projection_tests } from "./api_tests/get_some_projection.test"
 import { create_user_notifications_trigger_tests } from "./api_tests/create_user_notifications_trigger.test"
 import { inbox_thread_assignment_updates_tests } from "./api_tests/inbox_thread_assignment_updates.test"
 import { inbox_thread_draft_scheduled_tests } from "./api_tests/inbox_thread_draft_scheduled.test"
@@ -85,6 +86,7 @@ import { database_cascade_delete_tests } from "./api_tests/database_cascade_dele
 import { ai_conversations_tests } from "./api_tests/ai_conversations.test";
 import { load_team_chat_tests } from "./api_tests/load_team_chat.test";
 import { form_started_trigger_tests } from "./api_tests/form_started_trigger.test";
+import { elation_user_id_tests } from "./api_tests/elation_user_id.test";
 
 const UniquenessViolationMessage = 'Uniqueness Violation'
 
@@ -5572,28 +5574,87 @@ const redaction_tests = async () => {
   log_header("Redaction")
 
   const enduser = await sdk.api.endusers.createOne({ email })
-  const enduserOther = await sdk.api.endusers.createOne({ email: 'otherenduser@tellescope.com' })
+  const enduserOther = await sdk.api.endusers.createOne({
+    email: 'otherenduser@tellescope.com',
+    unredactedFields: [{ field: 'testField', value: 'testValue' }] as any,
+  })
   await sdk.api.endusers.set_password({ id: enduser.id, password }).catch(console.error)
-  await enduserSDK.authenticate(email, password).catch(console.error)  
+  await enduserSDK.authenticate(email, password).catch(console.error)
 
   const endusers = await enduserSDK.api.endusers.getSome()
   const forUser  = await sdk.api.endusers.getSome()
   assert(endusers.length > 0, "enduser can't fetch others", "enduser get others successful")
 
+  // endusers reading OTHER endusers should only see id, displayName, unredactedFields, and unredactedTags
+  const ALLOWED_OTHER_ENDUSER_FIELDS = ['id', 'displayName', 'unredactedFields', 'unredactedTags']
+  const otherEndusers = endusers.filter(e => e.id !== enduser.id)
+  assert(otherEndusers.length > 0, 'no other endusers found', 'found other endusers to check redaction')
+  for (const other of otherEndusers) {
+    const keys = Object.keys(other)
+    assert(
+      keys.every(k => ALLOWED_OTHER_ENDUSER_FIELDS.includes(k)),
+      `other enduser has extra fields: ${keys.filter(k => !ALLOWED_OTHER_ENDUSER_FIELDS.includes(k)).join(', ')}`,
+      'other enduser correctly redacted to only id, displayName, unredactedFields, unredactedTags',
+    )
+    assert(
+      keys.includes('id'),
+      `other enduser missing id`,
+      'other enduser has id',
+    )
+  }
+
+  // verify unredactedFields are preserved for other endusers when defined
+  const otherWithUnredacted = otherEndusers.find(e => e.id === enduserOther.id)
+  if (otherWithUnredacted) {
+    assert(
+      !!(otherWithUnredacted as any).unredactedFields?.length,
+      'unredactedFields missing on other enduser',
+      'unredactedFields preserved on other enduser when defined',
+    )
+  }
+
+  // verify unredactedFields/unredactedTags are omitted when not set on the enduser
+  const otherWithoutUnredacted = otherEndusers.find(e => e.id !== enduserOther.id)
+  if (otherWithoutUnredacted) {
+    assert(
+      !('unredactedFields' in otherWithoutUnredacted),
+      'unredactedFields present when not set',
+      'unredactedFields omitted when not defined on enduser',
+    )
+    assert(
+      !('unredactedTags' in otherWithoutUnredacted),
+      'unredactedTags present when not set',
+      'unredactedTags omitted when not defined on enduser',
+    )
+  }
+
+  // enduser reading their own profile should still have non-redacted fields (not just id + displayName)
+  const selfEnduser = endusers.find(e => e.id === enduser.id)
+  if (selfEnduser) {
+    assert(
+      Object.keys(selfEnduser).length > ALLOWED_OTHER_ENDUSER_FIELDS.length,
+      'self enduser overly redacted',
+      'self enduser retains non-redacted fields',
+    )
+  }
+
+  // verify schema-level redactions still apply to self
   const redactedFields = (
     Object.keys(schema.endusers.fields)
-    .filter(f => 
+    .filter(f =>
        schema.endusers.fields[f as keyof typeof schema.endusers.fields]?.redactions?.includes('enduser')
     || schema.endusers.fields[f as keyof typeof schema.endusers.fields]?.redactions?.includes('all')
     )
   )
   assert(redactedFields.length > 0, 'no redacted fields', 'redacted fields exists')
 
-  assert(
-    endusers.find(e => redactedFields.filter(f => !!e[f as keyof typeof e]).length > 0) === undefined,
-    'got redacted data',
-    'data correctly redacted',
-  )
+  if (selfEnduser) {
+    assert(
+      redactedFields.filter(f => !!(selfEnduser as any)[f]).length === 0,
+      'self enduser got redacted data',
+      'self enduser data correctly redacted per schema',
+    )
+  }
 
   assert(
     !forUser.find(u => u.hashedPassword),
@@ -13947,6 +14008,8 @@ const ip_address_form_tests = async () => {
     await replace_enduser_template_values_tests()
     await mfa_tests()
     await setup_tests(sdk, sdkNonAdmin)
+    await get_some_projection_tests({ sdk, sdkNonAdmin })
+    await elation_user_id_tests({ sdk, sdkNonAdmin })
     await custom_dashboards_tests({ sdk, sdkNonAdmin })
     await concurrent_build_threads_tests({ sdk, sdkNonAdmin })
     await custom_aggregation_tests({ sdk, sdkNonAdmin })