npm - @tellescope/sdk - Versions diffs - 1.248.0 → 1.249.0 - Mend

@tellescope/sdk 1.248.0 → 1.249.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/src/tests/api_tests/managed_content_file_access.test.ts ADDED Viewed

@@ -0,0 +1,214 @@
+require('source-map-support').install();
+import * as buffer from 'buffer'
+import { Session, EnduserSession } from "../../sdk"
+import {
+  async_test,
+  log_header,
+} from "@tellescope/testing"
+import { setup_tests } from "../setup"
+const host = process.env.API_URL || 'http://localhost:8080' as const
+const businessId = '60398b1131a295e64f084ff6'
+/**
+ * Tests for file_download_URL enduser access via managed content fallback.
+ *
+ * Verifies the backend fallback logic that allows endusers to access files
+ * attached to managed content records they have access to, even when the
+ * file itself does not have enduserId set or publicRead: true.
+ */
+export const managed_content_file_access_tests = async ({ sdk, sdkNonAdmin }: { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("Managed Content File Access Tests")
+  const contentRecordIds: string[] = []
+  const assignmentIds: string[] = []
+  const fileIds: string[] = []
+  let testEnduserId: string | undefined
+  let otherEnduserId: string | undefined
+  let enduserSDK: EnduserSession | undefined
+  let otherEnduserSDK: EnduserSession | undefined
+  const uploadFile = async (
+    name: string,
+    opts: { enduserId?: string, publicRead?: boolean } = {}
+  ) => {
+    const buff = buffer.Buffer.from(`test file content for ${name}`)
+    const { presignedUpload, file } = await sdk.api.files.prepare_file_upload({
+      name,
+      type: 'text/plain',
+      size: buff.byteLength,
+      ...opts,
+    })
+    await sdk.UPLOAD(presignedUpload as any, buff)
+    await sdk.api.files.confirm_file_upload({ id: file.id })
+    fileIds.push(file.id)
+    return file
+  }
+  try {
+    console.log("Setting up test data...")
+    const testEnduser = await sdk.api.endusers.createOne({
+      email: `mcr_file_access_test_${Date.now()}@test.tellescope.com`,
+    })
+    testEnduserId = testEnduser.id
+    await sdk.api.endusers.set_password({ id: testEnduser.id, password: 'TestPassword123!' })
+    const otherEnduser = await sdk.api.endusers.createOne({
+      email: `mcr_file_access_other_${Date.now()}@test.tellescope.com`,
+    })
+    otherEnduserId = otherEnduser.id
+    await sdk.api.endusers.set_password({ id: otherEnduser.id, password: 'TestPassword123!' })
+    enduserSDK = new EnduserSession({ host, businessId })
+    await enduserSDK.authenticate(testEnduser.email!, 'TestPassword123!')
+    otherEnduserSDK = new EnduserSession({ host, businessId })
+    await otherEnduserSDK.authenticate(otherEnduser.email!, 'TestPassword123!')
+    // ===== Test 1: File attached to assignmentType: 'All' content - enduser CAN access =====
+    const fileForAll = await uploadFile('mcr-file-all.txt')
+    const contentAll = await sdk.api.managed_content_records.createOne({
+      title: 'MCR File Access - All',
+      htmlContent: '<p>All</p>',
+      textContent: 'All',
+      assignmentType: 'All',
+      attachments: [{ secureName: fileForAll.secureName, type: 'file', name: fileForAll.name }],
+    })
+    contentRecordIds.push(contentAll.id)
+    await async_test(
+      'staff-uploaded file in assignmentType:All content - enduser CAN access',
+      async () => {
+        const result = await enduserSDK!.api.files.file_download_URL({ secureName: fileForAll.secureName })
+        return !!result?.downloadURL
+      },
+      { onResult: (r) => r === true }
+    )
+    // ===== Test 2: File attached to Individual content for enduser A - enduser B CANNOT access =====
+    const fileForIndividual = await uploadFile('mcr-file-individual.txt')
+    const contentIndividual = await sdk.api.managed_content_records.createOne({
+      title: 'MCR File Access - Individual',
+      htmlContent: '<p>Individual</p>',
+      textContent: 'Individual',
+      enduserId: testEnduser.id,
+      attachments: [{ secureName: fileForIndividual.secureName, type: 'file', name: fileForIndividual.name }],
+    })
+    contentRecordIds.push(contentIndividual.id)
+    await async_test(
+      'file attached to Individual content - assigned enduser CAN access',
+      async () => {
+        const result = await enduserSDK!.api.files.file_download_URL({ secureName: fileForIndividual.secureName })
+        return !!result?.downloadURL
+      },
+      { onResult: (r) => r === true }
+    )
+    await async_test(
+      'file attached to Individual content - unassigned enduser CANNOT access',
+      async () => {
+        try {
+          await otherEnduserSDK!.api.files.file_download_URL({ secureName: fileForIndividual.secureName })
+          return false
+        } catch (err) {
+          return true
+        }
+      },
+      { onResult: (r) => r === true }
+    )
+    // ===== Test 3: File not attached to any managed content - enduser CANNOT access =====
+    const fileNoContent = await uploadFile('mcr-file-no-content.txt')
+    await async_test(
+      'file not attached to any managed content - enduser CANNOT access',
+      async () => {
+        try {
+          await enduserSDK!.api.files.file_download_URL({ secureName: fileNoContent.secureName })
+          return false
+        } catch (err) {
+          return true
+        }
+      },
+      { onResult: (r) => r === true }
+    )
+    // ===== Test 4: File with enduserId set - existing behavior preserved =====
+    const fileWithEnduser = await uploadFile('mcr-file-with-enduser.txt', { enduserId: testEnduser.id })
+    await async_test(
+      'file with enduserId set - enduser CAN access (no fallback needed)',
+      async () => {
+        const result = await enduserSDK!.api.files.file_download_URL({ secureName: fileWithEnduser.secureName })
+        return !!result?.downloadURL
+      },
+      { onResult: (r) => r === true }
+    )
+    // ===== Test 5: File with publicRead: true - existing behavior preserved =====
+    const filePublic = await uploadFile('mcr-file-public.txt', { publicRead: true })
+    await async_test(
+      'file with publicRead - enduser CAN access',
+      async () => {
+        const result = await enduserSDK!.api.files.file_download_URL({ secureName: filePublic.secureName })
+        return !!result?.downloadURL
+      },
+      { onResult: (r) => r === true }
+    )
+    console.log("All Managed Content File Access tests passed!")
+  } finally {
+    console.log("Cleaning up test data...")
+    try {
+      for (const assignmentId of assignmentIds) {
+        await sdk.api.managed_content_record_assignments.deleteOne(assignmentId).catch(() => {})
+      }
+      for (const recordId of contentRecordIds) {
+        await sdk.api.managed_content_records.deleteOne(recordId).catch(() => {})
+      }
+      for (const fileId of fileIds) {
+        await sdk.api.files.deleteOne(fileId).catch(() => {})
+      }
+      if (testEnduserId) {
+        await sdk.api.endusers.deleteOne(testEnduserId).catch(() => {})
+      }
+      if (otherEnduserId) {
+        await sdk.api.endusers.deleteOne(otherEnduserId).catch(() => {})
+      }
+      console.log("Cleanup completed")
+    } catch (error) {
+      console.error('Cleanup error:', error)
+    }
+  }
+}
+if (require.main === module) {
+  console.log(`Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await managed_content_file_access_tests({ sdk, sdkNonAdmin })
+  }
+  runTests()
+    .then(() => {
+      console.log("Managed content file access test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("Managed content file access test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/api_tests/organization_settings_duplicates.test.ts CHANGED Viewed

@@ -176,6 +176,20 @@ export const organization_settings_duplicates_tests = async ({ sdk, sdkNonAdmin
       },
     }
   }, { replaceObjectFields: true })
+  // === D. subdomain is readonly ===
+  const orgBefore = await sdk.api.organizations.getOne(orgId)
+  await async_test(
+    "subdomain field is readonly — update does not change persisted value",
+    async () => {
+      await sdk.api.organizations.updateOne(orgId, {
+        subdomain: `readonly-attempt-${Date.now()}`,
+      } as any).catch(() => undefined) // tolerate either silent-drop or unknown-field rejection
+      const orgAfter = await sdk.api.organizations.getOne(orgId)
+      return orgAfter.subdomain === orgBefore.subdomain
+    },
+    { onResult: (unchanged: boolean) => unchanged === true }
+  )
 }
 // Allow running this test file independently

package/src/tests/tests.ts CHANGED Viewed

@@ -74,16 +74,20 @@ import {
 import fs from "fs"
 import { load_inbox_data_tests } from "./api_tests/load_inbox_data.test";
+import { eom_procedure_codes_tests } from "./api_tests/eom_procedure_codes.test";
+import { cross_org_api_key_tests } from "./api_tests/cross_org_api_key.test";
 import { custom_dashboards_tests } from "./api_tests/custom_dashboards.test";
 import { message_assignment_trigger_tests } from "./api_tests/message_assignment_trigger.test";
 import { time_tracks_tests, time_tracks_historical_tests, time_tracks_correction_tests, time_tracks_review_tests, time_tracks_lock_tests, time_tracks_edge_case_tests } from "./api_tests/time_tracks.test";
 import { monthly_availability_restrictions_tests } from "./api_tests/monthly_availability_restrictions.test";
 import { calendar_event_limits_tests } from "./api_tests/calendar_event_limits.test";
 import { custom_aggregation_tests } from "./api_tests/custom_aggregation.test";
+import { chats_analytics_tests } from "./api_tests/chats_analytics.test";
 import { no_access_permission_checks_tests } from "./api_tests/no_access_permission_checks.test";
 import { field_redaction_tests } from "./api_tests/field_redaction.test";
 import { bulk_assignment_tests } from "./api_tests/bulk_assignment.test";
 import { managed_content_enduser_access_tests } from "./api_tests/managed_content_enduser_access.test";
+import { managed_content_file_access_tests } from "./api_tests/managed_content_file_access.test";
 import { auto_merge_form_submission_tests } from "./api_tests/auto_merge_form_submission.test";
 import { database_cascade_delete_tests } from "./api_tests/database_cascade_delete.test";
 import { ai_conversations_tests } from "./api_tests/ai_conversations.test";
@@ -14201,6 +14205,11 @@ const ip_address_form_tests = async () => {
     await replace_enduser_template_values_tests()
     await mfa_tests()
     await setup_tests(sdk, sdkNonAdmin)
+    await eom_procedure_codes_tests({ sdk, sdkNonAdmin })
+    await cross_org_api_key_tests({ sdk, sdkNonAdmin })
+    await organization_settings_duplicates_tests({ sdk, sdkNonAdmin })
+    await enduser_session_invalidation_tests({ sdk, sdkNonAdmin })
+    await chats_analytics_tests({ sdk, sdkNonAdmin })
     await field_redaction_tests({ sdk, sdkNonAdmin })
     await form_submitted_trigger_tests({ sdk, sdkNonAdmin })
     await date_string_validation_tests({ sdk, sdkNonAdmin })
@@ -14208,7 +14217,6 @@ const ip_address_form_tests = async () => {
     await automation_trigger_tests()
     await integrations_redacted_tests({ sdk, sdkNonAdmin })
     await mdb_sort_tests({ sdk, sdkNonAdmin })
-    await organization_settings_duplicates_tests({ sdk, sdkNonAdmin })
     await search_tests()
     await time_tracks_tests({ sdk, sdkNonAdmin })
     await time_tracks_historical_tests({ sdk, sdkNonAdmin })
@@ -14235,6 +14243,7 @@ const ip_address_form_tests = async () => {
     await beluga_pharmacy_mappings_tests({ sdk, sdkNonAdmin })
     await threadKeyTests()
     await managed_content_enduser_access_tests({ sdk, sdkNonAdmin })
+    await managed_content_file_access_tests({ sdk, sdkNonAdmin })
     await afteraction_day_of_month_delay_tests({ sdk, sdkNonAdmin })
     await bulk_assignment_tests({ sdk, sdkNonAdmin })
     await formsort_tests()
@@ -14247,7 +14256,6 @@ const ip_address_form_tests = async () => {
     await inbox_threads_loading_tests()
     await load_inbox_data_tests({ sdk, sdkNonAdmin })
     await enduser_observations_acknowledge_tests({ sdk, sdkNonAdmin })
-    await enduser_session_invalidation_tests({ sdk, sdkNonAdmin })
     await create_user_notifications_trigger_tests({ sdk })
     await group_mms_active_tests()
     await auto_reply_tests()

package/test_generated.pdf CHANGED Viewed

Binary file