data-primals-engine 1.6.0 → 1.6.2-rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/test/user.test.js CHANGED
@@ -1,4 +1,4 @@
1
- import { expect, describe, it, beforeEach, beforeAll, afterAll } from 'vitest';
1
+ import { expect, describe, it, afterEach, beforeAll, afterAll } from 'vitest';
2
2
  import { hasPermission, getUserActivePermissions } from '../src/modules/user.js';
3
3
  import {initEngine} from "../src/setenv";
4
4
  import {generateUniqueName} from "../src/setenv.js";
@@ -207,4 +207,109 @@ describe('User Permission Logic', () => {
207
207
  await coll.drop();
208
208
  });
209
209
  });
210
+
211
+ describe('hasPermission() with environment context', () => {
212
+ let user, coll;
213
+ let permRead, permWrite;
214
+ let envProdId, envStagingId;
215
+
216
+ beforeAll(async () => {
217
+ // --- Setup ---
218
+ coll = await setupTestContext();
219
+ user = currentTestUser; // Récupère l'utilisateur du contexte
220
+
221
+ // 1. Créer les permissions
222
+ const perms = await coll.insertMany([
223
+ { _model: 'permission', name: 'env:read', _user: user.username },
224
+ { _model: 'permission', name: 'env:write', _user: user.username }
225
+ ]);
226
+ permRead = perms.insertedIds[0];
227
+ permWrite = perms.insertedIds[1];
228
+
229
+ // 2. Créer les environnements
230
+ const envs = await coll.insertMany([
231
+ { _model: 'env', name: 'prod', _user: user.username },
232
+ { _model: 'env', name: 'staging', _user: user.username }
233
+ ]);
234
+ envProdId = envs.insertedIds[0].toString();
235
+ envStagingId = envs.insertedIds[1].toString();
236
+
237
+ // 3. Créer un rôle de base et l'assigner à l'utilisateur
238
+ const role = await coll.insertOne({
239
+ _model: 'role',
240
+ name: 'EnvTester',
241
+ permissions: [permRead.toString()],
242
+ _user: user.username
243
+ });
244
+ await coll.updateOne(
245
+ { _id: user._id },
246
+ { $set: { roles: [role.insertedId.toString()] } }
247
+ );
248
+ // Mettre à jour l'objet utilisateur en mémoire
249
+ user.roles = [role.insertedId.toString()];
250
+ user.permissions = ['env:read'];
251
+ });
252
+
253
+ afterAll(async () => {
254
+ await coll.drop();
255
+ });
256
+
257
+ afterEach(async () => {
258
+ // Nettoyer les exceptions de permission après chaque test
259
+ await coll.deleteMany({ _model: 'userPermission', user: user._id });
260
+ });
261
+
262
+ it('should grant permission if exception is global (no env)', async () => {
263
+ await coll.insertOne({
264
+ _model: 'userPermission', user: user._id, permission: permWrite, isGranted: true
265
+ });
266
+ // L'utilisateur doit avoir la permission dans n'importe quel environnement
267
+ expect(await hasPermission(['env:write'], user, envProdId)).toBe(true);
268
+ expect(await hasPermission(['env:write'], user, envStagingId)).toBe(true);
269
+ expect(await hasPermission(['env:write'], user, null)).toBe(true); // Environnement par défaut
270
+ });
271
+
272
+ it('should grant permission only in the specified environment', async () => {
273
+ await coll.insertOne({
274
+ _model: 'userPermission', user: user._id, permission: permWrite, isGranted: true, env: envProdId
275
+ });
276
+ // L'utilisateur ne doit avoir la permission qu'en 'prod'
277
+ expect(await hasPermission(['env:write'], user, envProdId)).toBe(true);
278
+ expect(await hasPermission(['env:write'], user, envStagingId)).toBe(false);
279
+ expect(await hasPermission(['env:write'], user, null)).toBe(false);
280
+ });
281
+
282
+ it('should revoke a base permission globally if exception has no env', async () => {
283
+ await coll.insertOne({
284
+ _model: 'userPermission', user: user._id, permission: permRead, isGranted: false
285
+ });
286
+ // La permission de lecture (du rôle) doit être révoquée partout
287
+ expect(await hasPermission(['env:read'], user, envProdId)).toBe(false);
288
+ expect(await hasPermission(['env:read'], user, envStagingId)).toBe(false);
289
+ expect(await hasPermission(['env:read'], user, null)).toBe(false);
290
+ });
291
+
292
+ it('should revoke a base permission only in the specified environment', async () => {
293
+ await coll.insertOne({
294
+ _model: 'userPermission', user: user._id, permission: permRead, isGranted: false, env: envStagingId
295
+ });
296
+ // La permission de lecture ne doit être révoquée qu'en 'staging'
297
+ expect(await hasPermission(['env:read'], user, envProdId)).toBe(true);
298
+ expect(await hasPermission(['env:read'], user, envStagingId)).toBe(false);
299
+ expect(await hasPermission(['env:read'], user, null)).toBe(true);
300
+ });
301
+
302
+ it('should prioritize specific env revocation over a global grant', async () => {
303
+ await coll.insertMany([
304
+ // On accorde 'env:write' partout
305
+ { _model: 'userPermission', user: user._id, permission: permWrite, isGranted: true },
306
+ // Mais on le révoque spécifiquement pour 'staging'
307
+ { _model: 'userPermission', user: user._id, permission: permWrite, isGranted: false, env: envStagingId }
308
+ ]);
309
+
310
+ expect(await hasPermission(['env:write'], user, envProdId)).toBe(true);
311
+ expect(await hasPermission(['env:write'], user, envStagingId)).toBe(false);
312
+ expect(await hasPermission(['env:write'], user, null)).toBe(true);
313
+ });
314
+ });
210
315
  });