159 lines
5.0 KiB
TypeScript
159 lines
5.0 KiB
TypeScript
import { describe, test, expect } from "bun:test";
|
|
import { permissionValidator } from "../../src/modules/permission-utils/permissionValidator";
|
|
|
|
describe("permissionValidator", () => {
|
|
// -------------------------------------------------------------------
|
|
// Exact match
|
|
// -------------------------------------------------------------------
|
|
describe("exact matches", () => {
|
|
test("returns true for exact permission match", () => {
|
|
expect(permissionValidator("company.fetch", ["company.fetch"])).toBe(
|
|
true,
|
|
);
|
|
});
|
|
|
|
test("returns false when no match", () => {
|
|
expect(permissionValidator("company.fetch", ["company.create"])).toBe(
|
|
false,
|
|
);
|
|
});
|
|
|
|
test("returns false for empty expressions", () => {
|
|
expect(permissionValidator("company.fetch", [])).toBe(false);
|
|
});
|
|
|
|
test("handles single string expression", () => {
|
|
expect(permissionValidator("company.fetch", "company.fetch")).toBe(true);
|
|
});
|
|
|
|
test("handles single string non-match", () => {
|
|
expect(permissionValidator("company.fetch", "company.create")).toBe(
|
|
false,
|
|
);
|
|
});
|
|
});
|
|
|
|
// -------------------------------------------------------------------
|
|
// Wildcard *
|
|
// -------------------------------------------------------------------
|
|
describe("wildcard (*)", () => {
|
|
test("* matches any single-segment permission", () => {
|
|
expect(permissionValidator("company", ["*"])).toBe(true);
|
|
});
|
|
|
|
test("* matches multi-segment permissions", () => {
|
|
expect(permissionValidator("company.fetch.many", ["*"])).toBe(true);
|
|
});
|
|
|
|
test("company.* matches company.fetch", () => {
|
|
expect(permissionValidator("company.fetch", ["company.*"])).toBe(true);
|
|
});
|
|
|
|
test("company.* matches company.fetch.many", () => {
|
|
expect(permissionValidator("company.fetch.many", ["company.*"])).toBe(
|
|
true,
|
|
);
|
|
});
|
|
|
|
test("*.fetch matches company.fetch", () => {
|
|
expect(permissionValidator("company.fetch", ["*.fetch"])).toBe(true);
|
|
});
|
|
|
|
test("company.fetch.* matches company.fetch.many", () => {
|
|
expect(
|
|
permissionValidator("company.fetch.many", ["company.fetch.*"]),
|
|
).toBe(true);
|
|
});
|
|
|
|
test("company.fetch.* does NOT match company.create", () => {
|
|
expect(permissionValidator("company.create", ["company.fetch.*"])).toBe(
|
|
false,
|
|
);
|
|
});
|
|
});
|
|
|
|
// -------------------------------------------------------------------
|
|
// Single-character wildcard ?
|
|
// -------------------------------------------------------------------
|
|
describe("single-character wildcard (?)", () => {
|
|
test("? matches exactly one character", () => {
|
|
expect(permissionValidator("company.a", ["company.?"])).toBe(true);
|
|
});
|
|
|
|
test("? does not match multiple characters", () => {
|
|
expect(permissionValidator("company.ab", ["company.?"])).toBe(false);
|
|
});
|
|
|
|
test("? does not match dot separator", () => {
|
|
expect(permissionValidator("company.a.b", ["company.?"])).toBe(false);
|
|
});
|
|
});
|
|
|
|
// -------------------------------------------------------------------
|
|
// Bracket groups [a,b,c]
|
|
// -------------------------------------------------------------------
|
|
describe("bracket groups [a,b,c]", () => {
|
|
test("matches first option in group", () => {
|
|
expect(
|
|
permissionValidator("company.fetch", ["company.[fetch,create]"]),
|
|
).toBe(true);
|
|
});
|
|
|
|
test("matches second option in group", () => {
|
|
expect(
|
|
permissionValidator("company.create", ["company.[fetch,create]"]),
|
|
).toBe(true);
|
|
});
|
|
|
|
test("does not match unlisted option", () => {
|
|
expect(
|
|
permissionValidator("company.delete", ["company.[fetch,create]"]),
|
|
).toBe(false);
|
|
});
|
|
});
|
|
|
|
// -------------------------------------------------------------------
|
|
// Multiple expressions
|
|
// -------------------------------------------------------------------
|
|
describe("multiple expressions", () => {
|
|
test("returns true if any expression matches", () => {
|
|
expect(
|
|
permissionValidator("role.create", [
|
|
"company.fetch",
|
|
"role.create",
|
|
"user.read",
|
|
]),
|
|
).toBe(true);
|
|
});
|
|
|
|
test("returns false if no expression matches", () => {
|
|
expect(
|
|
permissionValidator("role.delete", [
|
|
"company.fetch",
|
|
"role.create",
|
|
"user.read",
|
|
]),
|
|
).toBe(false);
|
|
});
|
|
});
|
|
|
|
// -------------------------------------------------------------------
|
|
// Complex patterns
|
|
// -------------------------------------------------------------------
|
|
describe("complex patterns", () => {
|
|
test("combined wildcard and bracket", () => {
|
|
expect(
|
|
permissionValidator("company.fetch.many", ["company.[fetch,create].*"]),
|
|
).toBe(true);
|
|
});
|
|
|
|
test("deeply nested permission with wildcard", () => {
|
|
expect(
|
|
permissionValidator("unifi.site.wifi.read.passphrase", [
|
|
"unifi.site.wifi.*",
|
|
]),
|
|
).toBe(true);
|
|
});
|
|
});
|
|
});
|