import { UserToken } from '@axinom/mosaic-core'; import { describe, expect, it } from 'vitest'; import { requiredPermissionsExists } from './check-permissions'; type UserPermissions = UserToken['permissions']; describe('check-permissions', () => { describe('requiredPermissionsExists', () => { describe('object overload (UserToken permissions)', () => { ( [ [{ id: ['write'] }, { id: ['write'] }, true], // matching permissions [{ id: ['write'] }, { id: ['write', 'read'] }, true], // matching permissions, but also additional ones [{ id: ['write', 'read'] }, { id: ['read'] }, true], // tread multiple required permissions as `OR` [{ id: ['write', 'read'] }, { id: ['write'] }, true], // tread multiple required permissions as `OR` [{ id: ['read'], user: ['read'] }, { user: ['read'] }, true], // tread multiple required permissions from different services as `OR` [{}, { id: ['write'] }, true], // allow if no permissions required [{ id: [] }, { id: ['write'] }, false], // don't allow wildcard checks [{ id: ['write'] }, {}, false], // no permissions at all [{ id: ['write'] }, { video: ['write'] }, false], // correct permission but on other service [{ id: ['write'] }, { id: ['read'] }, false], // wrong permission [{ id: ['write'] }, { id: [] }, false], // wrong permission ] as [UserPermissions, UserPermissions, boolean][] ).forEach(([required, current, expected]) => { it(`checks permissions correctly: required: ${JSON.stringify(required)}, current: ${JSON.stringify(current)}, expected: ${expected}`, () => { expect(requiredPermissionsExists(required, current)).toEqual( expected, ); }); }); }); describe('array overload (string[])', () => { it.each<[string[], string[], boolean]>([ [['write'], ['write'], true], // single matching permission [['write', 'read'], ['read'], true], // OR semantics: second permission matches [['write'], ['read'], false], // no intersection // Note: empty required returns false here (Array.some([]) === false), // unlike the object overload where {} returns true. [[], ['write'], false], // empty required → false (asymmetry with object overload) [['write'], [], false], // empty granted → false ])('required: %j, granted: %j → %s', (required, granted, expected) => { expect(requiredPermissionsExists(required, granted)).toEqual(expected); }); }); }); });