Update permissions handling and enhance Guard functionality

- Bump `jsonv-ts` dependency to 0.8.6. - Refactor permission checks in the `Guard` class to improve context validation and error handling. - Update tests to reflect changes in permission handling, ensuring robust coverage for new scenarios. - Introduce new test cases for data permissions, enhancing overall test coverage and reliability.
2026-03-16 04:27:21 +00:00 · 2025-10-21 16:44:08 +02:00
parent 0347efa592
commit 38902ebcba
20 changed files with 859 additions and 153 deletions
--- a/app/test/auth/authorize/permissions.spec.ts
+++ b/app/test/auth/authorize/permissions.spec.ts
@@ -122,26 +122,10 @@ describe("Guard", () => {
      const guard = new Guard([p], [r], {
         enabled: true,
      });
-      expect(
-         guard.getPolicyFilter(
-            p,
-            {
-               role: r.name,
-            },
-            { a: 1 },
-         ),
-      ).toEqual({ foo: "bar" });
-      expect(
-         guard.getPolicyFilter(
-            p,
-            {
-               role: r.name,
-            },
-            { a: 2 },
-         ),
-      ).toBeUndefined();
+      expect(guard.filters(p, { role: r.name }, { a: 1 }).filter).toEqual({ foo: "bar" });
+      expect(guard.filters(p, { role: r.name }, { a: 2 }).filter).toBeUndefined();
      // if no user context given, filter cannot be applied
-      expect(guard.getPolicyFilter(p, {}, { a: 1 })).toBeUndefined();
+      expect(guard.filters(p, {}, { a: 1 }).filter).toBeUndefined();
   });

   it("collects filters for default role", () => {
@@ -172,26 +156,26 @@ describe("Guard", () => {
      });

      expect(
-         guard.getPolicyFilter(
+         guard.filters(
            p,
            {
               role: r.name,
            },
            { a: 1 },
-         ),
+         ).filter,
      ).toEqual({ foo: "bar" });
      expect(
-         guard.getPolicyFilter(
+         guard.filters(
            p,
            {
               role: r.name,
            },
            { a: 2 },
-         ),
+         ).filter,
      ).toBeUndefined();
      // if no user context given, the default role is applied
      // hence it can be found
-      expect(guard.getPolicyFilter(p, {}, { a: 1 })).toEqual({ foo: "bar" });
+      expect(guard.filters(p, {}, { a: 1 }).filter).toEqual({ foo: "bar" });
   });
 });