public commit

2026-03-15 20:17:22 +00:00 · 2024-11-16 12:01:47 +01:00
commit 90f80c4280
582 changed files with 49291 additions and 0 deletions
--- a/app/test/auth/authorize/authorize.spec.ts
+++ b/app/test/auth/authorize/authorize.spec.ts
@@ -0,0 +1,89 @@
+import { describe, expect, test } from "bun:test";
+import { Guard } from "../../../src/auth";
+
+describe("authorize", () => {
+   test("basic", async () => {
+      const guard = Guard.create(
+         ["read", "write"],
+         {
+            admin: {
+               permissions: ["read", "write"]
+            }
+         },
+         { enabled: true }
+      );
+      const user = {
+         role: "admin"
+      };
+
+      guard.setUserContext(user);
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+
+      expect(() => guard.granted("something")).toThrow();
+   });
+
+   test("with default", async () => {
+      const guard = Guard.create(
+         ["read", "write"],
+         {
+            admin: {
+               permissions: ["read", "write"]
+            },
+            guest: {
+               permissions: ["read"],
+               is_default: true
+            }
+         },
+         { enabled: true }
+      );
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(false);
+
+      const user = {
+         role: "admin"
+      };
+
+      guard.setUserContext(user);
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+
+   test("guard implicit allow", async () => {
+      const guard = Guard.create([], {}, { enabled: false });
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+
+   test("role implicit allow", async () => {
+      const guard = Guard.create(["read", "write"], {
+         admin: {
+            implicit_allow: true
+         }
+      });
+
+      guard.setUserContext({
+         role: "admin"
+      });
+
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+
+   test("guard with guest role implicit allow", async () => {
+      const guard = Guard.create(["read", "write"], {
+         guest: {
+            implicit_allow: true,
+            is_default: true
+         }
+      });
+
+      expect(guard.getUserRole()?.name).toBe("guest");
+      expect(guard.granted("read")).toBe(true);
+      expect(guard.granted("write")).toBe(true);
+   });
+});