feat(auth): matrice permessi 3 ruoli + landingFor
This commit is contained in:
+49
-23
@@ -1,37 +1,63 @@
|
||||
import { describe, it, expect, beforeEach } from 'vitest';
|
||||
import type Database from 'better-sqlite3';
|
||||
import { createDb } from '../src/lib/db';
|
||||
import { createUser, login, getSessionUser, canAccessAdminPath } from '../src/lib/auth';
|
||||
import { createUser, login, getSessionUser, canAccessAdminPath, landingFor } from '../src/lib/auth';
|
||||
|
||||
let db: Database.Database;
|
||||
beforeEach(() => { db = createDb(':memory:'); });
|
||||
|
||||
describe('ruoli', () => {
|
||||
it('createUser accetta ruolo editor e getSessionUser lo ritorna', () => {
|
||||
createUser(db, 'cliente', 'segreta123', 'editor');
|
||||
const token = login(db, 'cliente', 'segreta123')!;
|
||||
expect(getSessionUser(db, token)).toMatchObject({ username: 'cliente', role: 'editor' });
|
||||
it('createUser accetta i tre ruoli e getSessionUser li ritorna', () => {
|
||||
createUser(db, 'u', 'segreta123', 'user');
|
||||
createUser(db, 's', 'segreta123', 'superuser');
|
||||
expect(getSessionUser(db, login(db, 'u', 'segreta123')!)).toMatchObject({ role: 'user' });
|
||||
expect(getSessionUser(db, login(db, 's', 'segreta123')!)).toMatchObject({ role: 'superuser' });
|
||||
});
|
||||
|
||||
it('createUser senza ruolo crea admin', () => {
|
||||
createUser(db, 'adriano', 'segreta123');
|
||||
const token = login(db, 'adriano', 'segreta123')!;
|
||||
expect(getSessionUser(db, token)).toMatchObject({ role: 'admin' });
|
||||
});
|
||||
|
||||
it('admin accede a tutto, editor solo a contenuti e logout', () => {
|
||||
expect(canAccessAdminPath('admin', '/admin')).toBe(true);
|
||||
expect(canAccessAdminPath('admin', '/api/admin/posts')).toBe(true);
|
||||
expect(canAccessAdminPath('editor', '/admin/content')).toBe(true);
|
||||
expect(canAccessAdminPath('editor', '/api/admin/content/home.hero.title')).toBe(true);
|
||||
expect(canAccessAdminPath('editor', '/admin/logout')).toBe(true);
|
||||
expect(canAccessAdminPath('editor', '/admin')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/admin/new')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/api/admin/posts')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/api/admin/upload')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/admin/contentious')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/admin/content-x')).toBe(false);
|
||||
expect(canAccessAdminPath('editor', '/admin/content')).toBe(true);
|
||||
expect(canAccessAdminPath('editor', '/admin/content/')).toBe(true);
|
||||
expect(getSessionUser(db, login(db, 'adriano', 'segreta123')!)).toMatchObject({ role: 'admin' });
|
||||
});
|
||||
});
|
||||
|
||||
describe('canAccessAdminPath', () => {
|
||||
it('admin accede a tutto', () => {
|
||||
for (const p of ['/admin', '/admin/users', '/admin/content', '/api/admin/posts', '/api/admin/users/1'])
|
||||
expect(canAccessAdminPath('admin', p)).toBe(true);
|
||||
});
|
||||
|
||||
it('superuser: contenuti + blog sì, utenti no', () => {
|
||||
expect(canAccessAdminPath('superuser', '/admin/content')).toBe(true);
|
||||
expect(canAccessAdminPath('superuser', '/admin/content/')).toBe(true);
|
||||
expect(canAccessAdminPath('superuser', '/api/admin/content/home.hero.title')).toBe(true);
|
||||
expect(canAccessAdminPath('superuser', '/admin')).toBe(true);
|
||||
expect(canAccessAdminPath('superuser', '/admin/new')).toBe(true);
|
||||
expect(canAccessAdminPath('superuser', '/api/admin/posts')).toBe(true);
|
||||
expect(canAccessAdminPath('superuser', '/admin/users')).toBe(false);
|
||||
expect(canAccessAdminPath('superuser', '/api/admin/users/1')).toBe(false);
|
||||
});
|
||||
|
||||
it('user: blog sì, contenuti e utenti no', () => {
|
||||
expect(canAccessAdminPath('user', '/admin')).toBe(true);
|
||||
expect(canAccessAdminPath('user', '/admin/new')).toBe(true);
|
||||
expect(canAccessAdminPath('user', '/api/admin/posts')).toBe(true);
|
||||
expect(canAccessAdminPath('user', '/api/admin/upload')).toBe(true);
|
||||
expect(canAccessAdminPath('user', '/admin/logout')).toBe(true);
|
||||
expect(canAccessAdminPath('user', '/admin/content')).toBe(false);
|
||||
expect(canAccessAdminPath('user', '/api/admin/content/x')).toBe(false);
|
||||
expect(canAccessAdminPath('user', '/admin/users')).toBe(false);
|
||||
});
|
||||
|
||||
it('la matrice non confonde prefissi simili', () => {
|
||||
expect(canAccessAdminPath('user', '/admin/contentious')).toBe(true); // NON è /admin/content
|
||||
expect(canAccessAdminPath('superuser', '/admin/users-x')).toBe(true); // NON è /admin/users
|
||||
});
|
||||
});
|
||||
|
||||
describe('landingFor', () => {
|
||||
it('instrada ogni ruolo alla sua home', () => {
|
||||
expect(landingFor('superuser')).toBe('/admin/content');
|
||||
expect(landingFor('user')).toBe('/admin');
|
||||
expect(landingFor('admin')).toBe('/admin');
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user