feat: add integration access check to middlewares (#756)

* feat: add integration access check to middlewares * fix: format issues * fix: remove group and user permissions and items from context * refactor: move action check to seperate function
2024-07-08 17:39:36 +02:00
parent 8d42ca8b5e
commit 46943b147a
11 changed files with 966 additions and 29 deletions
--- a/packages/auth/test/callbacks.spec.ts
+++ b/packages/auth/test/callbacks.spec.ts
@@ -17,6 +17,14 @@ describe("getCurrentUserPermissions", () => {
  test("should return empty permissions when non existing user requested", async () => {
    const db = createDb();

+    await db.insert(groups).values({
+      id: "2",
+      name: "test",
+    });
+    await db.insert(groupPermissions).values({
+      groupId: "2",
+      permission: "admin",
+    });
    await db.insert(users).values({
      id: "2",
    });
@@ -25,6 +33,27 @@ describe("getCurrentUserPermissions", () => {
    const result = await getCurrentUserPermissionsAsync(db, userId);
    expect(result).toEqual([]);
  });
+
+  test("should return empty permissions when user has no groups", async () => {
+    const db = createDb();
+    const userId = "1";
+
+    await db.insert(groups).values({
+      id: "2",
+      name: "test",
+    });
+    await db.insert(groupPermissions).values({
+      groupId: "2",
+      permission: "admin",
+    });
+    await db.insert(users).values({
+      id: userId,
+    });
+
+    const result = await getCurrentUserPermissionsAsync(db, userId);
+    expect(result).toEqual([]);
+  });
+
  test("should return permissions for user", async () => {
    const db = createDb();
    const getPermissionsWithChildrenMock = vi