jazzymc/homarr
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Replace entire codebase with homarr-labs/homarr

Browse Source
This commit is contained in:
Thomas Camlong
2026-01-15 21:54:44 +01:00
parent c5bc3b1559
commit 4fdd1fe351
4666 changed files with 409577 additions and 147434 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
packages/auth/permissions/board-permissions.ts Normal file
View File

@@ -0,0 +1,47 @@
import type { Session } from "next-auth";
import type { BoardPermission } from "@homarr/definitions";
export type BoardPermissionsProps = (
| {
creator: {
id: string;
} | null;
}
| {
creatorId: string | null;
}
) & {
userPermissions: {
permission: BoardPermission;
}[];
groupPermissions: {
permission: BoardPermission;
}[];
isPublic: boolean;
};
export const constructBoardPermissions = (board: BoardPermissionsProps, session: Session | null) => {
const creatorId = "creator" in board ? board.creator?.id : board.creatorId;
const isCreator = session !== null && session.user.id === creatorId;
return {
hasFullAccess:
isCreator ||
board.userPermissions.some(({ permission }) => permission === "full") ||
board.groupPermissions.some(({ permission }) => permission === "full") ||
(session?.user.permissions.includes("board-full-all") ?? false),
hasChangeAccess:
isCreator ||
board.userPermissions.some(({ permission }) => permission === "modify" || permission === "full") ||
board.groupPermissions.some(({ permission }) => permission === "modify" || permission === "full") ||
(session?.user.permissions.includes("board-modify-all") ?? false) ||
(session?.user.permissions.includes("board-full-all") ?? false),
hasViewAccess:
isCreator ||
board.userPermissions.length >= 1 ||
board.groupPermissions.length >= 1 ||
board.isPublic ||
(session?.user.permissions.includes("board-view-all") ?? false),
};
};

2
packages/auth/permissions/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from "./board-permissions";
export * from "./integration-permissions";

28
packages/auth/permissions/integration-permissions.ts Normal file
View File

@@ -0,0 +1,28 @@
import type { Session } from "next-auth";
import type { IntegrationPermission } from "@homarr/definitions";
export interface IntegrationPermissionsProps {
userPermissions: {
permission: IntegrationPermission;
}[];
groupPermissions: {
permission: IntegrationPermission;
}[];
}
export const constructIntegrationPermissions = (integration: IntegrationPermissionsProps, session: Session | null) => {
const permissions = integration.userPermissions
.concat(integration.groupPermissions)
.map(({ permission }) => permission);
return {
hasFullAccess:
(session?.user.permissions.includes("integration-full-all") ?? false) || permissions.includes("full"),
hasInteractAccess:
permissions.includes("full") ||
permissions.includes("interact") ||
(session?.user.permissions.includes("integration-interact-all") ?? false),
hasUseAccess: permissions.length >= 1 || (session?.user.permissions.includes("integration-use-all") ?? false),
};
};

56
packages/auth/permissions/integration-provider.tsx Normal file
View File

@@ -0,0 +1,56 @@
"use client";
import type { PropsWithChildren } from "react";
import { createContext, useContext } from "react";
import type { IntegrationKind } from "@homarr/definitions";
interface IntegrationContextProps {
integrations: {
id: string;
name: string;
url: string;
kind: IntegrationKind;
permissions: {
hasFullAccess: boolean;
hasInteractAccess: boolean;
hasUseAccess: boolean;
};
}[];
}
const IntegrationContext = createContext<IntegrationContextProps | null>(null);
export const IntegrationProvider = ({ integrations, children }: PropsWithChildren<IntegrationContextProps>) => {
return <IntegrationContext.Provider value={{ integrations }}>{children}</IntegrationContext.Provider>;
};
export const useIntegrationsWithUseAccess = () => {
const context = useContext(IntegrationContext);
if (!context) {
throw new Error("useIntegrationsWithUseAccess must be used within an IntegrationProvider");
}
return context.integrations.filter((integration) => integration.permissions.hasUseAccess);
};
export const useIntegrationsWithInteractAccess = () => {
const context = useContext(IntegrationContext);
if (!context) {
throw new Error("useIntegrationsWithInteractAccess must be used within an IntegrationProvider");
}
return context.integrations.filter((integration) => integration.permissions.hasInteractAccess);
};
export const useIntegrationsWithFullAccess = () => {
const context = useContext(IntegrationContext);
if (!context) {
throw new Error("useIntegrationsWithFullAccess must be used within an IntegrationProvider");
}
return context.integrations.filter((integration) => integration.permissions.hasFullAccess);
};

122
packages/auth/permissions/integration-query-permissions.ts Normal file
View File

@@ -0,0 +1,122 @@
import type { Session } from "next-auth";
import type { Database } from "@homarr/db";
import { and, eq, inArray, or } from "@homarr/db";
import { boards, boardUserPermissions, groupMembers } from "@homarr/db/schema";
import type { IntegrationPermission } from "@homarr/definitions";
import { constructIntegrationPermissions } from "./integration-permissions";
interface Integration {
id: string;
items: {
item: {
boardId: string;
};
}[];
userPermissions: {
permission: IntegrationPermission;
}[];
groupPermissions: {
permission: IntegrationPermission;
}[];
}
export const hasQueryAccessToIntegrationsAsync = async (
db: Database,
integrations: Integration[],
session: Session | null,
) => {
// If the user has board-view-all and every integration has at least one item that is placed on a board he has access.
if (
session?.user.permissions.includes("board-view-all") &&
integrations.every((integration) => integration.items.length >= 1)
) {
return true;
}
const integrationsWithUseAccess = integrations.filter(
(integration) => constructIntegrationPermissions(integration, session).hasUseAccess,
);
// If the user has use access to all integrations, he has access.
if (integrationsWithUseAccess.length === integrations.length) {
return true;
}
const integrationsWithoutUseAccessAndWithoutBoardViewAllAccess = integrations
.filter((integration) => !integrationsWithUseAccess.includes(integration))
.filter((integration) => !(session?.user.permissions.includes("board-view-all") && integration.items.length >= 1));
if (integrationsWithoutUseAccessAndWithoutBoardViewAllAccess.length === 0) {
return true;
}
const integrationsWithBoardIds = integrationsWithoutUseAccessAndWithoutBoardViewAllAccess.map((integration) => ({
id: integration.id,
anyOfBoardIds: integration.items.map(({ item }) => item.boardId),
}));
const permissionsOfCurrentUserWhenPresent = await db.query.boardUserPermissions.findMany({
where: eq(boardUserPermissions.userId, session?.user.id ?? ""),
});
// If for each integration the user has access to at least of of it's present boards, he has access.
if (
checkEveryIntegrationContainsSomeBoardIdIncludedInBoardsWithAccess(
integrationsWithBoardIds,
permissionsOfCurrentUserWhenPresent.map(({ boardId }) => boardId),
)
) {
return true;
}
const permissionsOfCurrentUserGroupsWhenPresent = await db.query.groupMembers.findMany({
where: eq(groupMembers.userId, session?.user.id ?? ""),
with: {
group: {
with: {
boardPermissions: {},
},
},
},
});
const boardIdsWithPermission = permissionsOfCurrentUserWhenPresent
.map((permission) => permission.boardId)
.concat(
permissionsOfCurrentUserGroupsWhenPresent
.map((groupMember) => groupMember.group.boardPermissions.map((permission) => permission.boardId))
.flat(),
);
// If for each integration the user has access to at least of of it's present boards, he has access.
if (
checkEveryIntegrationContainsSomeBoardIdIncludedInBoardsWithAccess(integrationsWithBoardIds, boardIdsWithPermission)
) {
return true;
}
const relevantBoardIds = [...new Set(integrationsWithBoardIds.map(({ anyOfBoardIds }) => anyOfBoardIds).flat())];
const publicBoardsOrBoardsWhereCurrentUserIsOwner = await db.query.boards.findMany({
where: and(
or(eq(boards.isPublic, true), eq(boards.creatorId, session?.user.id ?? "")),
inArray(boards.id, relevantBoardIds),
),
});
const boardsWithAccess = boardIdsWithPermission.concat(
publicBoardsOrBoardsWhereCurrentUserIsOwner.map(({ id }) => id),
);
// If for each integration the user has access to at least of of it's present boards, he has access.
return checkEveryIntegrationContainsSomeBoardIdIncludedInBoardsWithAccess(integrationsWithBoardIds, boardsWithAccess);
};
const checkEveryIntegrationContainsSomeBoardIdIncludedInBoardsWithAccess = (
integration: { id: string; anyOfBoardIds: string[] }[],
boardIdsWithAccess: string[],
) => {
return integration.every(({ anyOfBoardIds }) =>
anyOfBoardIds.some((boardId) => boardIdsWithAccess.includes(boardId)),
);
};

36
packages/auth/permissions/integrations-with-permissions.ts Normal file
View File

@@ -0,0 +1,36 @@
import type { Session } from "next-auth";
import { db, eq, inArray } from "@homarr/db";
import { groupMembers, integrationGroupPermissions, integrationUserPermissions } from "@homarr/db/schema";
import { constructIntegrationPermissions } from "./integration-permissions";
export const getIntegrationsWithPermissionsAsync = async (session: Session | null) => {
const groupsOfCurrentUser = await db.query.groupMembers.findMany({
where: eq(groupMembers.userId, session?.user.id ?? ""),
});
const integrations = await db.query.integrations.findMany({
columns: {
id: true,
name: true,
url: true,
kind: true,
},
with: {
userPermissions: {
where: eq(integrationUserPermissions.userId, session?.user.id ?? ""),
},
groupPermissions: {
where: inArray(
integrationGroupPermissions.groupId,
groupsOfCurrentUser.map((group) => group.groupId),
),
},
},
});
return integrations.map(({ userPermissions, groupPermissions, ...integration }) => ({
...integration,
permissions: constructIntegrationPermissions({ userPermissions, groupPermissions }, session),
}));
};

307
packages/auth/permissions/test/board-permissions.spec.ts Normal file
View File

@@ -0,0 +1,307 @@
import type { Session } from "next-auth";
import { describe, expect, test } from "vitest";
import { getPermissionsWithChildren } from "@homarr/definitions";
import { constructBoardPermissions } from "../board-permissions";
describe("constructBoardPermissions", () => {
test("should return all board permissions as true when session user id is equal to creator id", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [],
isPublic: false,
};
const session = {
user: {
id: "1",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(true);
expect(result.hasChangeAccess).toBe(true);
expect(result.hasViewAccess).toBe(true);
});
test("should return hasFullAccess as true when session permissions include board-full-all", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: getPermissionsWithChildren(["board-full-all"]),
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(true);
expect(result.hasChangeAccess).toBe(true);
expect(result.hasViewAccess).toBe(true);
});
test("should return hasChangeAccess as true when session permissions include board-modify-all", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: getPermissionsWithChildren(["board-modify-all"]),
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(true);
expect(result.hasViewAccess).toBe(true);
});
test('should return hasChangeAccess as true when board user permissions include "modify"', () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [{ permission: "modify" as const }],
groupPermissions: [],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(true);
expect(result.hasViewAccess).toBe(true);
});
test("should return hasChangeAccess as true when board group permissions include modify", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [{ permission: "modify" as const }],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(true);
expect(result.hasViewAccess).toBe(true);
});
test("should return hasViewAccess as true when session permissions include board-view-all", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: getPermissionsWithChildren(["board-view-all"]),
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(false);
expect(result.hasViewAccess).toBe(true);
});
test("should return hasViewAccess as true when board user permissions length is greater than or equal to 1", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [{ permission: "view" as const }],
groupPermissions: [],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(false);
expect(result.hasViewAccess).toBe(true);
});
test("should return hasViewAccess as true when board group permissions length is greater than or equal to 1", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [{ permission: "view" as const }],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(false);
expect(result.hasViewAccess).toBe(true);
});
test("should return all false when board is not public and session user id is not equal to creator id and no permissions", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [],
isPublic: false,
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(false);
expect(result.hasViewAccess).toBe(false);
});
test("should return hasViewAccess as true when board is public", () => {
// Arrange
const board = {
creator: {
id: "1",
},
userPermissions: [],
groupPermissions: [],
isPublic: true,
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(false);
expect(result.hasViewAccess).toBe(true);
});
test("should return all false when creator is null and session is null", () => {
// Arrange
const board = {
creator: null,
userPermissions: [],
groupPermissions: [],
isPublic: false,
};
const session = null;
// Act
const result = constructBoardPermissions(board, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasChangeAccess).toBe(false);
expect(result.hasViewAccess).toBe(false);
});
});

200
packages/auth/permissions/test/integration-permissions.spec.ts Normal file
View File

@@ -0,0 +1,200 @@
import type { Session } from "next-auth";
import { describe, expect, test } from "vitest";
import { getPermissionsWithChildren } from "@homarr/definitions";
import { constructIntegrationPermissions } from "../integration-permissions";
describe("constructIntegrationPermissions", () => {
test("should return hasFullAccess as true when session permissions include integration-full-all", () => {
// Arrange
const integration = {
userPermissions: [],
groupPermissions: [],
};
const session = {
user: {
id: "2",
permissions: getPermissionsWithChildren(["integration-full-all"]),
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(true);
expect(result.hasInteractAccess).toBe(true);
expect(result.hasUseAccess).toBe(true);
});
test("should return hasInteractAccess as true when session permissions include integration-interact-all", () => {
// Arrange
const integration = {
userPermissions: [],
groupPermissions: [],
};
const session = {
user: {
id: "2",
permissions: getPermissionsWithChildren(["integration-interact-all"]),
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasInteractAccess).toBe(true);
expect(result.hasUseAccess).toBe(true);
});
test('should return hasInteractAccess as true when integration user permissions include "interact"', () => {
// Arrange
const integration = {
userPermissions: [{ permission: "interact" as const }],
groupPermissions: [],
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasInteractAccess).toBe(true);
expect(result.hasUseAccess).toBe(true);
});
test("should return hasInteractAccess as true when integration group permissions include interact", () => {
// Arrange
const integration = {
userPermissions: [],
groupPermissions: [{ permission: "interact" as const }],
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasInteractAccess).toBe(true);
expect(result.hasUseAccess).toBe(true);
});
test("should return hasUseAccess as true when session permissions include integration-use-all", () => {
// Arrange
const integration = {
userPermissions: [],
groupPermissions: [],
};
const session = {
user: {
id: "2",
permissions: getPermissionsWithChildren(["integration-use-all"]),
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasInteractAccess).toBe(false);
expect(result.hasUseAccess).toBe(true);
});
test("should return hasUseAccess as true when integration user permissions length is greater than or equal to 1", () => {
// Arrange
const integration = {
userPermissions: [{ permission: "use" as const }],
groupPermissions: [],
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasInteractAccess).toBe(false);
expect(result.hasUseAccess).toBe(true);
});
test("should return hasUseAccess as true when integration group permissions length is greater than or equal to 1", () => {
// Arrange
const integration = {
userPermissions: [],
groupPermissions: [{ permission: "use" as const }],
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasInteractAccess).toBe(false);
expect(result.hasUseAccess).toBe(true);
});
test("should return all false when integration no permissions", () => {
// Arrange
const integration = {
userPermissions: [],
groupPermissions: [],
};
const session = {
user: {
id: "2",
permissions: [],
colorScheme: "light",
},
expires: new Date().toISOString(),
} satisfies Session;
// Act
const result = constructIntegrationPermissions(integration, session);
// Assert
expect(result.hasFullAccess).toBe(false);
expect(result.hasInteractAccess).toBe(false);
expect(result.hasUseAccess).toBe(false);
});
});

583
packages/auth/permissions/test/integration-query-permissions.spec.ts Normal file
View File

@@ -0,0 +1,583 @@
import type { Session } from "next-auth";
import { describe, expect, test, vi } from "vitest";
import { createId } from "@homarr/common";
import type { InferInsertModel } from "@homarr/db";
import { boardGroupPermissions, boards, boardUserPermissions, groupMembers, groups, users } from "@homarr/db/schema";
import { createDb } from "@homarr/db/test";
import * as integrationPermissions from "../integration-permissions";
import { hasQueryAccessToIntegrationsAsync } from "../integration-query-permissions";
const createSession = (user: Partial<Session["user"]>): Session => ({
user: {
id: "1",
permissions: [],
colorScheme: "light",
...user,
},
expires: new Date().toISOString(),
});
describe("hasQueryAccessToIntegrationsAsync should check if the user has query access to the specified integrations", () => {
test("should return true if the user has the board-view-all permission and the integrations are used anywhere", async () => {
// Arrange
const db = createDb();
const session = createSession({
permissions: ["board-view-all"],
});
const integrations = [
{
id: "1",
items: [{ item: { boardId: "1" } }],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [{ item: { boardId: "2" } }],
userPermissions: [],
groupPermissions: [],
},
];
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return true if the user has the board-view-all permission, the first integration is used and the second one he has use access", async () => {
// Arrange
const db = createDb();
const session = createSession({
permissions: ["board-view-all"],
});
const spy = vi.spyOn(integrationPermissions, "constructIntegrationPermissions");
spy.mockReturnValue({
hasFullAccess: false,
hasInteractAccess: false,
hasUseAccess: true,
});
const integrations = [
{
id: "1",
items: [{ item: { boardId: "1" } }],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [],
userPermissions: [],
groupPermissions: [],
},
];
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return true if the user has use access to all integrations", async () => {
// Arrange
const db = createDb();
const session = createSession({});
const spy = vi.spyOn(integrationPermissions, "constructIntegrationPermissions");
spy.mockReturnValue({
hasFullAccess: false,
hasInteractAccess: false,
hasUseAccess: true,
});
const integrations = [
{
id: "1",
items: [],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [],
userPermissions: [],
groupPermissions: [],
},
];
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return true if the user has user permission to access to at least one board of each integration", async () => {
// Arrange
const db = createDb();
const session = createSession({});
await db.insert(users).values({ id: session.user.id });
const spy = vi.spyOn(integrationPermissions, "constructIntegrationPermissions");
spy.mockReturnValue({
hasFullAccess: false,
hasInteractAccess: false,
hasUseAccess: false,
});
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "1",
},
},
{
item: {
boardId: "2",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1" }));
await db.insert(boardUserPermissions).values({ userId: session.user.id, boardId: "1", permission: "view" });
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return false if the user has user permission to access board of first integration but not of second one", async () => {
// Arrange
const db = createDb();
const session = createSession({});
await db.insert(users).values({ id: session.user.id });
const spy = vi.spyOn(integrationPermissions, "constructIntegrationPermissions");
spy.mockReturnValue({
hasFullAccess: false,
hasInteractAccess: false,
hasUseAccess: false,
});
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1" }));
await db.insert(boardUserPermissions).values({ userId: session.user.id, boardId: "1", permission: "view" });
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(false);
});
test("should return true if the user has group permission to access to at least one board of each integration", async () => {
// Arrange
const db = createDb();
const session = createSession({});
await db.insert(users).values({ id: session.user.id });
const spy = vi.spyOn(integrationPermissions, "constructIntegrationPermissions");
spy.mockReturnValue({
hasFullAccess: false,
hasInteractAccess: false,
hasUseAccess: false,
});
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "1",
},
},
{
item: {
boardId: "2",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1" }));
await db.insert(groups).values({ id: "1", name: "", position: 1 });
await db.insert(groupMembers).values({ userId: session.user.id, groupId: "1" });
await db.insert(boardGroupPermissions).values({ groupId: "1", boardId: "1", permission: "view" });
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return false if the user has group permission to access board of first integration but not of second one", async () => {
// Arrange
const db = createDb();
const session = createSession({});
await db.insert(users).values({ id: session.user.id });
const spy = vi.spyOn(integrationPermissions, "constructIntegrationPermissions");
spy.mockReturnValue({
hasFullAccess: false,
hasInteractAccess: false,
hasUseAccess: false,
});
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1" }));
await db.insert(groups).values({ id: "1", name: "", position: 1 });
await db.insert(groupMembers).values({ userId: session.user.id, groupId: "1" });
await db.insert(boardGroupPermissions).values({ groupId: "1", boardId: "1", permission: "view" });
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(false);
});
test("should return true if the user has user permission to access first board and group permission to access second one", async () => {
// Arrange
const db = createDb();
const session = createSession({});
await db.insert(users).values({ id: session.user.id });
const spy = vi.spyOn(integrationPermissions, "constructIntegrationPermissions");
spy.mockReturnValue({
hasFullAccess: false,
hasInteractAccess: false,
hasUseAccess: false,
});
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1" }));
await db.insert(boards).values(createMockBoard({ id: "2" }));
await db.insert(groups).values({ id: "1", name: "", position: 1 });
await db.insert(groupMembers).values({ userId: session.user.id, groupId: "1" });
await db.insert(boardGroupPermissions).values({ groupId: "1", boardId: "2", permission: "view" });
await db.insert(boardUserPermissions).values({ userId: session.user.id, boardId: "1", permission: "view" });
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return true if one of the boards the integration is used is public", async () => {
// Arrange
const db = createDb();
const session = createSession({});
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1", isPublic: true }));
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return true if the user is creator of the board the integration is used", async () => {
// Arrange
const db = createDb();
const session = createSession({});
await db.insert(users).values({ id: session.user.id });
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1", creatorId: session.user.id }));
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(true);
});
test("should return false if the user has no access to any of the integrations", async () => {
// Arrange
const db = createDb();
const session = createSession({});
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, session);
// Assert
expect(result).toBe(false);
});
test("should return false if the user is anonymous and the board is not public", async () => {
// Arrange
const db = createDb();
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1" }));
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, null);
// Assert
expect(result).toBe(false);
});
test("should return true if the user is anonymous and the board is public", async () => {
// Arrange
const db = createDb();
const integrations = [
{
id: "1",
items: [
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
{
id: "2",
items: [
{
item: {
boardId: "2",
},
},
{
item: {
boardId: "1",
},
},
],
userPermissions: [],
groupPermissions: [],
},
];
await db.insert(boards).values(createMockBoard({ id: "1", isPublic: true }));
// Act
const result = await hasQueryAccessToIntegrationsAsync(db, integrations, null);
// Assert
expect(result).toBe(true);
});
});
const createMockBoard = (board: Partial<InferInsertModel<typeof boards>>): InferInsertModel<typeof boards> => ({
id: createId(),
name: board.id ?? createId(),
...board,
});