hasPermission.spec.ts 3.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
  1. // Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. import hasPermission from '../hasPermission'
  3. describe('hasPermission', () => {
  4. it('no access when permissions are required, but no permission are present', () => {
  5. expect(hasPermission('ticket.agent', [])).toBe(false)
  6. })
  7. it('access granted when permissions are required and needed permission exists', () => {
  8. expect(hasPermission('ticket.agent', ['ticket.agent'])).toBe(true)
  9. })
  10. it('access granted when only parent permission exists', () => {
  11. expect(hasPermission('ticket.agent', ['ticket'])).toBe(true)
  12. })
  13. it('access granted when multiple permissions exists', () => {
  14. expect(
  15. hasPermission('ticket.agent', ['ticket.customer', 'ticket.agent']),
  16. ).toBe(true)
  17. })
  18. it('access granted when multiple required permissions exists', () => {
  19. expect(
  20. hasPermission(['ticket.agent', 'ticket.customer'], ['ticket.agent']),
  21. ).toBe(true)
  22. })
  23. describe('with wildcard usage', () => {
  24. it('access granted if any permission gives access', () => {
  25. expect(hasPermission('*', [])).toBe(true)
  26. })
  27. it('no access for any sub permission, without a sub permission', () => {
  28. expect(hasPermission('admin.*', [])).toBe(false)
  29. })
  30. it('access granted when a sub permission exists', () => {
  31. expect(hasPermission('ticket.*', ['ticket.agent'])).toBe(true)
  32. })
  33. it('access granted when only parent permission exists', () => {
  34. expect(hasPermission('ticket.*', ['ticket'])).toBe(true)
  35. })
  36. it('no access when only similar parent permission exists', () => {
  37. expect(hasPermission('ticket.*', ['ticketing'])).toBe(false)
  38. })
  39. it('access granted with wildcard in a deeper level and when only parent permission exists', () => {
  40. expect(hasPermission('ticket.agent.*', ['ticket'])).toBe(true)
  41. })
  42. it('access granted with wildcard in the middle of a requird permission', () => {
  43. expect(hasPermission('ticket.*.test', ['ticket.agent.test'])).toBe(true)
  44. })
  45. it('access granted with a complex structure and wildcard usage', () => {
  46. expect(
  47. hasPermission('ticket.*.test.*.view', ['ticket.agent.test.foo.view']),
  48. ).toBe(true)
  49. })
  50. it('no access with a complex structure and wildcard usage', () => {
  51. expect(
  52. hasPermission('ticket.*.test.*.view', ['ticket.agent.asd.foo.view']),
  53. ).toBe(false)
  54. })
  55. })
  56. describe('with a "AND" combination', () => {
  57. it('access granted when both combinated permission exists', () => {
  58. expect(
  59. hasPermission('ticket.agent+ticket.customer', [
  60. 'ticket.customer',
  61. 'ticket.agent',
  62. ]),
  63. ).toBe(true)
  64. })
  65. it('no access when not both combinated permission exists', () => {
  66. expect(
  67. hasPermission('ticket.agent+ticket.customer', [
  68. 'ticket.customer',
  69. 'admin',
  70. ]),
  71. ).toBe(false)
  72. })
  73. })
  74. describe('with a "AND" combination together with a wildcard', () => {
  75. it('access granted when both combinated permission exists', () => {
  76. expect(
  77. hasPermission('ticket.*+admin.chat', ['ticket.customer', 'admin.chat']),
  78. ).toBe(true)
  79. })
  80. })
  81. })