import { expect, test } from 'bun:test'; import user from '../endpoints/user'; import { UnwrappedRequest } from '../utilities/guard'; import { Claims } from '../orm/claims'; import { orm } from '../orm/orm'; import { User } from '../orm/user'; test('Create user as admin', async () => { const claims = new Claims(); claims.claims.push(Claims.ADMIN); const request = new UnwrappedRequest({ claims, request: null, json: { username: 'test1', password: 'test123', }, params: {}, }); const response = await user.create(request); expect(response.status).toBe(201); expect(response.body).toBeDefined(); }); test('Create user without read access', async () => { const claims = new Claims(); claims.claims.push(Claims.USERS.CREATE); const request = new UnwrappedRequest({ claims, request: null, json: { username: 'test2', password: 'test123', }, params: {}, }); const response = await user.create(request); expect(response.status).toBe(201); expect(response.body).toBeNull(); }); test('Create user that already exists', async () => { const claims = new Claims(); claims.claims.push(Claims.USERS.CREATE); const request = new UnwrappedRequest({ claims, request: null, json: { username: 'test2', password: 'test123', }, params: {}, }); const response = await user.create(request); expect(response.status).toBe(400); }); test('Get user', async () => { const claims = new Claims(); claims.claims.push(Claims.USERS.OTHER.READ); const request = new UnwrappedRequest({ claims, request: null, params: { id: 1, }, }); const response = await user.get(request); const retrievedUser = await response.json(); expect(response.status).toBe(200); expect(retrievedUser.id).toBe('1'); }); test('Get user self with only self read permission', async () => { const claims = new Claims(); claims.userId = '1'; claims.claims.push(Claims.USERS.OTHER.READ); const request = new UnwrappedRequest({ claims, request: null, params: { id: 1, }, }); const response = await user.get(request); const retrievedUser = await response.json(); expect(response.status).toBe(200); expect(retrievedUser.id).toBe('1'); }); test('Get other user without read permissions', async () => { const claims = new Claims(); claims.userId = '2'; claims.claims.push(Claims.USERS.SELF.READ); const request = new UnwrappedRequest({ claims, request: null, params: { id: 1, }, }); const response = await user.get(request); expect(response.status).toBe(401); }); test("Get user that doesn't exist", async () => { const claims = new Claims(); claims.claims.push(Claims.ADMIN); const request = new UnwrappedRequest({ claims, request: null, params: { id: 101, }, }); const response = await user.get(request); expect(response.status).toBe(404); }); test('Update user', async () => { const claims = new Claims(); claims.claims.push(Claims.ADMIN); const request = new UnwrappedRequest({ claims, request: null, json: { isAdmin: true, }, params: { id: 2, }, }); const response = await user.update(request); expect(response.status).toBe(200); expect(response.body).toBeDefined(); }); test('Update user without read access', async () => { const claims = new Claims(); claims.userId = '1'; claims.claims.push(Claims.USERS.OTHER.UPDATE); const request = new UnwrappedRequest({ claims, request: null, json: { isAdmin: true, }, params: { id: 2, }, }); const response = await user.update(request); expect(response.status).toBe(200); expect(response.body).toBeNull(); }); test('Update user without permissions', async () => { const claims = new Claims(); claims.userId = '1'; const request = new UnwrappedRequest({ claims, request: null, json: { isAdmin: true, }, params: { id: 2, }, }); const response = await user.update(request); expect(response.status).toBe(401); }); test("Update user that doesn't exist", async () => { const claims = new Claims(); claims.userId = '1'; claims.claims.push(Claims.ADMIN); const request = new UnwrappedRequest({ claims, request: null, json: { isAdmin: true, }, params: { id: 101, }, }); const response = await user.update(request); expect(response.status).toBe(404); }); test('Delete user', async () => { const claims = new Claims(); claims.claims.push(Claims.ADMIN); const createdUser = (await orm.users.create('test3', 'test123')) as User; const request = new UnwrappedRequest({ claims, request: null, params: { id: createdUser.id, }, }); const response = await user.drop(request); expect(response.status).toBe(200); }); test('Delete user without delete permissions', async () => { const claims = new Claims(); const createdUser = (await orm.users.create('test4', 'test123')) as User; const request = new UnwrappedRequest({ claims, request: null, params: { id: createdUser.id, }, }); const response = await user.drop(request); expect(response.status).toBe(401); }); test('Delete self user with only self delete permissions', async () => { const claims = new Claims(); claims.claims.push(Claims.USERS.SELF.DELETE); const createdUser = (await orm.users.create('test5', 'test123')) as User; claims.userId = createdUser.id; const request = new UnwrappedRequest({ claims, request: null, params: { id: createdUser.id, }, }); const response = await user.drop(request); expect(response.status).toBe(200); }); test('Delete other user with only self delete permissions', async () => { const claims = new Claims(); claims.userId = '1'; claims.claims.push(Claims.USERS.SELF.DELETE); const createdUser = (await orm.users.create('test6', 'test123')) as User; const request = new UnwrappedRequest({ claims, request: null, params: { id: createdUser.id, }, }); const response = await user.drop(request); expect(response.status).toBe(401); });