vikunja/veans/internal/client/routes_test.go

106 lines
3.5 KiB
Go

// Vikunja is a to-do list application to facilitate your life.
// Copyright 2018-present Vikunja and contributors. All rights reserved.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package client
import (
"slices"
"testing"
)
func TestPermissionsForBot_DropsUnknownGroups(t *testing.T) {
// Server only exposes a subset of what we ask for.
server := map[string]RouteGroup{
"tasks": {
"read_one": {},
"read_all": {},
"create": {},
"update": {},
// "delete" intentionally absent
},
"projects": {
"read_one": {},
"read_all": {},
},
// no "labels", no "comments", etc.
}
got := PermissionsForBot(server)
if _, ok := got["tasks"]; !ok {
t.Fatalf("expected tasks group in result")
}
for _, a := range got["tasks"] {
if a == "delete" {
t.Errorf("delete should have been dropped")
}
}
if _, ok := got["projects"]; !ok {
t.Fatalf("expected projects group")
}
if _, ok := got["labels"]; ok {
t.Errorf("labels was not on server, should not appear in result")
}
if _, ok := got["nonexistent_group"]; ok {
t.Errorf("phantom group leaked into result")
}
}
func TestPermissionsForBot_EmptyWhenServerIsEmpty(t *testing.T) {
got := PermissionsForBot(map[string]RouteGroup{})
if len(got) != 0 {
t.Fatalf("expected empty map, got %v", got)
}
}
// TestPermissionsForBot_ProjectsBucketScopes pins the project-group scopes the
// bot needs for the v2 kanban-bucket calls: list/create/update/delete buckets
// plus the bucket-task MOVE. The MOVE and the buckets-with-tasks LIST collide
// on the `views_buckets_tasks` subkey and the bare-vs-_put assignment depends
// on unspecified route-init order, so the bot must request BOTH keys; the
// runtime intersection keeps whichever the server actually exposes.
func TestPermissionsForBot_ProjectsBucketScopes(t *testing.T) {
// A server that registered the move under the bare key and the list under
// the _put key (one of the two possible orderings).
server := map[string]RouteGroup{
"projects": {
"read_one": {},
"read_all": {},
"tasks_by-index": {},
"views_buckets": {}, // list buckets
"views_buckets_post": {}, // create bucket
"views_buckets_put": {}, // update bucket
"views_buckets_delete": {}, // delete bucket
"views_buckets_tasks": {}, // bucket-task move OR buckets-with-tasks list
"views_buckets_tasks_put": {}, // the other of the colliding pair
},
}
got := PermissionsForBot(server)
projects, ok := got["projects"]
if !ok {
t.Fatalf("expected projects group in result")
}
want := []string{
"read_one", "read_all", "tasks_by-index",
"views_buckets", "views_buckets_post", "views_buckets_put",
"views_buckets_delete", "views_buckets_tasks", "views_buckets_tasks_put",
}
for _, w := range want {
if !slices.Contains(projects, w) {
t.Errorf("projects scope %q missing from bot grant; got %v", w, projects)
}
}
}