bbf9274d37
* chore: upgrade Vitest to 4.0.16 and Vite to 6.4.1 - Update vitest from 2.1.9 to 4.0.16 - Update @vitest/ui from 2.1.9 to 4.0.16 - Update vitest-fetch-mock from 0.3.0 to 0.4.5 - Update vitest-mock-extended from 2.0.2 to 3.1.0 - Update vite from 4.5.14/5.4.21 to 6.4.1 across all packages - Update @vitejs/plugin-react to 5.1.2 - Update @vitejs/plugin-react-swc to 4.2.2 - Update @vitejs/plugin-basic-ssl to 2.1.0 - Update vite-plugin-dts to 4.5.4 - Rename vitest.config.ts to vitest.config.mts for ESM compatibility - Add globals: true to vitest config Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: address Vitest 4.0 and Vite 6 breaking changes - Convert arrow function mockImplementation patterns to regular functions (Vitest 4.0 breaking change: arrow functions can't be constructor mocks) - Fix CSS imports with ?inline suffix for Vite 6 compatibility - Add biome override to disable useArrowFunction rule for test files - Fix syntax errors in test files introduced by regex replacements Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix remaining Vitest 4.0 constructor mock patterns Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix more Vitest 4.0 constructor mock patterns and exclude API v2 spec files Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more arrow function mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more arrow function mocks to regular functions for Vitest 4.0 - Fix CrmService.integration.test.ts jsforce.Connection mock - Fix RetellSDKClient.test.ts Retell mock - Fix RetellAIService.test.ts CreditService mocks - Fix GoogleCalendarSubscriptionAdapter.test.ts CalendarAuth mock Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert Google Calendar and OAuthManager arrow function mocks for Vitest 4.0 - Fix googleapis.ts Calendar, OAuth2Client, and JWT mocks - Fix utils.ts JWT mock - Fix OAuthManager.ts defaultMockOAuthManager mock Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add React plugin, jsdom environment, and fix more constructor mocks for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert HostRepository PrismaClient mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add useOrgBranding mock to React component tests for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: update TestFunction type for Vitest 4.0 compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert listBookingReports constructor mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert UserRepository constructor mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert OrganizationPaymentService constructor mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more constructor mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add apps/web path aliases to vitest config Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix test issues for Vitest 4.0 compatibility - Fix Response constructor 204 status code issue in testUtils.ts - Fix FeaturesRepository mock persistence in handleNotificationWhenNoSlots.test.ts - Add @vitest-environment node directive to formSubmissionUtils.test.ts - Fix document.querySelector mock in embed.test.ts Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: clear EventManager spy between tests for Vitest 4.0 compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: update TeamRepository mock pattern for Vitest 4.0 compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert RoutingFormResponseRepository mock to regular function for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: convert more constructor mocks to regular functions for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix mock reset and spy clear issues for Vitest 4.0 Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: fix remaining test failures for Vitest 4.0 upgrade - Fix booking-validations.test.ts: convert UserRepository mock to regular function - Fix route.test.ts: update 500 error test to mock ImageResponse instead of fetch - Fix users-public-view.test.tsx: add missing mocks for getOrgFullOrigin and useRouterQuery - Add @calcom/web path alias to vitest config Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add vitest-mocks for generated files that don't exist in CI - Add svg-hashes.json mock for route.test.ts - Add tailwind.generated.css mock for embed.test.ts - Update vitest config to use mock files Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: update vitest config aliases for CI compatibility - Use array format for aliases to ensure proper ordering - Add @calcom/platform-constants alias to resolve from source - Add @calcom/embed-react alias to resolve from source - Ensure svg-hashes.json mock alias is matched before @calcom/web Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: add @calcom/embed-snippet alias for CI compatibility Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * Fix wrong test * fix: migrate from CLI flags to VITEST_MODE env var for Vitest 4.0 Vitest 4.0 no longer allows custom CLI flags like --packaged-embed-tests-only. This change migrates to using VITEST_MODE environment variable instead: - VITEST_MODE=packaged-embed for packaged embed tests - VITEST_MODE=integration for integration tests - VITEST_MODE=timezone for timezone-dependent tests Updated vitest.config.mts to handle mode-based include/exclude patterns. Updated CI workflows and package scripts to use the new env var approach. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: return default include pattern instead of undefined in vitest config The getTestInclude() function was returning undefined for the default case, but Vitest 4.0 expects an array. This caused 'resolved.include is not iterable' error in CI. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: always set INTEGRATION_TEST_MODE for jsdom environment The getBookingFields.ts file checks for INTEGRATION_TEST_MODE to allow server-side imports in the jsdom environment. Without this, tests fail with 'getBookingFields must not be imported on the client side' error. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> * fix: support legacy CLI flags for backwards compatibility with main workflow The CI runs workflows from main branch, which uses the old CLI flag approach (yarn test -- --integrationTestsOnly). This commit adds backwards compatibility by checking both VITEST_MODE env var and process.argv for the legacy flags. Co-Authored-By: Volnei Munhoz <volnei.munhoz@gmail.com> --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
268 lines
11 KiB
TypeScript
268 lines
11 KiB
TypeScript
import { describe, it, expect, beforeEach, vi, type Mock } from "vitest";
|
|
|
|
import { PermissionCheckService } from "@calcom/features/pbac/services/permission-check.service";
|
|
import { BookingRepository } from "@calcom/features/bookings/repositories/BookingRepository";
|
|
import { MembershipRepository } from "@calcom/features/membership/repositories/MembershipRepository";
|
|
import { MembershipRole } from "@calcom/prisma/enums";
|
|
|
|
import { BookingAuditAccessService, BookingAuditErrorCode, BookingAuditPermissionError } from "../BookingAuditAccessService";
|
|
|
|
vi.mock("@calcom/features/pbac/services/permission-check.service");
|
|
vi.mock("@calcom/features/bookings/repositories/BookingRepository");
|
|
vi.mock("@calcom/features/membership/repositories/MembershipRepository");
|
|
const DB = {
|
|
bookings: {} as Record<string, {
|
|
uid: string;
|
|
userId: number | null;
|
|
eventType: {
|
|
teamId: number | null;
|
|
parent: { teamId: number } | null;
|
|
hosts: never[];
|
|
users: never[];
|
|
};
|
|
user: { id: number; email: string };
|
|
attendees: never[];
|
|
}>,
|
|
memberships: {} as Record<string, boolean>,
|
|
}
|
|
|
|
const createMockTeamBooking = (overrides: {
|
|
bookingUid: string;
|
|
userId?: number;
|
|
teamId?: number | null;
|
|
parentTeamId?: number;
|
|
}) => {
|
|
const booking = {
|
|
uid: overrides.bookingUid,
|
|
userId: overrides?.userId ?? 456,
|
|
eventType: {
|
|
teamId: (overrides && "teamId" in overrides ? overrides.teamId : overrides?.teamId ?? 100) ?? null,
|
|
parent: (overrides?.parentTeamId ? { teamId: overrides.parentTeamId } : undefined) ?? null,
|
|
hosts: [],
|
|
users: []
|
|
},
|
|
user: {
|
|
id: overrides?.userId ?? 456,
|
|
email: "test@example.com",
|
|
},
|
|
attendees: [],
|
|
}
|
|
DB.bookings[booking.uid] = booking;
|
|
return booking;
|
|
}
|
|
|
|
const createMockPersonalBooking = (overrides: { userId?: number; bookingUid: string }) => {
|
|
const booking = {
|
|
uid: overrides.bookingUid,
|
|
userId: overrides?.userId ?? 456,
|
|
eventType: {
|
|
teamId: null,
|
|
parent: null,
|
|
hosts: [],
|
|
users: [],
|
|
},
|
|
attendees: [],
|
|
user: {
|
|
id: overrides?.userId ?? 456,
|
|
email: "test@example.com",
|
|
},
|
|
};
|
|
DB.bookings[booking.uid] = booking;
|
|
return booking;
|
|
}
|
|
|
|
const createMockMembership = ({ userId, teamId }: { userId: number; teamId: number }) => {
|
|
const key = `${userId}-${teamId}`;
|
|
DB.memberships[key] = true;
|
|
};
|
|
|
|
type MockPermissionCheckService = {
|
|
checkPermission: Mock<PermissionCheckService["checkPermission"]>;
|
|
}
|
|
|
|
const provideReadTeamAuditLogsPermission = ({ mockPermissionCheckService, value, targetUserId, targetTeamId }: { mockPermissionCheckService: MockPermissionCheckService, value: boolean, targetUserId: number, targetTeamId: number }) => {
|
|
mockPermissionCheckService.checkPermission.mockImplementation(({ userId, teamId, permission, _fallbackRoles }) => {
|
|
if (permission === "booking.readTeamAuditLogs" && userId === targetUserId && teamId === targetTeamId) {
|
|
return Promise.resolve(value);
|
|
}
|
|
return Promise.resolve(false);
|
|
});
|
|
}
|
|
|
|
const provideReadOrgAuditLogsPermission = ({ mockPermissionCheckService, value, targetUserId, targetTeamId }: { mockPermissionCheckService: MockPermissionCheckService, value: boolean, targetUserId: number, targetTeamId: number }) => {
|
|
mockPermissionCheckService.checkPermission.mockImplementation(({ userId, teamId, permission, _fallbackRoles }) => {
|
|
if (permission === "booking.readOrgAuditLogs" && userId === targetUserId && teamId === targetTeamId) {
|
|
return Promise.resolve(value);
|
|
}
|
|
return Promise.resolve(false);
|
|
});
|
|
}
|
|
|
|
const mockBookingRepository: {
|
|
findByUidIncludeEventType: Mock<BookingRepository["findByUidIncludeEventType"]>;
|
|
} = {
|
|
findByUidIncludeEventType: vi.fn().mockImplementation(({ bookingUid }) => {
|
|
return Promise.resolve(DB.bookings[bookingUid] ?? null);
|
|
}),
|
|
};
|
|
|
|
const mockMembershipRepository: {
|
|
hasMembership: Mock<MembershipRepository["hasMembership"]>;
|
|
} = {
|
|
hasMembership: vi.fn().mockImplementation(({ userId, teamId }) => {
|
|
const key = `${userId}-${teamId}`;
|
|
return Promise.resolve(DB.memberships[key] ?? false);
|
|
}),
|
|
};
|
|
|
|
describe("BookingAuditAccessService - Permission Checks", () => {
|
|
let service: BookingAuditAccessService;
|
|
let mockPermissionCheckService: MockPermissionCheckService;
|
|
|
|
beforeEach(() => {
|
|
vi.clearAllMocks();
|
|
|
|
// Clear in-memory DB
|
|
DB.bookings = {};
|
|
DB.memberships = {};
|
|
|
|
mockPermissionCheckService = {
|
|
checkPermission: vi.fn(),
|
|
};
|
|
|
|
vi.mocked(BookingRepository).mockImplementation(function() { return mockBookingRepository as unknown as BookingRepository; });
|
|
vi.mocked(MembershipRepository).mockImplementation(function() { return mockMembershipRepository as unknown as MembershipRepository; });
|
|
vi.mocked(PermissionCheckService).mockImplementation(function() { return mockPermissionCheckService as unknown as PermissionCheckService; });
|
|
|
|
service = new BookingAuditAccessService({
|
|
bookingRepository: mockBookingRepository as unknown as BookingRepository,
|
|
membershipRepository: mockMembershipRepository as unknown as MembershipRepository,
|
|
});
|
|
});
|
|
|
|
describe("assertPermissions - Team Bookings", () => {
|
|
it("should grant access when user has booking.readTeamAuditLogs permission for the booking's team", async () => {
|
|
const bookingUid = "test-booking-uid";
|
|
const userId = 123;
|
|
const teamId = 100;
|
|
createMockTeamBooking({ teamId, bookingUid });
|
|
provideReadTeamAuditLogsPermission({ mockPermissionCheckService, value: true, targetUserId: userId, targetTeamId: teamId });
|
|
|
|
await expect(service.assertPermissions({ bookingUid, userId, organizationId: 200 })).resolves.not.toThrow();
|
|
});
|
|
|
|
it("should throw PERMISSION_DENIED error when user lacks booking.readTeamAuditLogs permission and also doesn't even have a membership in the organization for the booking's team", async () => {
|
|
const bookingUid = "test-booking-uid";
|
|
const userId = 123;
|
|
const teamId = 100;
|
|
const organizationId = 200;
|
|
createMockTeamBooking({ teamId, bookingUid, userId: 456 });
|
|
createMockMembership({ userId: 456, teamId: organizationId });
|
|
provideReadTeamAuditLogsPermission({ mockPermissionCheckService, value: false, targetUserId: userId, targetTeamId: teamId });
|
|
provideReadOrgAuditLogsPermission({ mockPermissionCheckService, value: false, targetUserId: userId, targetTeamId: organizationId });
|
|
const promise = service.assertPermissions({ bookingUid, userId, organizationId });
|
|
await expect(promise).rejects.toThrow(BookingAuditPermissionError);
|
|
await expect(promise).rejects.toThrow(BookingAuditErrorCode.PERMISSION_DENIED);
|
|
});
|
|
});
|
|
|
|
describe("assertPermissions - Organization Bookings (Personal)", () => {
|
|
it("should grant access to personal bookings when user is an org member and has booking.readOrgAuditLogs permission for the organization", async () => {
|
|
const bookingUid = "test-booking-uid";
|
|
const userId = 123;
|
|
const organizationId = 200;
|
|
createMockPersonalBooking({ userId: 456, bookingUid });
|
|
createMockMembership({ userId: 456, teamId: organizationId });
|
|
provideReadOrgAuditLogsPermission({ mockPermissionCheckService, value: true, targetUserId: userId, targetTeamId: organizationId });
|
|
|
|
await service.assertPermissions({ bookingUid, userId, organizationId });
|
|
|
|
expect(mockPermissionCheckService.checkPermission).toHaveBeenCalledWith({
|
|
userId,
|
|
teamId: organizationId,
|
|
permission: "booking.readOrgAuditLogs",
|
|
fallbackRoles: [MembershipRole.OWNER, MembershipRole.ADMIN],
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("assertPermissions - Managed Events", () => {
|
|
it("should grant access to managed event's booking when user has booking.readTeamAuditLogs permission on parent event's team", async () => {
|
|
const bookingUid = "test-booking-uid";
|
|
const userId = 123;
|
|
const parentTeamId = 500;
|
|
createMockTeamBooking({ teamId: null, parentTeamId, bookingUid });
|
|
provideReadTeamAuditLogsPermission({ mockPermissionCheckService, value: true, targetUserId: userId, targetTeamId: parentTeamId });
|
|
|
|
await service.assertPermissions({ bookingUid, userId, organizationId: 200 });
|
|
|
|
expect(mockPermissionCheckService.checkPermission).toHaveBeenCalledWith({
|
|
userId,
|
|
teamId: parentTeamId,
|
|
permission: "booking.readTeamAuditLogs",
|
|
fallbackRoles: [MembershipRole.OWNER, MembershipRole.ADMIN],
|
|
});
|
|
});
|
|
|
|
it("should throw error when user lacks booking.readTeamAuditLogs permission on parent team", async () => {
|
|
const bookingUid = "test-booking-uid";
|
|
const userId = 123;
|
|
const parentTeamId = 500;
|
|
const organizationId = 200;
|
|
createMockTeamBooking({ teamId: null, parentTeamId, bookingUid, userId: 456 });
|
|
createMockMembership({ userId: 456, teamId: organizationId });
|
|
provideReadTeamAuditLogsPermission({ mockPermissionCheckService, value: false, targetUserId: userId, targetTeamId: parentTeamId });
|
|
provideReadOrgAuditLogsPermission({ mockPermissionCheckService, value: false, targetUserId: userId, targetTeamId: organizationId });
|
|
|
|
await expect(service.assertPermissions({ bookingUid, userId, organizationId })).rejects.toThrow(BookingAuditPermissionError);
|
|
});
|
|
});
|
|
|
|
describe("assertPermissions - Edge Cases", () => {
|
|
it("should throw error when organizationId is null", async () => {
|
|
await expect(service.assertPermissions({ bookingUid: "test-booking-uid", userId: 123, organizationId: null })).rejects.toThrow(BookingAuditPermissionError);
|
|
await expect(service.assertPermissions({ bookingUid: "test-booking-uid", userId: 123, organizationId: null })).rejects.toThrow(BookingAuditErrorCode.ORGANIZATION_ID_REQUIRED);
|
|
});
|
|
|
|
it("should throw error when booking not found", async () => {
|
|
const bookingUid = "non-existent-booking-uid";
|
|
// Don't create any booking in DB
|
|
|
|
await expect(service.assertPermissions({ bookingUid, userId: 123, organizationId: 200 })).rejects.toThrow(BookingAuditPermissionError);
|
|
await expect(service.assertPermissions({ bookingUid, userId: 123, organizationId: 200 })).rejects.toThrow(BookingAuditErrorCode.BOOKING_NOT_FOUND_OR_PERMISSION_DENIED);
|
|
});
|
|
|
|
it("should throw error when booking has no userId", async () => {
|
|
const bookingUid = "test-booking-uid";
|
|
const booking = {
|
|
uid: bookingUid,
|
|
userId: null,
|
|
eventType: {
|
|
teamId: null,
|
|
parent: null,
|
|
hosts: [],
|
|
users: [],
|
|
},
|
|
attendees: [],
|
|
user: {
|
|
id: 456,
|
|
email: "test@example.com",
|
|
},
|
|
};
|
|
DB.bookings[bookingUid] = booking;
|
|
|
|
await expect(service.assertPermissions({ bookingUid, userId: 123, organizationId: 200 })).rejects.toThrow(BookingAuditPermissionError);
|
|
await expect(service.assertPermissions({ bookingUid, userId: 123, organizationId: 200 })).rejects.toThrow(BookingAuditErrorCode.BOOKING_HAS_NO_OWNER);
|
|
});
|
|
|
|
it("should throw error when booking owner is not member of organization", async () => {
|
|
const bookingUid = "test-booking-uid";
|
|
createMockPersonalBooking({ userId: 456, bookingUid });
|
|
// Don't create membership for userId 456 in organization 200
|
|
|
|
await expect(service.assertPermissions({ bookingUid, userId: 123, organizationId: 200 })).rejects.toThrow(BookingAuditPermissionError);
|
|
await expect(service.assertPermissions({ bookingUid, userId: 123, organizationId: 200 })).rejects.toThrow(BookingAuditErrorCode.OWNER_NOT_IN_ORGANIZATION);
|
|
});
|
|
});
|
|
});
|