AcadeNice/Wiki
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions
Wiki/bridge/tests/middleware/scopes.test.ts
Corentin JOGUET 2ed73fa948
Some checks are pending
CI / Lint bridge (Biome) (push) Waiting to run
Details
CI / Type-check bridge (push) Blocked by required conditions
Details
CI / Tests unit bridge (push) Blocked by required conditions
Details
CI / Tests integration bridge (push) Blocked by required conditions
Details
CI / Security scan (push) Waiting to run
Details
CI / Docker build + healthcheck (push) Blocked by required conditions
Details
feat(bridge): R1 refactor proxy generique style Notion 
Pivot strategique : DocAdenice = produit Notion-like generique. Le bridge
est livre vide a un user qui cree ses tables Baserow comme il veut. Code
sans aucune ontologie metier.

Suppressions :
- 9 entites domain metier (Personne, Formation, Bloc, Module, Attribution,
  Client, Projet, Tache, Intervention) + types.ts (Role, statuts)
- baserow-repo.ts (mega-fichier 554 LOC avec 9 repos heritant BaseRepo)
- 6 routes metier (personnes, formations, projets, modules, interventions,
  attributions) + tests associes
- Lookup PersonneRepo.findByEmail dans middleware auth
- Mapping DEFAULT_ROLE_SCOPES dans middleware/scopes.ts
- Cascade rollup metier dans webhooks/baserow-handler.ts

Ajouts :
- Domain generique : Table, Row, Field, View + schemas zod refondus
- 4 repos generiques : tables / rows / fields / views
- Route unique routes/tables.ts avec 9 endpoints REST CRUD generiques
- Claim JWT acadenice_permissions[] lu directement dans le middleware auth
  (alimente par RBAC dynamique cote DocAdenice en R2)
- examples/acadenice-formation-hub/ : README + seed-baserow.md schema
  9 tables + example-roles.md (Formateur, Developpeur, Direction, Support,
  Admin avec permissions generiques)

Refactors :
- BaserowClient etendu : listTables, getTable, listFields, listViews,
  getGridViewRows
- middleware/auth.ts : extractPermissions(payload), AuthenticatedUser
  remplace roles[] par permissions[]
- middleware/scopes.ts : computeOidcScopes(groups, permissions, map)
- webhooks/baserow-handler.ts : invalidation generique
  bridge:tables:<tableId>:* sans cascade cross-table
- lib/cache.ts : invalidateEntity -> invalidateTable(redis, tableId, rowId?)
- container.ts : drop tableIds, RepoSet={tables, rows, fields, views}
- 501 NOT_IMPLEMENTED si DB token sur endpoints /tables qui exigent JWT

Tests : 250/250 verts (depuis 319). Coverage : domain 98.9%, adapters 89%,
auth 97.08%, rate-limit 100%, cache 100%, webhooks 100%.

Quality gates verts : typecheck, lint biome, vitest, coverage thresholds.

Refs: R1 dans le pivot strategique DocAdenice Notion-like generique.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-07 22:12:32 +02:00

66 lines
2.4 KiB
TypeScript
Raw Blame History

import { describe, expect, it } from 'vitest';
import { computeOidcScopes, parseGroupsScopesMap } from '../../src/middleware/scopes.js';
describe('parseGroupsScopesMap', () => {
it('retourne {} si vide', () => {
expect(parseGroupsScopesMap(undefined)).toEqual({});
expect(parseGroupsScopesMap('')).toEqual({});
});
it('parse un mapping valide', () => {
const map = parseGroupsScopesMap('{"g1":["a","b"],"g2":["c"]}');
expect(map).toEqual({ g1: ['a', 'b'], g2: ['c'] });
});
it('throw si JSON invalide', () => {
expect(() => parseGroupsScopesMap('{')).toThrow(/JSON/);
});
it('throw si pas un objet', () => {
expect(() => parseGroupsScopesMap('[1,2]')).toThrow(/objet/);
expect(() => parseGroupsScopesMap('"x"')).toThrow(/objet/);
});
it('throw si valeur pas array of strings', () => {
expect(() => parseGroupsScopesMap('{"g":[1]}')).toThrow();
expect(() => parseGroupsScopesMap('{"g":"x"}')).toThrow();
});
});
describe('computeOidcScopes (R1 generique)', () => {
it('union groups + permissions + dedup', () => {
const scopes = computeOidcScopes(['group-formateurs'], ['custom:perm', 'read:tables'], {
'group-formateurs': ['read:tables', 'admin:custom'],
});
expect(scopes).toContain('read:tables');
expect(scopes).toContain('admin:custom');
expect(scopes).toContain('custom:perm');
// Dedup : read:tables apparait une seule fois
expect(scopes.filter((s) => s === 'read:tables')).toHaveLength(1);
});
it("group inconnu ignore (pas d'erreur)", () => {
const scopes = computeOidcScopes(['unknown-group'], [], {});
expect(scopes).toEqual([]);
});
it('aucun group + aucune permission = scopes vides', () => {
expect(computeOidcScopes([], [], {})).toEqual([]);
});
it('permissions explicites sans group fonctionnent (claim direct du JWT)', () => {
const scopes = computeOidcScopes([], ['read:tables', 'write:tables'], {});
expect(scopes).toContain('read:tables');
expect(scopes).toContain('write:tables');
});
it('ignore les permissions non-strings ou vides', () => {
const scopes = computeOidcScopes([], ['ok', '', 'also-ok'], {});
expect(scopes).toEqual(['also-ok', 'ok']);
});
it('output trie alphabetiquement (stabilite)', () => {
const scopes = computeOidcScopes(['g'], ['z', 'a'], { g: ['m', 'b'] });
expect(scopes).toEqual(['a', 'b', 'm', 'z']);
});
});
Reference in a new issue View git blame Copy permalink