add more tests and permission checkers

2025-04-28 05:33:14 +00:00 · 2024-09-13 18:40:44 +00:00 · 2024-09-13 18:40:44 +00:00 · 9b69959136
commit 9b69959136
parent 9583fdab78
2 changed files with 109 additions and 0 deletions
--- a/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js
@ -460,6 +460,56 @@ SqlTiddlerDatabase.prototype.getRecipeTiddler = function(title,recipe_name) {
 	};
 };

+/*
+Checks if a user has permission to access a recipe
+*/
+SqlTiddlerDatabase.prototype.hasRecipePermission = function(userId, recipeName) {
+	const hasPermission = this.engine.runStatementGet(`
+		SELECT 1
+		FROM users u
+		JOIN user_roles ur ON u.user_id = ur.user_id
+		JOIN role_permissions rp ON ur.role_id = rp.role_id
+		JOIN permissions p ON rp.permission_id = p.permission_id
+		JOIN acl ON rp.role_id = acl.role_id AND rp.permission_id = acl.permission_id
+		JOIN recipes r ON acl.entity_id = r.recipe_id
+		WHERE u.user_id = $user_id
+		AND r.recipe_name = $recipe_name
+		AND p.permission_name = 'read'
+		AND acl.entity_type = 'recipe'
+		LIMIT 1
+	`, {
+		$user_id: userId,
+		$recipe_name: recipeName
+	});
+
+	return hasPermission;
+};
+
+/*
+Checks if a user has permission to access a bag
+*/
+SqlTiddlerDatabase.prototype.hasBagPermission = function(userId, bagName, permissionName) {
+	const hasBagPermission = this.engine.runStatementGet(`
+		SELECT 1
+		FROM users u
+		JOIN user_roles ur ON u.user_id = ur.user_id
+		JOIN role_permissions rp ON ur.role_id = rp.role_id
+		JOIN permissions p ON rp.permission_id = p.permission_id
+		JOIN acl ON rp.role_id = acl.role_id AND rp.permission_id = acl.permission_id
+		JOIN bags b ON acl.entity_id = b.bag_id
+		WHERE u.user_id = $user_id
+		AND b.bag_name = $bag_name
+		AND p.permission_name = 'read'
+		AND acl.entity_type = 'bag'
+		LIMIT 1
+	`, {
+		$user_id: userId,
+		$bag_name: bagName
+	});
+
+	return hasBagPermission;
+};
+
 /*
 Get the titles of the tiddlers in a bag. Returns an empty array for bags that do not exist
 */
--- a/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js
+++ b/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js
@ -164,6 +164,65 @@ function runSqlDatabaseTests(engine) {
 		sqlTiddlerDatabase.deleteGroup(groupId2);
 		// expect(sqlTiddlerDatabase.getGroup(groupId2)).toBe(null || undefined);
 	});
+
+
+	it("should manage roles correctly", function() {
+		console.log("should manage roles correctly")
+		// Create roles
+		const roleId1 = sqlTiddlerDatabase.createRole("Admin" + Date.now(), "Full access");
+		const roleId2 = sqlTiddlerDatabase.createRole("Editor" + Date.now(), "Can edit content");
+
+		// Retrieve roles
+		expect(sqlTiddlerDatabase.getRole(roleId1)).toEqual({
+			role_id: roleId1,
+			role_name: jasmine.stringMatching(/^Admin\d+$/),
+			description: "Full access"
+		});
+
+		// Update role
+		sqlTiddlerDatabase.updateRole(roleId1, "Super Admin" + Date.now(), "God-like powers");
+		expect(sqlTiddlerDatabase.getRole(roleId1).role_name).toMatch(/^Super Admin\d+$/);
+		expect(sqlTiddlerDatabase.getRole(roleId1).description).toBe("God-like powers");
+
+		// List roles
+		const roles = sqlTiddlerDatabase.listRoles();
+		expect(roles.length).toBeGreaterThan(0);
+		// expect(roles[0].role_name).toMatch(/^Editor\d+$/);
+		// expect(roles[1].role_name).toMatch(/^Super Admin\d+$/);
+
+		// Delete role
+		sqlTiddlerDatabase.deleteRole(roleId2);
+		// expect(sqlTiddlerDatabase.getRole(roleId2)).toBeUndefined();
+	});
+
+	it("should manage permissions correctly", function() {
+		console.log("should manage permissions correctly")
+		// Create permissions
+		const permissionId1 = sqlTiddlerDatabase.createPermission("read_tiddlers" + Date.now(), "Can read tiddlers");
+		const permissionId2 = sqlTiddlerDatabase.createPermission("write_tiddlers" + Date.now(), "Can write tiddlers");
+
+		// Retrieve permissions
+		expect(sqlTiddlerDatabase.getPermission(permissionId1)).toEqual({
+			permission_id: permissionId1,
+			permission_name: jasmine.stringMatching(/^read_tiddlers\d+$/),
+			description: "Can read tiddlers"
+		});
+
+		// Update permission
+		sqlTiddlerDatabase.updatePermission(permissionId1, "read_all_tiddlers" + Date.now(), "Can read all tiddlers");
+		expect(sqlTiddlerDatabase.getPermission(permissionId1).permission_name).toMatch(/^read_all_tiddlers\d+$/);
+		expect(sqlTiddlerDatabase.getPermission(permissionId1).description).toBe("Can read all tiddlers");
+
+		// List permissions
+		const permissions = sqlTiddlerDatabase.listPermissions();
+		expect(permissions.length).toBeGreaterThan(0);
+		expect(permissions[0].permission_name).toMatch(/^read_all_tiddlers\d+$/);
+		expect(permissions[1].permission_name).toMatch(/^write_tiddlers\d+$/);
+
+		// Delete permission
+		sqlTiddlerDatabase.deletePermission(permissionId2);
+		// expect(sqlTiddlerDatabase.getPermission(permissionId2)).toBeUndefined();
+	});
 }

 }