Hugging Face's logo

Darochin
/
openskynet

English
Spanish
agent
autonomy
research
typescript
nodejs
llm
Model card Files
xet
 Community
openskynet / extensions /nextcloud-talk /src /policy.test.ts
Darochin's picture
Darochin
Mirror OpenSkyNet workspace snapshot from Git HEAD
fc93158 verified
raw
history blame contribute delete
4.07 kB
import { describe, expect, it } from "vitest";
import { resolveNextcloudTalkAllowlistMatch, resolveNextcloudTalkGroupAllow } from "./policy.js";
describe("nextcloud-talk policy", () => {
 describe("resolveNextcloudTalkAllowlistMatch", () => {
 it("allows wildcard", () => {
 expect(
 resolveNextcloudTalkAllowlistMatch({
 allowFrom: ["*"],
 senderId: "user-id",
 }).allowed,
 ).toBe(true);
 });
it("allows sender id match with normalization", () => {
 expect(
 resolveNextcloudTalkAllowlistMatch({
 allowFrom: ["nc:User-Id"],
 senderId: "user-id",
 }),
 ).toEqual({ allowed: true, matchKey: "user-id", matchSource: "id" });
 });
it("blocks when sender id does not match", () => {
 expect(
 resolveNextcloudTalkAllowlistMatch({
 allowFrom: ["allowed"],
 senderId: "other",
 }).allowed,
 ).toBe(false);
 });
 });
describe("resolveNextcloudTalkGroupAllow", () => {
 it("blocks disabled policy", () => {
 expect(
 resolveNextcloudTalkGroupAllow({
 groupPolicy: "disabled",
 outerAllowFrom: ["owner"],
 innerAllowFrom: ["room-user"],
 senderId: "owner",
 }),
 ).toEqual({
 allowed: false,
 outerMatch: { allowed: false },
 innerMatch: { allowed: false },
 });
 });
it("allows open policy", () => {
 expect(
 resolveNextcloudTalkGroupAllow({
 groupPolicy: "open",
 outerAllowFrom: [],
 innerAllowFrom: [],
 senderId: "owner",
 }),
 ).toEqual({
 allowed: true,
 outerMatch: { allowed: true },
 innerMatch: { allowed: true },
 });
 });
it("blocks allowlist mode when both outer and inner allowlists are empty", () => {
 expect(
 resolveNextcloudTalkGroupAllow({
 groupPolicy: "allowlist",
 outerAllowFrom: [],
 innerAllowFrom: [],
 senderId: "owner",
 }),
 ).toEqual({
 allowed: false,
 outerMatch: { allowed: false },
 innerMatch: { allowed: false },
 });
 });
it("requires inner match when only room-specific allowlist is configured", () => {
 expect(
 resolveNextcloudTalkGroupAllow({
 groupPolicy: "allowlist",
 outerAllowFrom: [],
 innerAllowFrom: ["room-user"],
 senderId: "room-user",
 }),
 ).toEqual({
 allowed: true,
 outerMatch: { allowed: false },
 innerMatch: { allowed: true, matchKey: "room-user", matchSource: "id" },
 });
 });
it("blocks when outer allowlist misses even if inner allowlist matches", () => {
 expect(
 resolveNextcloudTalkGroupAllow({
 groupPolicy: "allowlist",
 outerAllowFrom: ["team-owner"],
 innerAllowFrom: ["room-user"],
 senderId: "room-user",
 }),
 ).toEqual({
 allowed: false,
 outerMatch: { allowed: false },
 innerMatch: { allowed: true, matchKey: "room-user", matchSource: "id" },
 });
 });
it("allows when both outer and inner allowlists match", () => {
 expect(
 resolveNextcloudTalkGroupAllow({
 groupPolicy: "allowlist",
 outerAllowFrom: ["team-owner"],
 innerAllowFrom: ["room-user"],
 senderId: "team-owner",
 }),
 ).toEqual({
 allowed: false,
 outerMatch: { allowed: true, matchKey: "team-owner", matchSource: "id" },
 innerMatch: { allowed: false },
 });
expect(
 resolveNextcloudTalkGroupAllow({
 groupPolicy: "allowlist",
 outerAllowFrom: ["shared-user"],
 innerAllowFrom: ["shared-user"],
 senderId: "shared-user",
 }),
 ).toEqual({
 allowed: true,
 outerMatch: { allowed: true, matchKey: "shared-user", matchSource: "id" },
 innerMatch: { allowed: true, matchKey: "shared-user", matchSource: "id" },
 });
 });
 });
});