import { describe, beforeAll, afterAll, test, expect, vi } from 'vitest'; import { prisma, checkPrismaConnection } from '../database/prisma.js'; import { initializeDatabase } from '../database/index.js'; import { setPlatformDefault, setWidgetPermission, checkWidgetAccess, getWidgetPermissions, } from '../services/security/securityRepository.js'; let prismaAvailable = false; const testWidgetId = `widget-${Date.now()}`; vi.mock('../database/prisma', () => ({ prisma: { $connect: vi.fn(), $disconnect: vi.fn(), widgetPermission: { findUnique: vi.fn(), upsert: vi.fn(), findMany: vi.fn(), deleteMany: vi.fn(), }, $queryRaw: vi.fn() }, checkPrismaConnection: vi.fn().mockResolvedValue(false), // Skip tests in CI })); describe('Security permissions (integration)', () => { beforeAll(async () => { prismaAvailable = await checkPrismaConnection(); if (prismaAvailable) { await initializeDatabase(); await prisma.widgetPermission.deleteMany({ where: { widgetId: testWidgetId }, }); } }); afterAll(async () => { if (prismaAvailable) { await prisma.widgetPermission.deleteMany({ where: { widgetId: testWidgetId }, }); await prisma.$disconnect(); } }); test('respects widget override access levels', async () => { if (!prismaAvailable) { expect(true).toBe(true); return; } await setPlatformDefault('logs', 'read'); await setWidgetPermission(testWidgetId, 'logs', 'write', true); const hasWrite = await checkWidgetAccess(testWidgetId, 'logs', 'write'); expect(hasWrite).toBe(true); }); test('falls back to platform default when override absent', async () => { if (!prismaAvailable) { expect(true).toBe(true); return; } await setPlatformDefault('telemetry', 'read'); const hasWrite = await checkWidgetAccess(testWidgetId, 'telemetry', 'write'); expect(hasWrite).toBe(false); const permissions = await getWidgetPermissions(testWidgetId); expect(Array.isArray(permissions)).toBe(true); }); });