🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
const mongoose = require('mongoose');
|
2025-07-26 12:28:31 -04:00
|
|
|
const { ObjectId } = require('mongodb');
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
const { logger } = require('@librechat/data-schemas');
|
2025-07-26 12:28:31 -04:00
|
|
|
const { MongoMemoryServer } = require('mongodb-memory-server');
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
const {
|
|
|
|
|
SystemRoles,
|
|
|
|
|
ResourceType,
|
|
|
|
|
AccessRoleIds,
|
2025-08-02 16:02:56 -04:00
|
|
|
PrincipalType,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
PermissionBits,
|
|
|
|
|
} = require('librechat-data-provider');
|
2025-07-26 12:28:31 -04:00
|
|
|
|
|
|
|
|
// Mock the config/connect module to prevent connection attempts during tests
|
|
|
|
|
jest.mock('../../config/connect', () => jest.fn().mockResolvedValue(true));
|
|
|
|
|
|
|
|
|
|
const dbModels = require('~/db/models');
|
|
|
|
|
|
|
|
|
|
// Disable console for tests
|
|
|
|
|
logger.silent = true;
|
|
|
|
|
|
|
|
|
|
let mongoServer;
|
|
|
|
|
let Prompt, PromptGroup, AclEntry, AccessRole, User, Group, Project;
|
|
|
|
|
let promptFns, permissionService;
|
|
|
|
|
let testUsers, testGroups, testRoles;
|
|
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
|
|
|
|
// Set up MongoDB memory server
|
|
|
|
|
mongoServer = await MongoMemoryServer.create();
|
|
|
|
|
const mongoUri = mongoServer.getUri();
|
|
|
|
|
await mongoose.connect(mongoUri);
|
|
|
|
|
|
|
|
|
|
// Initialize models
|
|
|
|
|
Prompt = dbModels.Prompt;
|
|
|
|
|
PromptGroup = dbModels.PromptGroup;
|
|
|
|
|
AclEntry = dbModels.AclEntry;
|
|
|
|
|
AccessRole = dbModels.AccessRole;
|
|
|
|
|
User = dbModels.User;
|
|
|
|
|
Group = dbModels.Group;
|
|
|
|
|
Project = dbModels.Project;
|
|
|
|
|
|
|
|
|
|
promptFns = require('~/models/Prompt');
|
|
|
|
|
permissionService = require('~/server/services/PermissionService');
|
|
|
|
|
|
|
|
|
|
// Create test data
|
|
|
|
|
await setupTestData();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterAll(async () => {
|
|
|
|
|
await mongoose.disconnect();
|
|
|
|
|
await mongoServer.stop();
|
|
|
|
|
jest.clearAllMocks();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
async function setupTestData() {
|
|
|
|
|
// Create access roles for promptGroups
|
|
|
|
|
testRoles = {
|
|
|
|
|
viewer: await AccessRole.create({
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_VIEWER,
|
2025-07-26 12:28:31 -04:00
|
|
|
name: 'Viewer',
|
|
|
|
|
description: 'Can view promptGroups',
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
permBits: PermissionBits.VIEW,
|
|
|
|
|
}),
|
|
|
|
|
editor: await AccessRole.create({
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_EDITOR,
|
2025-07-26 12:28:31 -04:00
|
|
|
name: 'Editor',
|
|
|
|
|
description: 'Can view and edit promptGroups',
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
permBits: PermissionBits.VIEW | PermissionBits.EDIT,
|
|
|
|
|
}),
|
|
|
|
|
owner: await AccessRole.create({
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
2025-07-26 12:28:31 -04:00
|
|
|
name: 'Owner',
|
|
|
|
|
description: 'Full control over promptGroups',
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
permBits:
|
|
|
|
|
PermissionBits.VIEW | PermissionBits.EDIT | PermissionBits.DELETE | PermissionBits.SHARE,
|
|
|
|
|
}),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Create test users
|
|
|
|
|
testUsers = {
|
|
|
|
|
owner: await User.create({
|
|
|
|
|
name: 'Prompt Owner',
|
|
|
|
|
email: 'owner@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
}),
|
|
|
|
|
editor: await User.create({
|
|
|
|
|
name: 'Prompt Editor',
|
|
|
|
|
email: 'editor@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
}),
|
|
|
|
|
viewer: await User.create({
|
|
|
|
|
name: 'Prompt Viewer',
|
|
|
|
|
email: 'viewer@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
}),
|
|
|
|
|
admin: await User.create({
|
|
|
|
|
name: 'Admin User',
|
|
|
|
|
email: 'admin@example.com',
|
|
|
|
|
role: SystemRoles.ADMIN,
|
|
|
|
|
}),
|
|
|
|
|
noAccess: await User.create({
|
|
|
|
|
name: 'No Access User',
|
|
|
|
|
email: 'noaccess@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
}),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
// Create test groups
|
|
|
|
|
testGroups = {
|
|
|
|
|
editors: await Group.create({
|
|
|
|
|
name: 'Prompt Editors',
|
|
|
|
|
description: 'Group with editor access',
|
|
|
|
|
}),
|
|
|
|
|
viewers: await Group.create({
|
|
|
|
|
name: 'Prompt Viewers',
|
|
|
|
|
description: 'Group with viewer access',
|
|
|
|
|
}),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await Project.create({
|
|
|
|
|
name: 'Global',
|
|
|
|
|
description: 'Global project',
|
|
|
|
|
promptGroupIds: [],
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
describe('Prompt ACL Permissions', () => {
|
|
|
|
|
describe('Creating Prompts with Permissions', () => {
|
|
|
|
|
it('should grant owner permissions when creating a prompt', async () => {
|
|
|
|
|
// First create a group
|
|
|
|
|
const testGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Test Group',
|
|
|
|
|
category: 'testing',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new mongoose.Types.ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const promptData = {
|
|
|
|
|
prompt: {
|
|
|
|
|
prompt: 'Test prompt content',
|
|
|
|
|
name: 'Test Prompt',
|
|
|
|
|
type: 'text',
|
|
|
|
|
groupId: testGroup._id,
|
|
|
|
|
},
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
await promptFns.savePrompt(promptData);
|
|
|
|
|
|
|
|
|
|
// Manually grant permissions as would happen in the route
|
|
|
|
|
await permissionService.grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.USER,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: testUsers.owner._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testGroup._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
2025-07-26 12:28:31 -04:00
|
|
|
grantedBy: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Check ACL entry
|
|
|
|
|
const aclEntry = await AclEntry.findOne({
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testGroup._id,
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.USER,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(aclEntry).toBeTruthy();
|
|
|
|
|
expect(aclEntry.permBits).toBe(testRoles.owner.permBits);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('Accessing Prompts', () => {
|
|
|
|
|
let testPromptGroup;
|
|
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
|
// Create a prompt group
|
|
|
|
|
testPromptGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Test Group',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Create a prompt
|
|
|
|
|
await Prompt.create({
|
|
|
|
|
prompt: 'Test prompt for access control',
|
|
|
|
|
name: 'Access Test Prompt',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
groupId: testPromptGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Grant owner permissions
|
|
|
|
|
await permissionService.grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.USER,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: testUsers.owner._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
2025-07-26 12:28:31 -04:00
|
|
|
grantedBy: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterEach(async () => {
|
|
|
|
|
await Prompt.deleteMany({});
|
|
|
|
|
await PromptGroup.deleteMany({});
|
|
|
|
|
await AclEntry.deleteMany({});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('owner should have full access to their prompt', async () => {
|
|
|
|
|
const hasAccess = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.owner._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.VIEW,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(hasAccess).toBe(true);
|
|
|
|
|
|
|
|
|
|
const canEdit = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.owner._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.EDIT,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(canEdit).toBe(true);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('user with viewer role should only have view access', async () => {
|
|
|
|
|
// Grant viewer permissions
|
|
|
|
|
await permissionService.grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.USER,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: testUsers.viewer._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_VIEWER,
|
2025-07-26 12:28:31 -04:00
|
|
|
grantedBy: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const canView = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.viewer._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.VIEW,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const canEdit = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.viewer._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.EDIT,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(canView).toBe(true);
|
|
|
|
|
expect(canEdit).toBe(false);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('user without permissions should have no access', async () => {
|
|
|
|
|
const hasAccess = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.noAccess._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.VIEW,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(hasAccess).toBe(false);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('admin should have access regardless of permissions', async () => {
|
|
|
|
|
// Admin users should work through normal permission system
|
|
|
|
|
// The middleware layer handles admin bypass, not the permission service
|
|
|
|
|
const hasAccess = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.admin._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.VIEW,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Without explicit permissions, even admin won't have access at this layer
|
|
|
|
|
expect(hasAccess).toBe(false);
|
|
|
|
|
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
// The actual admin bypass happens in the middleware layer (`canAccessPromptViaGroup`/`canAccessPromptGroupResource`)
|
2025-07-26 12:28:31 -04:00
|
|
|
// which checks req.user.role === SystemRoles.ADMIN
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('Group-based Access', () => {
|
|
|
|
|
let testPromptGroup;
|
|
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
|
// Create a prompt group first
|
|
|
|
|
testPromptGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Group Access Test Group',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await Prompt.create({
|
|
|
|
|
prompt: 'Group access test prompt',
|
|
|
|
|
name: 'Group Test',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
groupId: testPromptGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Add users to groups
|
|
|
|
|
await User.findByIdAndUpdate(testUsers.editor._id, {
|
|
|
|
|
$push: { groups: testGroups.editors._id },
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await User.findByIdAndUpdate(testUsers.viewer._id, {
|
|
|
|
|
$push: { groups: testGroups.viewers._id },
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterEach(async () => {
|
|
|
|
|
await Prompt.deleteMany({});
|
|
|
|
|
await AclEntry.deleteMany({});
|
|
|
|
|
await User.updateMany({}, { $set: { groups: [] } });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('group members should inherit group permissions', async () => {
|
|
|
|
|
// Create a prompt group
|
|
|
|
|
const testPromptGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Group Test Group',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
2025-08-03 19:24:40 -04:00
|
|
|
const { addUserToGroup } = require('~/models');
|
|
|
|
|
await addUserToGroup(testUsers.editor._id, testGroups.editors._id);
|
2025-07-26 12:28:31 -04:00
|
|
|
|
|
|
|
|
const prompt = await promptFns.savePrompt({
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
prompt: {
|
|
|
|
|
prompt: 'Group test prompt',
|
|
|
|
|
name: 'Group Test',
|
|
|
|
|
groupId: testPromptGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Check if savePrompt returned an error
|
|
|
|
|
if (!prompt || !prompt.prompt) {
|
|
|
|
|
throw new Error(`Failed to save prompt: ${prompt?.message || 'Unknown error'}`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Grant edit permissions to the group
|
|
|
|
|
await permissionService.grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.GROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: testGroups.editors._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_EDITOR,
|
2025-07-26 12:28:31 -04:00
|
|
|
grantedBy: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Check if group member has access
|
|
|
|
|
const hasAccess = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.editor._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.EDIT,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(hasAccess).toBe(true);
|
|
|
|
|
|
|
|
|
|
// Check that non-member doesn't have access
|
|
|
|
|
const nonMemberAccess = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.viewer._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.EDIT,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(nonMemberAccess).toBe(false);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('Public Access', () => {
|
|
|
|
|
let publicPromptGroup, privatePromptGroup;
|
|
|
|
|
|
|
|
|
|
beforeEach(async () => {
|
|
|
|
|
// Create separate prompt groups for public and private access
|
|
|
|
|
publicPromptGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Public Access Test Group',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
privatePromptGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Private Access Test Group',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Create prompts in their respective groups
|
|
|
|
|
await Prompt.create({
|
|
|
|
|
prompt: 'Public prompt',
|
|
|
|
|
name: 'Public',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
groupId: publicPromptGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await Prompt.create({
|
|
|
|
|
prompt: 'Private prompt',
|
|
|
|
|
name: 'Private',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
groupId: privatePromptGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Grant public view access to publicPromptGroup
|
|
|
|
|
await permissionService.grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.PUBLIC,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: null,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: publicPromptGroup._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_VIEWER,
|
2025-07-26 12:28:31 -04:00
|
|
|
grantedBy: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Grant only owner access to privatePromptGroup
|
|
|
|
|
await permissionService.grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.USER,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: testUsers.owner._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: privatePromptGroup._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
2025-07-26 12:28:31 -04:00
|
|
|
grantedBy: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
afterEach(async () => {
|
|
|
|
|
await Prompt.deleteMany({});
|
|
|
|
|
await PromptGroup.deleteMany({});
|
|
|
|
|
await AclEntry.deleteMany({});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('public prompt should be accessible to any user', async () => {
|
|
|
|
|
const hasAccess = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.noAccess._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: publicPromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.VIEW,
|
|
|
|
|
includePublic: true,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(hasAccess).toBe(true);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('private prompt should not be accessible to unauthorized users', async () => {
|
|
|
|
|
const hasAccess = await permissionService.checkPermission({
|
|
|
|
|
userId: testUsers.noAccess._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: privatePromptGroup._id,
|
|
|
|
|
requiredPermission: PermissionBits.VIEW,
|
|
|
|
|
includePublic: true,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(hasAccess).toBe(false);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('Prompt Deletion', () => {
|
|
|
|
|
let testPromptGroup;
|
|
|
|
|
|
|
|
|
|
it('should remove ACL entries when prompt is deleted', async () => {
|
|
|
|
|
testPromptGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Deletion Test Group',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const prompt = await promptFns.savePrompt({
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
prompt: {
|
|
|
|
|
prompt: 'To be deleted',
|
|
|
|
|
name: 'Delete Test',
|
|
|
|
|
groupId: testPromptGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Check if savePrompt returned an error
|
|
|
|
|
if (!prompt || !prompt.prompt) {
|
|
|
|
|
throw new Error(`Failed to save prompt: ${prompt?.message || 'Unknown error'}`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const testPromptId = prompt.prompt._id;
|
|
|
|
|
const promptGroupId = testPromptGroup._id;
|
|
|
|
|
|
|
|
|
|
// Grant permission
|
|
|
|
|
await permissionService.grantPermission({
|
2025-08-02 16:02:56 -04:00
|
|
|
principalType: PrincipalType.USER,
|
2025-07-26 12:28:31 -04:00
|
|
|
principalId: testUsers.owner._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
2025-07-26 12:28:31 -04:00
|
|
|
grantedBy: testUsers.owner._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Verify ACL entry exists
|
|
|
|
|
const beforeDelete = await AclEntry.find({
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
});
|
|
|
|
|
expect(beforeDelete).toHaveLength(1);
|
|
|
|
|
|
|
|
|
|
// Delete the prompt
|
|
|
|
|
await promptFns.deletePrompt({
|
|
|
|
|
promptId: testPromptId,
|
|
|
|
|
groupId: promptGroupId,
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Verify ACL entries are removed
|
|
|
|
|
const aclEntries = await AclEntry.find({
|
🔧 refactor: Organize Sharing/Agent Components and Improve Type Safety
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids, rename enums to PascalCase
refactor: organize Sharing/Agent components, improve type safety for resource types and access role ids
chore: move sharing related components to dedicated "Sharing" directory
chore: remove PublicSharingToggle component and update index exports
chore: move non-sidepanel agent components to `~/components/Agents`
chore: move AgentCategoryDisplay component with tests
chore: remove commented out code
refactor: change PERMISSION_BITS from const to enum for better type safety
refactor: reorganize imports in GenericGrantAccessDialog and update index exports for hooks
refactor: update type definitions to use ACCESS_ROLE_IDS for improved type safety
refactor: remove unused canAccessPromptResource middleware and related code
refactor: remove unused prompt access roles from createAccessRoleMethods
refactor: update resourceType in AclEntry type definition to remove unused 'prompt' value
refactor: introduce ResourceType enum and update resourceType usage across data provider files for improved type safety
refactor: update resourceType usage to ResourceType enum across sharing and permissions components for improved type safety
refactor: standardize resourceType usage to ResourceType enum across agent and prompt models, permissions controller, and middleware for enhanced type safety
refactor: update resourceType references from PROMPT_GROUP to PROMPTGROUP for consistency across models, middleware, and components
refactor: standardize access role IDs and resource type usage across agent, file, and prompt models for improved type safety and consistency
chore: add typedefs for TUpdateResourcePermissionsRequest and TUpdateResourcePermissionsResponse to enhance type definitions
chore: move SearchPicker to PeoplePicker dir
refactor: implement debouncing for query changes in SearchPicker for improved performance
chore: fix typing, import order for agent admin settings
fix: agent admin settings, prevent agent form submission
refactor: rename `ACCESS_ROLE_IDS` to `AccessRoleIds`
refactor: replace PermissionBits with PERMISSION_BITS
refactor: replace PERMISSION_BITS with PermissionBits
2025-07-28 17:52:36 -04:00
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
2025-07-26 12:28:31 -04:00
|
|
|
resourceId: testPromptGroup._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(aclEntries).toHaveLength(0);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe('Backwards Compatibility', () => {
|
|
|
|
|
it('should handle prompts without ACL entries gracefully', async () => {
|
|
|
|
|
// Create a prompt group first
|
|
|
|
|
const promptGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Legacy Test Group',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
authorName: testUsers.owner.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Create a prompt without ACL entries (legacy prompt)
|
|
|
|
|
const legacyPrompt = await Prompt.create({
|
|
|
|
|
prompt: 'Legacy prompt without ACL',
|
|
|
|
|
name: 'Legacy',
|
|
|
|
|
author: testUsers.owner._id,
|
|
|
|
|
groupId: promptGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// The system should handle this gracefully
|
|
|
|
|
const prompt = await promptFns.getPrompt({ _id: legacyPrompt._id });
|
|
|
|
|
expect(prompt).toBeTruthy();
|
|
|
|
|
expect(prompt._id.toString()).toBe(legacyPrompt._id.toString());
|
|
|
|
|
});
|
|
|
|
|
});
|
🪦 fix: ACL-Safe User Account Deletion for Agents, Prompts, and MCP Servers (#12314)
* fix: use ACL ownership for prompt group cleanup on user deletion
deleteUserPrompts previously called getAllPromptGroups with only an
author filter, which defaults to searchShared=true and drops the
author filter for shared/global project entries. This caused any user
deleting their account to strip shared prompt group associations and
ACL entries for other users.
Replace the author-based query with ACL-based ownership lookup:
- Find prompt groups where the user has OWNER permission (DELETE bit)
- Only delete groups where the user is the sole owner
- Preserve multi-owned groups and their ACL entries for other owners
* fix: use ACL ownership for agent cleanup on user deletion
deleteUserAgents used the deprecated author field to find and delete
agents, then unconditionally removed all ACL entries for those agents.
This could destroy ACL entries for agents shared with or co-owned by
other users.
Replace the author-based query with ACL-based ownership lookup:
- Find agents where the user has OWNER permission (DELETE bit)
- Only delete agents where the user is the sole owner
- Preserve multi-owned agents and their ACL entries for other owners
- Also clean up handoff edges referencing deleted agents
* fix: add MCP server cleanup on user deletion
User deletion had no cleanup for MCP servers, leaving solely-owned
servers orphaned in the database with dangling ACL entries for other
users.
Add deleteUserMcpServers that follows the same ACL ownership pattern
as prompt groups and agents: find servers with OWNER permission,
check for sole ownership, and only delete those with no other owners.
* style: fix prettier formatting in Prompt.spec.js
* refactor: extract getSoleOwnedResourceIds to PermissionService
The ACL sole-ownership detection algorithm was duplicated across
deleteUserPrompts, deleteUserAgents, and deleteUserMcpServers.
Centralizes the three-step pattern (find owned entries, find other
owners, compute sole-owned set) into a single reusable utility.
* refactor: use getSoleOwnedResourceIds in all deletion functions
- Replace inline ACL queries with the centralized utility
- Remove vestigial _req parameter from deleteUserPrompts
- Use Promise.all for parallel project removal instead of sequential awaits
- Disconnect live MCP sessions and invalidate tool cache before deleting
sole-owned MCP server documents
- Export deleteUserMcpServers for testability
* test: improve deletion test coverage and quality
- Move deleteUserPrompts call to beforeAll to eliminate execution-order
dependency between tests
- Standardize on test() instead of it() for consistency in Prompt.spec.js
- Add assertion for deleting user's own ACL entry preservation on
multi-owned agents
- Add deleteUserMcpServers integration test suite with 6 tests covering
sole-owner deletion, multi-owner preservation, session disconnect,
cache invalidation, model-not-registered guard, and missing MCPManager
- Add PermissionService mock to existing deleteUser.spec.js to fix
import chain
* fix: add legacy author-based fallback for unmigrated resources
Resources created before the ACL system have author set but no AclEntry
records. The sole-ownership detection returns empty for these, causing
deleteUserPrompts, deleteUserAgents, and deleteUserMcpServers to silently
skip them — permanently orphaning data on user deletion.
Add a fallback that identifies author-owned resources with zero ACL
entries (truly unmigrated) and includes them in the deletion set. This
preserves the multi-owner safety of the ACL path while ensuring pre-ACL
resources are still cleaned up regardless of migration status.
* style: fix prettier formatting across all changed files
* test: add resource type coverage guard for user deletion
Ensures every ResourceType in the ACL system has a corresponding cleanup
handler wired into deleteUserController. When a new ResourceType is added
(e.g. WORKFLOW), this test fails immediately, preventing silent data
orphaning on user account deletion.
* style: fix import order in PermissionService destructure
* test: add opt-out set and fix test lifecycle in coverage guard
Add NO_USER_CLEANUP_NEEDED set for resource types that legitimately
require no per-user deletion. Move fs.readFileSync into beforeAll so
path errors surface as clean test failures instead of unhandled crashes.
2026-03-19 17:46:14 -04:00
|
|
|
|
|
|
|
|
describe('deleteUserPrompts', () => {
|
|
|
|
|
let deletingUser;
|
|
|
|
|
let otherUser;
|
|
|
|
|
let soleOwnedGroup;
|
|
|
|
|
let multiOwnedGroup;
|
|
|
|
|
let sharedGroup;
|
|
|
|
|
let soleOwnedPrompt;
|
|
|
|
|
let multiOwnedPrompt;
|
|
|
|
|
let sharedPrompt;
|
|
|
|
|
|
|
|
|
|
beforeAll(async () => {
|
|
|
|
|
deletingUser = await User.create({
|
|
|
|
|
name: 'Deleting User',
|
|
|
|
|
email: 'deleting@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
});
|
|
|
|
|
otherUser = await User.create({
|
|
|
|
|
name: 'Other User',
|
|
|
|
|
email: 'other@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const soleProductionId = new ObjectId();
|
|
|
|
|
soleOwnedGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Sole Owned Group',
|
|
|
|
|
author: deletingUser._id,
|
|
|
|
|
authorName: deletingUser.name,
|
|
|
|
|
productionId: soleProductionId,
|
|
|
|
|
});
|
|
|
|
|
soleOwnedPrompt = await Prompt.create({
|
|
|
|
|
prompt: 'Sole owned prompt',
|
|
|
|
|
author: deletingUser._id,
|
|
|
|
|
groupId: soleOwnedGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
await PromptGroup.updateOne(
|
|
|
|
|
{ _id: soleOwnedGroup._id },
|
|
|
|
|
{ productionId: soleOwnedPrompt._id },
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
const multiProductionId = new ObjectId();
|
|
|
|
|
multiOwnedGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Multi Owned Group',
|
|
|
|
|
author: deletingUser._id,
|
|
|
|
|
authorName: deletingUser.name,
|
|
|
|
|
productionId: multiProductionId,
|
|
|
|
|
});
|
|
|
|
|
multiOwnedPrompt = await Prompt.create({
|
|
|
|
|
prompt: 'Multi owned prompt',
|
|
|
|
|
author: deletingUser._id,
|
|
|
|
|
groupId: multiOwnedGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
await PromptGroup.updateOne(
|
|
|
|
|
{ _id: multiOwnedGroup._id },
|
|
|
|
|
{ productionId: multiOwnedPrompt._id },
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
const sharedProductionId = new ObjectId();
|
|
|
|
|
sharedGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Shared Group (other user owns)',
|
|
|
|
|
author: otherUser._id,
|
|
|
|
|
authorName: otherUser.name,
|
|
|
|
|
productionId: sharedProductionId,
|
|
|
|
|
});
|
|
|
|
|
sharedPrompt = await Prompt.create({
|
|
|
|
|
prompt: 'Shared prompt',
|
|
|
|
|
author: otherUser._id,
|
|
|
|
|
groupId: sharedGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
await PromptGroup.updateOne({ _id: sharedGroup._id }, { productionId: sharedPrompt._id });
|
|
|
|
|
|
|
|
|
|
await permissionService.grantPermission({
|
|
|
|
|
principalType: PrincipalType.USER,
|
|
|
|
|
principalId: deletingUser._id,
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: soleOwnedGroup._id,
|
|
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
|
|
|
|
grantedBy: deletingUser._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await permissionService.grantPermission({
|
|
|
|
|
principalType: PrincipalType.USER,
|
|
|
|
|
principalId: deletingUser._id,
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: multiOwnedGroup._id,
|
|
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
|
|
|
|
grantedBy: deletingUser._id,
|
|
|
|
|
});
|
|
|
|
|
await permissionService.grantPermission({
|
|
|
|
|
principalType: PrincipalType.USER,
|
|
|
|
|
principalId: otherUser._id,
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: multiOwnedGroup._id,
|
|
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
|
|
|
|
grantedBy: otherUser._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await permissionService.grantPermission({
|
|
|
|
|
principalType: PrincipalType.USER,
|
|
|
|
|
principalId: otherUser._id,
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: sharedGroup._id,
|
|
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_OWNER,
|
|
|
|
|
grantedBy: otherUser._id,
|
|
|
|
|
});
|
|
|
|
|
await permissionService.grantPermission({
|
|
|
|
|
principalType: PrincipalType.USER,
|
|
|
|
|
principalId: deletingUser._id,
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: sharedGroup._id,
|
|
|
|
|
accessRoleId: AccessRoleIds.PROMPTGROUP_VIEWER,
|
|
|
|
|
grantedBy: otherUser._id,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const globalProject = await Project.findOne({ name: 'Global' });
|
|
|
|
|
await Project.updateOne(
|
|
|
|
|
{ _id: globalProject._id },
|
|
|
|
|
{
|
|
|
|
|
$addToSet: {
|
|
|
|
|
promptGroupIds: {
|
|
|
|
|
$each: [soleOwnedGroup._id, multiOwnedGroup._id, sharedGroup._id],
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
await promptFns.deleteUserPrompts(deletingUser._id.toString());
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should delete solely-owned prompt groups and their prompts', async () => {
|
|
|
|
|
expect(await PromptGroup.findById(soleOwnedGroup._id)).toBeNull();
|
|
|
|
|
expect(await Prompt.findById(soleOwnedPrompt._id)).toBeNull();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should remove solely-owned groups from projects', async () => {
|
|
|
|
|
const globalProject = await Project.findOne({ name: 'Global' });
|
|
|
|
|
const projectGroupIds = globalProject.promptGroupIds.map((id) => id.toString());
|
|
|
|
|
expect(projectGroupIds).not.toContain(soleOwnedGroup._id.toString());
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should remove all ACL entries for solely-owned groups', async () => {
|
|
|
|
|
const aclEntries = await AclEntry.find({
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: soleOwnedGroup._id,
|
|
|
|
|
});
|
|
|
|
|
expect(aclEntries).toHaveLength(0);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should preserve multi-owned prompt groups', async () => {
|
|
|
|
|
expect(await PromptGroup.findById(multiOwnedGroup._id)).not.toBeNull();
|
|
|
|
|
expect(await Prompt.findById(multiOwnedPrompt._id)).not.toBeNull();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should preserve ACL entries of other owners on multi-owned groups', async () => {
|
|
|
|
|
const otherOwnerAcl = await AclEntry.findOne({
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: multiOwnedGroup._id,
|
|
|
|
|
principalId: otherUser._id,
|
|
|
|
|
});
|
|
|
|
|
expect(otherOwnerAcl).not.toBeNull();
|
|
|
|
|
expect(otherOwnerAcl.permBits & PermissionBits.DELETE).toBeTruthy();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should preserve groups owned by other users', async () => {
|
|
|
|
|
expect(await PromptGroup.findById(sharedGroup._id)).not.toBeNull();
|
|
|
|
|
expect(await Prompt.findById(sharedPrompt._id)).not.toBeNull();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should preserve project membership of non-deleted groups', async () => {
|
|
|
|
|
const globalProject = await Project.findOne({ name: 'Global' });
|
|
|
|
|
const projectGroupIds = globalProject.promptGroupIds.map((id) => id.toString());
|
|
|
|
|
expect(projectGroupIds).toContain(multiOwnedGroup._id.toString());
|
|
|
|
|
expect(projectGroupIds).toContain(sharedGroup._id.toString());
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should preserve ACL entries for shared group owned by other user', async () => {
|
|
|
|
|
const ownerAcl = await AclEntry.findOne({
|
|
|
|
|
resourceType: ResourceType.PROMPTGROUP,
|
|
|
|
|
resourceId: sharedGroup._id,
|
|
|
|
|
principalId: otherUser._id,
|
|
|
|
|
});
|
|
|
|
|
expect(ownerAcl).not.toBeNull();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should be a no-op when user has no owned prompt groups', async () => {
|
|
|
|
|
const unrelatedUser = await User.create({
|
|
|
|
|
name: 'Unrelated User',
|
|
|
|
|
email: 'unrelated@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const beforeCount = await PromptGroup.countDocuments();
|
|
|
|
|
await promptFns.deleteUserPrompts(unrelatedUser._id.toString());
|
|
|
|
|
const afterCount = await PromptGroup.countDocuments();
|
|
|
|
|
|
|
|
|
|
expect(afterCount).toBe(beforeCount);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('should delete legacy prompt groups that have author but no ACL entries', async () => {
|
|
|
|
|
const legacyUser = await User.create({
|
|
|
|
|
name: 'Legacy User',
|
|
|
|
|
email: 'legacy-prompt@example.com',
|
|
|
|
|
role: SystemRoles.USER,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const legacyGroup = await PromptGroup.create({
|
|
|
|
|
name: 'Legacy Group (no ACL)',
|
|
|
|
|
author: legacyUser._id,
|
|
|
|
|
authorName: legacyUser.name,
|
|
|
|
|
productionId: new ObjectId(),
|
|
|
|
|
});
|
|
|
|
|
const legacyPrompt = await Prompt.create({
|
|
|
|
|
prompt: 'Legacy prompt text',
|
|
|
|
|
author: legacyUser._id,
|
|
|
|
|
groupId: legacyGroup._id,
|
|
|
|
|
type: 'text',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
await promptFns.deleteUserPrompts(legacyUser._id.toString());
|
|
|
|
|
|
|
|
|
|
expect(await PromptGroup.findById(legacyGroup._id)).toBeNull();
|
|
|
|
|
expect(await Prompt.findById(legacyPrompt._id)).toBeNull();
|
|
|
|
|
});
|
|
|
|
|
});
|
2025-07-26 12:28:31 -04:00
|
|
|
});
|