🛂 feat: Role as Permission Principal Type

WIP: Role as Permission Principal Type WIP: add user role check optimization to user principal check, update type comparisons WIP: cover edge cases for string vs ObjectId handling in permission granting and checking chore: Update people picker access middleware to use PrincipalType constants feat: Enhance people picker access control to include roles permissions chore: add missing default role schema values for people picker perms, cleanup typing feat: Enhance PeoplePicker component with role-specific UI and localization updates chore: Add missing `VIEW_ROLES` permission to role schema
2025-12-17 08:50:15 +01:00 · 2025-08-03 19:24:40 -04:00 · 2025-08-03 19:24:40 -04:00 · 39346d6b8e
commit 39346d6b8e
parent 28d63dab71
49 changed files with 2879 additions and 258 deletions
--- a/api/server/services/AppService.interface.spec.js
+++ b/api/server/services/AppService.interface.spec.js
@ -89,4 +89,114 @@ describe('AppService interface configuration', () => {
    expect(app.locals.interfaceConfig.bookmarks).toBe(false);
    expect(loadDefaultInterface).toHaveBeenCalled();
  });
+
+  it('should correctly configure peoplePicker permissions including roles', async () => {
+    mockLoadCustomConfig.mockResolvedValue({
+      interface: {
+        peoplePicker: {
+          admin: {
+            users: true,
+            groups: true,
+            roles: true,
+          },
+          user: {
+            users: false,
+            groups: false,
+            roles: false,
+          },
+        },
+      },
+    });
+    loadDefaultInterface.mockResolvedValue({
+      peoplePicker: {
+        admin: {
+          users: true,
+          groups: true,
+          roles: true,
+        },
+        user: {
+          users: false,
+          groups: false,
+          roles: false,
+        },
+      },
+    });
+
+    await AppService(app);
+
+    expect(app.locals.interfaceConfig.peoplePicker).toBeDefined();
+    expect(app.locals.interfaceConfig.peoplePicker.admin).toMatchObject({
+      users: true,
+      groups: true,
+      roles: true,
+    });
+    expect(app.locals.interfaceConfig.peoplePicker.user).toMatchObject({
+      users: false,
+      groups: false,
+      roles: false,
+    });
+    expect(loadDefaultInterface).toHaveBeenCalled();
+  });
+
+  it('should handle mixed peoplePicker permissions for roles', async () => {
+    mockLoadCustomConfig.mockResolvedValue({
+      interface: {
+        peoplePicker: {
+          admin: {
+            users: true,
+            groups: true,
+            roles: false,
+          },
+          user: {
+            users: true,
+            groups: false,
+            roles: true,
+          },
+        },
+      },
+    });
+    loadDefaultInterface.mockResolvedValue({
+      peoplePicker: {
+        admin: {
+          users: true,
+          groups: true,
+          roles: false,
+        },
+        user: {
+          users: true,
+          groups: false,
+          roles: true,
+        },
+      },
+    });
+
+    await AppService(app);
+
+    expect(app.locals.interfaceConfig.peoplePicker.admin.roles).toBe(false);
+    expect(app.locals.interfaceConfig.peoplePicker.user.roles).toBe(true);
+  });
+
+  it('should set default peoplePicker roles permissions when not provided', async () => {
+    mockLoadCustomConfig.mockResolvedValue({});
+    loadDefaultInterface.mockResolvedValue({
+      peoplePicker: {
+        admin: {
+          users: true,
+          groups: true,
+          roles: true,
+        },
+        user: {
+          users: false,
+          groups: false,
+          roles: false,
+        },
+      },
+    });
+
+    await AppService(app);
+
+    expect(app.locals.interfaceConfig.peoplePicker).toBeDefined();
+    expect(app.locals.interfaceConfig.peoplePicker.admin.roles).toBe(true);
+    expect(app.locals.interfaceConfig.peoplePicker.user.roles).toBe(false);
+  });
 });