🛂 feat: Role as Permission Principal Type

WIP: Role as Permission Principal Type WIP: add user role check optimization to user principal check, update type comparisons WIP: cover edge cases for string vs ObjectId handling in permission granting and checking chore: Update people picker access middleware to use PrincipalType constants feat: Enhance people picker access control to include roles permissions chore: add missing default role schema values for people picker perms, cleanup typing feat: Enhance PeoplePicker component with role-specific UI and localization updates chore: Add missing `VIEW_ROLES` permission to role schema
2025-09-22 08:12:00 +02:00 · 2025-08-03 19:24:40 -04:00 · 2025-08-03 19:24:40 -04:00 · 39346d6b8e
commit 39346d6b8e
parent 28d63dab71
49 changed files with 2879 additions and 258 deletions
--- a/api/server/services/AppService.spec.js
+++ b/api/server/services/AppService.spec.js
@ -969,4 +969,59 @@ describe('AppService updating app.locals and issuing warnings', () => {
    expect(app.locals.ocr.strategy).toEqual('mistral_ocr');
    expect(app.locals.ocr.mistralModel).toEqual('mistral-medium');
  });
+
+  it('should correctly configure peoplePicker with roles permission when specified', async () => {
+    const mockConfig = {
+      interface: {
+        peoplePicker: {
+          admin: {
+            users: true,
+            groups: true,
+            roles: true,
+          },
+          user: {
+            users: false,
+            groups: false,
+            roles: true,
+          },
+        },
+      },
+    };
+
+    require('./Config/loadCustomConfig').mockImplementationOnce(() => Promise.resolve(mockConfig));
+
+    const app = { locals: {} };
+    await AppService(app);
+
+    // Check that interface config includes the roles permission
+    expect(app.locals.interfaceConfig.peoplePicker).toBeDefined();
+    expect(app.locals.interfaceConfig.peoplePicker.admin).toMatchObject({
+      users: true,
+      groups: true,
+      roles: true,
+    });
+    expect(app.locals.interfaceConfig.peoplePicker.user).toMatchObject({
+      users: false,
+      groups: false,
+      roles: true,
+    });
+  });
+
+  it('should use default peoplePicker roles permissions when not specified', async () => {
+    const mockConfig = {
+      interface: {
+        // No peoplePicker configuration
+      },
+    };
+
+    require('./Config/loadCustomConfig').mockImplementationOnce(() => Promise.resolve(mockConfig));
+
+    const app = { locals: {} };
+    await AppService(app);
+
+    // Check that default roles permissions are applied
+    expect(app.locals.interfaceConfig.peoplePicker).toBeDefined();
+    expect(app.locals.interfaceConfig.peoplePicker.admin.roles).toBe(true);
+    expect(app.locals.interfaceConfig.peoplePicker.user.roles).toBe(false);
+  });
 });