fix: add roleId parameter to grantPermission and update tests for GraphApiService

2025-12-17 17:00:15 +01:00 · 2025-06-13 11:54:32 +02:00 · 2025-06-13 11:54:32 +02:00 · 6bbefcd16e
commit 6bbefcd16e
parent 1016a33b89
3 changed files with 17 additions and 1 deletions
--- a/api/server/services/GraphApiService.spec.js
+++ b/api/server/services/GraphApiService.spec.js
@ -52,10 +52,18 @@ describe('GraphApiService', () => {
    await mongoServer.stop();
  });

+  afterEach(() => {
+    // Clean up environment variables
+    delete process.env.OPENID_GRAPH_SCOPES;
+  });
+
  beforeEach(async () => {
    jest.clearAllMocks();
    await mongoose.connection.dropDatabase();
    
+    // Set up environment variable for People.Read scope
+    process.env.OPENID_GRAPH_SCOPES = 'User.Read,People.Read,Group.Read.All';
+
    // Mock Graph client
    mockGraphClient = {
      api: jest.fn().mockReturnThis(),
@ -341,6 +349,7 @@ describe('GraphApiService', () => {

      // Should call contacts first with user filter
      expect(mockGraphClient.api).toHaveBeenCalledWith('/me/people');
+      expect(mockGraphClient.search).toHaveBeenCalledWith('"john"');
      expect(mockGraphClient.filter).toHaveBeenCalledWith(
        "personType/subclass eq 'OrganizationUser'",
      );
@ -404,7 +413,9 @@ describe('GraphApiService', () => {
        10,
      );

-      // Should call contacts with user filter only
+      // Should call contacts first with user filter
+      expect(mockGraphClient.api).toHaveBeenCalledWith('/me/people');
+      expect(mockGraphClient.search).toHaveBeenCalledWith('"test"');
      expect(mockGraphClient.filter).toHaveBeenCalledWith(
        "personType/subclass eq 'OrganizationUser'",
      );
@ -440,6 +451,7 @@ describe('GraphApiService', () => {

      // Should call contacts first
      expect(mockGraphClient.api).toHaveBeenCalledWith('/me/people');
+      expect(mockGraphClient.search).toHaveBeenCalledWith('"test"');
      // Should not call users endpoint since limit was reached
      expect(mockGraphClient.api).not.toHaveBeenCalledWith('/users');

--- a/api/server/services/PermissionService.js
+++ b/api/server/services/PermissionService.js
@ -85,6 +85,7 @@ const grantPermission = async ({
      role.permBits,
      grantedBy,
      session,
+      role._id,
    );
  } catch (error) {
    logger.error(`[PermissionService.grantPermission] Error: ${error.message}`);
--- a/packages/data-schemas/src/methods/aclEntry.ts
+++ b/packages/data-schemas/src/methods/aclEntry.ts
@ -125,6 +125,7 @@ export function createAclEntryMethods(mongoose: typeof import('mongoose')) {
   * @param permBits - The permission bits to grant
   * @param grantedBy - The ID of the user granting the permission
   * @param session - Optional MongoDB session for transactions
+   * @param roleId - Optional role ID to associate with this permission
   * @returns The created or updated ACL entry
   */
  async function grantPermission(
@ -135,6 +136,7 @@ export function createAclEntryMethods(mongoose: typeof import('mongoose')) {
    permBits: number,
    grantedBy: string | Types.ObjectId,
    session?: ClientSession,
+    roleId?: string | Types.ObjectId,
  ): Promise<IAclEntry | null> {
    const AclEntry = mongoose.models.AclEntry as Model<IAclEntry>;
    const query: Record<string, unknown> = {
@ -153,6 +155,7 @@ export function createAclEntryMethods(mongoose: typeof import('mongoose')) {
        permBits,
        grantedBy,
        grantedAt: new Date(),
+        ...(roleId && { roleId }),
      },
    };