WIP! A BB-style forum, on the ATmosphere!
We're still working... we'll be back soon when we have something to show off!
node
typescript
hono
htmx
atproto
test(web): add hasAnyAdminPermission tests + tighten JSDoc (ATB-42)
+48
-3
+46
-1
apps/web/src/lib/__tests__/session.test.ts
+46
-1
apps/web/src/lib/__tests__/session.test.ts
···
1
1
import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
2
-
import { getSession, getSessionWithPermissions, canLockTopics, canModeratePosts, canBanUsers } from "../session.js";
2
+
import { getSession, getSessionWithPermissions, canLockTopics, canModeratePosts, canBanUsers, hasAnyAdminPermission } from "../session.js";
3
3
import { logger } from "../logger.js";
4
4
5
5
vi.mock("../logger.js", () => ({
···
325
325
it("canBanUsers returns true for owner with wildcard permission", () =>
326
326
expect(canBanUsers(ownerSession)).toBe(true));
327
327
});
328
+
329
+
describe("hasAnyAdminPermission", () => {
330
+
const unauthSession = { authenticated: false as const, permissions: new Set<string>() };
331
+
332
+
const noPermSession = {
333
+
authenticated: true as const,
334
+
did: "did:plc:member",
335
+
handle: "member.bsky.social",
336
+
permissions: new Set<string>(),
337
+
};
338
+
339
+
const makeSinglePermSession = (permission: string) => ({
340
+
authenticated: true as const,
341
+
did: "did:plc:user",
342
+
handle: "user.bsky.social",
343
+
permissions: new Set([permission]),
344
+
});
345
+
346
+
it("returns false for unauthenticated session", () =>
347
+
expect(hasAnyAdminPermission(unauthSession)).toBe(false));
348
+
349
+
it("returns false for authenticated user with no permissions", () =>
350
+
expect(hasAnyAdminPermission(noPermSession)).toBe(false));
351
+
352
+
it("returns true for user with manageMembers permission", () =>
353
+
expect(hasAnyAdminPermission(makeSinglePermSession("space.atbb.permission.manageMembers"))).toBe(true));
354
+
355
+
it("returns true for user with manageCategories permission", () =>
356
+
expect(hasAnyAdminPermission(makeSinglePermSession("space.atbb.permission.manageCategories"))).toBe(true));
357
+
358
+
it("returns true for user with moderatePosts permission", () =>
359
+
expect(hasAnyAdminPermission(makeSinglePermSession("space.atbb.permission.moderatePosts"))).toBe(true));
360
+
361
+
it("returns true for user with banUsers permission", () =>
362
+
expect(hasAnyAdminPermission(makeSinglePermSession("space.atbb.permission.banUsers"))).toBe(true));
363
+
364
+
it("returns true for user with lockTopics permission", () =>
365
+
expect(hasAnyAdminPermission(makeSinglePermSession("space.atbb.permission.lockTopics"))).toBe(true));
366
+
367
+
it("returns true for user with wildcard permission", () =>
368
+
expect(hasAnyAdminPermission(makeSinglePermSession("*"))).toBe(true));
369
+
370
+
it("returns false for user with only an unrelated permission", () =>
371
+
expect(hasAnyAdminPermission(makeSinglePermSession("space.atbb.permission.someOtherThing"))).toBe(false));
372
+
});
+2
-2
apps/web/src/lib/session.ts
+2
-2
apps/web/src/lib/session.ts
···
158
158
] as const;
159
159
160
160
/**
161
-
* Returns true if the session grants at least one admin or mod permission,
162
-
* or the wildcard "*". Used to gate the /admin landing page.
161
+
* Returns true if the session grants at least one of the admin panel permissions
162
+
* listed in ADMIN_PERMISSIONS, or the wildcard "*". Used to gate the /admin landing page.
163
163
*/
164
164
export function hasAnyAdminPermission(
165
165
auth: WebSessionWithPermissions