Path: blob/master/src/packages/database/postgres/project/user-set-query-project-users.test.ts
5598 views
/*1* This file is part of CoCalc: Copyright © 2025 Sagemath, Inc.2* License: MS-RSL – see LICENSE.md for details3*/45import { uuid } from "@cocalc/util/misc";6import { sanitizeUserSetQueryProjectUsers } from "./user-set-query-project-users";78describe("_user_set_query_project_users sanitizer", () => {9const accountId = uuid();10const otherId = uuid();1112test("returns undefined when users is not provided", () => {13const value = sanitizeUserSetQueryProjectUsers({}, accountId);14expect(value).toBeUndefined();15});1617test("allows updating own hide and upgrades", () => {18const value = sanitizeUserSetQueryProjectUsers(19{20users: {21[accountId]: { hide: true, upgrades: { memory: 1024 } },22},23},24accountId,25);26expect(value).toEqual({27[accountId]: { hide: true, upgrades: { memory: 1024 } },28});29});3031test("rejects modifying another account", () => {32expect(() =>33sanitizeUserSetQueryProjectUsers(34{35users: {36[otherId]: { upgrades: { memory: 1024 } },37},38},39accountId,40),41).toThrow(42"users set queries may only change upgrades for the requesting account",43);44});4546test("allows system-style updates when no account_id is provided", () => {47const value = sanitizeUserSetQueryProjectUsers({48users: {49[accountId]: { hide: false, ssh_keys: {} },50},51});52expect(value).toEqual({53[accountId]: { hide: false, ssh_keys: {} },54});55});5657test("allows system operations to set group to owner", () => {58const value = sanitizeUserSetQueryProjectUsers({59users: {60[accountId]: { group: "owner", hide: false },61},62});63expect(value).toEqual({64[accountId]: { group: "owner", hide: false },65});66});6768test("allows system operations to set group to collaborator", () => {69const value = sanitizeUserSetQueryProjectUsers({70users: {71[accountId]: { group: "collaborator" },72},73});74expect(value).toEqual({75[accountId]: { group: "collaborator" },76});77});7879test("rejects group changes", () => {80expect(() =>81sanitizeUserSetQueryProjectUsers(82{83users: {84[accountId]: { group: "owner" },85},86},87accountId,88),89).toThrow("changing collaborator group via user_set_query is not allowed");90});9192test("rejects invalid group values in system operations", () => {93expect(() =>94sanitizeUserSetQueryProjectUsers({95users: {96[accountId]: { group: "admin" },97},98}),99).toThrow(100"invalid group value 'admin' - must be 'owner' or 'collaborator'",101);102});103104test("allows hiding another collaborator", () => {105const value = sanitizeUserSetQueryProjectUsers(106{107users: {108[otherId]: { hide: true },109},110},111accountId,112);113expect(value).toEqual({114[otherId]: { hide: true },115});116});117118test("rejects invalid upgrade field", () => {119expect(() =>120sanitizeUserSetQueryProjectUsers(121{122users: {123[accountId]: { upgrades: { invalidQuota: 1 } },124},125},126accountId,127),128).toThrow("invalid upgrades field 'invalidQuota'");129});130});131132133