first commit

calcom/apps/api/v1/test/lib/utils/isAdmin.integration-test.ts

@@ -0,0 +1,76 @@
+import type { Request, Response } from "express";
+import type { NextApiRequest, NextApiResponse } from "next";
+import { createMocks } from "node-mocks-http";
+import { describe, it, expect } from "vitest";
+
+import prisma from "@calcom/prisma";
+
+import { isAdminGuard } from "../../../lib/utils/isAdmin";
+import { ScopeOfAdmin } from "../../../lib/utils/scopeOfAdmin";
+
+type CustomNextApiRequest = NextApiRequest & Request;
+type CustomNextApiResponse = NextApiResponse & Response;
+
+describe("isAdmin guard", () => {
+  it("Returns false when user does not exist in the system", async () => {
+    const { req } = createMocks<CustomNextApiRequest, CustomNextApiResponse>({
+      method: "POST",
+      body: {},
+    });
+
+    req.userId = 0;
+
+    const { isAdmin, scope } = await isAdminGuard(req);
+
+    expect(isAdmin).toBe(false);
+    expect(scope).toBe(null);
+  });
+
+  it("Returns false when org user is a member", async () => {
+    const { req } = createMocks<CustomNextApiRequest, CustomNextApiResponse>({
+      method: "POST",
+      body: {},
+    });
+
+    const memberUser = await prisma.user.findFirstOrThrow({ where: { email: "member2-acme@example.com" } });
+
+    req.userId = memberUser.id;
+
+    const { isAdmin, scope } = await isAdminGuard(req);
+
+    expect(isAdmin).toBe(false);
+    expect(scope).toBe(null);
+  });
+
+  it("Returns system-wide admin when user is marked as such", async () => {
+    const { req } = createMocks<CustomNextApiRequest, CustomNextApiResponse>({
+      method: "POST",
+      body: {},
+    });
+
+    const adminUser = await prisma.user.findFirstOrThrow({ where: { email: "admin@example.com" } });
+
+    req.userId = adminUser.id;
+
+    const { isAdmin, scope } = await isAdminGuard(req);
+
+    expect(isAdmin).toBe(true);
+    expect(scope).toBe(ScopeOfAdmin.SystemWide);
+  });
+
+  it("Returns org-wide admin when user is set as such", async () => {
+    const { req } = createMocks<CustomNextApiRequest, CustomNextApiResponse>({
+      method: "POST",
+      body: {},
+    });
+
+    const adminUser = await prisma.user.findFirstOrThrow({ where: { email: "owner1-acme@example.com" } });
+
+    req.userId = adminUser.id;
+
+    const { isAdmin, scope } = await isAdminGuard(req);
+
+    expect(isAdmin).toBe(true);
+    expect(scope).toBe(ScopeOfAdmin.OrgOwnerOrAdmin);
+  });
+});

calcom/apps/api/v1/test/lib/utils/retrieveScopedAccessibleUsers.integration-test.ts

@@ -0,0 +1,90 @@
+import { describe, it, expect } from "vitest";
+
+import prisma from "@calcom/prisma";
+
+import {
+  getAccessibleUsers,
+  retrieveOrgScopedAccessibleUsers,
+} from "../../../lib/utils/retrieveScopedAccessibleUsers";
+
+describe("retrieveScopedAccessibleUsers tests", () => {
+  describe("getAccessibleUsers", () => {
+    it("Does not return members when only admin user ID is supplied", async () => {
+      const adminUser = await prisma.user.findFirstOrThrow({ where: { email: "owner1-acme@example.com" } });
+      const accessibleUserIds = await getAccessibleUsers({
+        memberUserIds: [],
+        adminUserId: adminUser.id,
+      });
+
+      expect(accessibleUserIds.length).toBe(0);
+    });
+
+    it("Does not return members when admin user ID is not an admin of the user", async () => {
+      const adminUser = await prisma.user.findFirstOrThrow({ where: { email: "owner1-dunder@example.com" } });
+      const memberOneUser = await prisma.user.findFirstOrThrow({
+        where: { email: "member1-acme@example.com" },
+      });
+      const accessibleUserIds = await getAccessibleUsers({
+        memberUserIds: [memberOneUser.id],
+        adminUserId: adminUser.id,
+      });
+
+      expect(accessibleUserIds.length).toBe(0);
+    });
+
+    it("Returns members when admin user ID is supplied and members IDs are supplied", async () => {
+      const adminUser = await prisma.user.findFirstOrThrow({ where: { email: "owner1-acme@example.com" } });
+      const memberOneUser = await prisma.user.findFirstOrThrow({
+        where: { email: "member1-acme@example.com" },
+      });
+      const memberTwoUser = await prisma.user.findFirstOrThrow({
+        where: { email: "member2-acme@example.com" },
+      });
+      const accessibleUserIds = await getAccessibleUsers({
+        memberUserIds: [memberOneUser.id, memberTwoUser.id],
+        adminUserId: adminUser.id,
+      });
+
+      expect(accessibleUserIds.length).toBe(2);
+      expect(accessibleUserIds).toContain(memberOneUser.id);
+      expect(accessibleUserIds).toContain(memberTwoUser.id);
+    });
+  });
+
+  describe("retrieveOrgScopedAccessibleUsers", () => {
+    it("Does not return members when admin user ID is an admin of an org", async () => {
+      const memberOneUser = await prisma.user.findFirstOrThrow({
+        where: { email: "member1-acme@example.com" },
+      });
+
+      const accessibleUserIds = await retrieveOrgScopedAccessibleUsers({
+        adminId: memberOneUser.id,
+      });
+
+      expect(accessibleUserIds.length).toBe(0);
+    });
+
+    it("Returns members when admin user ID is an admin of an org", async () => {
+      const adminUser = await prisma.user.findFirstOrThrow({
+        where: { email: "owner1-acme@example.com" },
+      });
+
+      const accessibleUserIds = await retrieveOrgScopedAccessibleUsers({
+        adminId: adminUser.id,
+      });
+
+      const memberOneUser = await prisma.user.findFirstOrThrow({
+        where: { email: "member1-acme@example.com" },
+      });
+
+      const memberTwoUser = await prisma.user.findFirstOrThrow({
+        where: { email: "member2-acme@example.com" },
+      });
+
+      expect(accessibleUserIds.length).toBe(3);
+      expect(accessibleUserIds).toContain(memberOneUser.id);
+      expect(accessibleUserIds).toContain(memberTwoUser.id);
+      expect(accessibleUserIds).toContain(adminUser.id);
+    });
+  });
+});