From ac0fd364e9099cc27bbeffd1a432e659fe878311 Mon Sep 17 00:00:00 2001
From: Marie <51697796+ijreilly@users.noreply.github.com>
Date: Mon, 24 Feb 2025 18:13:01 +0100
Subject: [PATCH] [permissions] Add tests on role resolver (#10452)

---
 .../roles.integration-spec.ts                 | 158 ++++++++++++++++++
 1 file changed, 158 insertions(+)
 create mode 100644 packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts

diff --git a/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
new file mode 100644
index 000000000..f57a7456d
--- /dev/null
+++ b/packages/twenty-server/test/integration/graphql/suites/settings-permissions/roles.integration-spec.ts
@@ -0,0 +1,158 @@
+import request from 'supertest';
+import { makeGraphqlAPIRequest } from 'test/integration/graphql/utils/make-graphql-api-request.util';
+import { updateFeatureFlagFactory } from 'test/integration/graphql/utils/update-feature-flag-factory.util';
+
+import { SEED_APPLE_WORKSPACE_ID } from 'src/database/typeorm-seeds/core/workspaces';
+import { ErrorCode } from 'src/engine/core-modules/graphql/utils/graphql-errors.util';
+import { PermissionsExceptionMessage } from 'src/engine/metadata-modules/permissions/permissions.exception';
+const client = request(`http://localhost:${APP_PORT}`);
+
+describe('roles permissions', () => {
+  beforeAll(async () => {
+    const enablePermissionsQuery = updateFeatureFlagFactory(
+      SEED_APPLE_WORKSPACE_ID,
+      'IsPermissionsEnabled',
+      true,
+    );
+
+    await makeGraphqlAPIRequest(enablePermissionsQuery);
+  });
+
+  afterAll(async () => {
+    const disablePermissionsQuery = updateFeatureFlagFactory(
+      SEED_APPLE_WORKSPACE_ID,
+      'IsPermissionsEnabled',
+      false,
+    );
+
+    await makeGraphqlAPIRequest(disablePermissionsQuery);
+  });
+
+  describe('getRoles', () => {
+    it('should allow admin to query getRoles', async () => {
+      const query = {
+        query: `
+        query GetRoles {
+            getRoles {
+                label
+                workspaceMembers {
+                id
+                name {
+                    firstName
+                    lastName
+                    }
+                }
+            }
+        }
+      `,
+      };
+
+      const resp = await client
+        .post('/graphql')
+        .set('Authorization', `Bearer ${ADMIN_ACCESS_TOKEN}`)
+        .send(query);
+
+      expect(resp.status).toBe(200);
+      expect(resp.body.errors).toBeUndefined();
+      expect(resp.body.data.getRoles).toHaveLength(3);
+      expect(resp.body.data.getRoles).toEqual([
+        {
+          label: 'Guest',
+          workspaceMembers: [
+            {
+              id: '20202020-1553-45c6-a028-5a9064cce07f',
+              name: {
+                firstName: 'Phil',
+                lastName: 'Schiler',
+              },
+            },
+          ],
+        },
+        {
+          label: 'Admin',
+          workspaceMembers: [
+            {
+              id: '20202020-0687-4c41-b707-ed1bfca972a7',
+              name: {
+                firstName: 'Tim',
+                lastName: 'Apple',
+              },
+            },
+          ],
+        },
+        {
+          label: 'Member',
+          workspaceMembers: [
+            {
+              id: '20202020-77d5-4cb6-b60a-f4a835a85d61',
+              name: {
+                firstName: 'Jony',
+                lastName: 'Ive',
+              },
+            },
+          ],
+        },
+      ]);
+    });
+    it('should throw a permission error when user does not have permission (member role)', async () => {
+      const query = {
+        query: `
+          query GetRoles {
+            getRoles {
+                label
+                workspaceMembers {
+                id
+                name {
+                    firstName
+                    lastName
+                    }
+                }
+            }
+        }
+        `,
+      };
+
+      await client
+        .post('/graphql')
+        .set('Authorization', `Bearer ${MEMBER_ACCESS_TOKEN}`)
+        .send(query)
+        .expect(200)
+        .expect((res) => {
+          expect(res.body.data).toBeNull();
+          expect(res.body.errors).toBeDefined();
+          expect(res.body.errors[0].message).toBe(
+            PermissionsExceptionMessage.PERMISSION_DENIED,
+          );
+          expect(res.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
+        });
+    });
+  });
+
+  describe('updateWorkspaceMemberRole', () => {
+    it('should throw a permission error when user does not have permission (member role)', async () => {
+      const query = {
+        query: `
+          mutation UpdateWorkspaceMemberRole {
+              updateWorkspaceMemberRole(workspaceMemberId: "test-workspace-member-id", roleId: "test-role-id") {
+                  id
+              }
+          }
+        `,
+      };
+
+      await client
+        .post('/graphql')
+        .set('Authorization', `Bearer ${MEMBER_ACCESS_TOKEN}`)
+        .send(query)
+        .expect(200)
+        .expect((res) => {
+          expect(res.body.data).toBeNull();
+          expect(res.body.errors).toBeDefined();
+          expect(res.body.errors[0].message).toBe(
+            PermissionsExceptionMessage.PERMISSION_DENIED,
+          );
+          expect(res.body.errors[0].extensions.code).toBe(ErrorCode.FORBIDDEN);
+        });
+    });
+  });
+});