ff7bd5a4bd
Adds `artifacts/api-server/tests/role-permissions-realtime.test.mjs`,
covering the `role_permissions_changed` socket event emitted from
`PUT /api/roles/:id/permissions`.
The test:
- Stands up an admin caller plus three holders/non-holders:
- a direct holder via `user_roles`,
- an indirect holder reached via `group_roles` -> `user_groups`,
- an outsider with no claim on the role.
- Logs each in via `/api/auth/login`, opens an authenticated
`socket.io-client` socket per user against `/api/socket.io` (the
same path/transports the real client uses) and waits for `connect`
before issuing the PUT, so the user-room join is guaranteed.
- Asserts both holders receive exactly one
`role_permissions_changed` event with payload `{ roleId }`.
- Asserts the outsider receives zero such events.
Also adds `socket.io-client` as a devDependency on
`@workspace/api-server` (no production code touched).
Notes / non-deviations:
- Pre-existing typecheck errors in `routes/groups.ts` and
`routes/executive-meetings.ts` are unrelated and were not
introduced by this change.
- The audit-style file `role-permission-audit.test.mjs` was used as
the setup/teardown template per the task description.
- After code review feedback, replaced the fixed 250 ms sleep with
a promise-based `waitForEvent(timeoutMs)` helper so the holder
assertions resolve as soon as the broadcast lands (test now
finishes in ~700 ms instead of ~1850 ms). A short 100 ms grace
is still used before the outsider negative-case assertion to
give a regression emit time to arrive.
Follow-ups proposed:
- #215 cover the same fan-out for POST/DELETE permission endpoints.
- #216 cover the sibling `apps_changed` fan-out via
`emitAppsChangedToRoleHolders`.
Replit-Task-Id: 1c3092d0-7339-470a-bb2a-aa7e48d976d2
53 lines
1.5 KiB
JSON
53 lines
1.5 KiB
JSON
{
|
|
"name": "@workspace/api-server",
|
|
"version": "0.0.0",
|
|
"private": true,
|
|
"type": "module",
|
|
"scripts": {
|
|
"dev": "export NODE_ENV=development && pnpm run build && pnpm run start",
|
|
"build": "node ./build.mjs",
|
|
"start": "node --enable-source-maps ./dist/index.mjs",
|
|
"typecheck": "tsc -p tsconfig.json --noEmit",
|
|
"test:wait": "node ./scripts/wait-for-server.mjs",
|
|
"test": "node --test 'tests/**/*.test.mjs'"
|
|
},
|
|
"dependencies": {
|
|
"@google-cloud/storage": "^7.19.0",
|
|
"@swc/helpers": "^0.5.21",
|
|
"@workspace/api-zod": "workspace:*",
|
|
"@workspace/db": "workspace:*",
|
|
"bcryptjs": "^3.0.3",
|
|
"bidi-js": "^1.0.3",
|
|
"connect-pg-simple": "^10.0.0",
|
|
"cookie-parser": "^1.4.7",
|
|
"cors": "^2",
|
|
"drizzle-orm": "catalog:",
|
|
"express": "^5",
|
|
"express-session": "^1.19.0",
|
|
"google-auth-library": "^10.6.2",
|
|
"pdfkit": "^0.18.0",
|
|
"pino": "^9",
|
|
"pino-http": "^10",
|
|
"sanitize-html": "^2.17.3",
|
|
"socket.io": "^4.8.3",
|
|
"zod": "catalog:"
|
|
},
|
|
"devDependencies": {
|
|
"@types/bcryptjs": "^3.0.0",
|
|
"@types/connect-pg-simple": "^7.0.3",
|
|
"@types/cookie-parser": "^1.4.10",
|
|
"@types/cors": "^2.8.19",
|
|
"@types/express": "^5.0.6",
|
|
"@types/express-session": "^1.19.0",
|
|
"@types/node": "catalog:",
|
|
"@types/pdfkit": "^0.17.6",
|
|
"@types/sanitize-html": "^2.16.1",
|
|
"esbuild": "^0.27.3",
|
|
"esbuild-plugin-pino": "^2.3.3",
|
|
"pg": "^8.20.0",
|
|
"pino-pretty": "^13",
|
|
"socket.io-client": "^4.8.3",
|
|
"thread-stream": "3.1.0"
|
|
}
|
|
}
|