aaronrene / knowtation public
hub-detail-read-actions-roles.test.mjs
37 lines 1.6 KB
Raw
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor ⚠ breaking 1 day ago
1 /**
2 * Contract: note detail read-mode actions must not disappear for viewer/evaluator.
3 * Previously attachNoteDetailReadActions returned early when !hubUserCanWriteNotes(),
4 * leaving only the footer Close button.
5 */
6 import { readFileSync } from 'node:fs';
7 import { fileURLToPath } from 'node:url';
8 import { dirname, join } from 'node:path';
9 import test from 'node:test';
10 import assert from 'node:assert/strict';
11
12 const root = join(dirname(fileURLToPath(import.meta.url)), '..');
13 const hubJs = readFileSync(join(root, 'web', 'hub', 'hub.js'), 'utf8');
14
15 test('hub.js defines export + propose helpers separate from hubUserCanWriteNotes', () => {
16 assert.match(hubJs, /function hubUserMayProposeFromNote\(\)/);
17 assert.match(hubJs, /function hubUserCanExportNote\(\)/);
18 });
19
20 test('attachNoteDetailReadActions does not bail out only on !hubUserCanWriteNotes()', () => {
21 const fn = hubJs.match(/function attachNoteDetailReadActions\(actionsEl\)\s*\{[\s\S]{0,2200}?\n\s*\}/);
22 assert.ok(fn, 'expected attachNoteDetailReadActions block');
23 assert.doesNotMatch(
24 fn[0],
25 /function attachNoteDetailReadActions\([\s\S]*?if\s*\(\s*!hubUserCanWriteNotes\(\)\s*\)\s*return/,
26 'read actions must not return immediately when the user cannot write notes',
27 );
28 });
29
30 test('self-hosted Hub export route allows viewer and evaluator', () => {
31 const serverPath = join(root, 'hub', 'server.mjs');
32 const src = readFileSync(serverPath, 'utf8');
33 assert.match(
34 src,
35 /app\.post\(\s*['"]\/api\/v1\/export['"][\s\S]*?requireRole\(\s*['"]viewer['"]\s*,\s*['"]editor['"]\s*,\s*['"]admin['"]\s*,\s*['"]evaluator['"]\s*\)/,
36 );
37 });
File History 2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor 1 day ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6 docs: accept Calendar Events v0 spec with Phase 0 security … Human 1 day ago