including testing in precommit validate

ThatConference · Dec 29, 2023 · ec44c7d · ec44c7d
1 parent ad81625
commit ec44c7d
Show file tree

Hide file tree

Showing 10 changed files with 129 additions and 20 deletions.
diff --git a/package.json b/package.json
@@ -26,8 +26,8 @@
 		"format": "prettier --write ./src",
 		"test:integration": "playwright test",
 		"test:unit": "vitest",
-		"build:sitemap": "npx sitemap-generator-cli https://thatconference.com --last-mod --change-freq weekly --filepath ./static/sitemap.xml --priority-map 1.0",
-		"validate": "concurrently npm:lint npm:check"
+		"validate:test": "vitest run",
+		"validate": "concurrently -g npm:lint npm:check npm:validate:test"
 	},
 	"devDependencies": {
 		"@auth/core": "^0.19.0",

diff --git a/src/lib/isInRole.js b/src/lib/isInRole.js
@@ -0,0 +1,5 @@
+function isInRole({ userRoles, requiredRoles }) {
+	return userRoles.some((role) => requiredRoles.includes(role));
+}
+
+export default isInRole;
diff --git a/src/lib/isInRole.test.js b/src/lib/isInRole.test.js
@@ -0,0 +1,54 @@
+import { describe, it, expect } from 'vitest';
+
+import isInRole from './isInRole';
+
+describe('isInRole', () => {
+	it('passes when user has has matched at least one role', () => {
+		const userRoles = ['admin', 'sponsor-admin'];
+		const requiredRoles = ['admin', 'volunteer'];
+
+		expect(isInRole({ userRoles, requiredRoles })).toBe(true);
+	});
+
+	it('passes when user matches all roles', () => {
+		const userRoles = ['admin', 'sponsor-admin'];
+		const requiredRoles = ['admin', 'sponsor-admin'];
+
+		expect(isInRole({ userRoles, requiredRoles })).toBe(true);
+	});
+
+	it('fails when user does not have the any matching roles', () => {
+		const userRoles = ['admin', 'sponsor-admin'];
+		const requiredRoles = ['volunteer', 'member'];
+
+		expect(isInRole({ userRoles, requiredRoles })).toBe(false);
+	});
+
+	it('fails when user only has one role and matches nothing', () => {
+		const userRoles = ['admin', 'sponsor-admin'];
+		const requiredRoles = ['member'];
+
+		expect(isInRole({ userRoles, requiredRoles })).toBe(false);
+	});
+
+	it('passes when user only has one matching role', () => {
+		const userRoles = ['admin', 'sponsor-admin'];
+		const requiredRoles = ['admin'];
+
+		expect(isInRole({ userRoles, requiredRoles })).toBe(true);
+	});
+
+	it('fails when user has no roles', () => {
+		const userRoles = [];
+		const requiredRoles = ['admin'];
+
+		expect(isInRole({ userRoles, requiredRoles })).toBe(false);
+	});
+
+	it('fails when no roles are required', () => {
+		const userRoles = ['admin', 'volunteer'];
+		const requiredRoles = [];
+
+		expect(isInRole({ userRoles, requiredRoles })).toBe(false);
+	});
+});
diff --git a/src/routes/(admin)/admin/+page.server.js b/src/routes/(admin)/admin/+page.server.js
@@ -1,19 +1,15 @@
-/* This empty page is intentional
- * having this +page.server page here forces the hooks.server handler to execute
- * regardless if page.svelte is fully loaded or not
- * https://github.com/sveltejs/kit/issues/6315
- */
+import { redirect, error } from '@sveltejs/kit';
 
-import { error, redirect } from '@sveltejs/kit';
+import isInRole from '$lib/isInRole';
 
 export async function load({ locals, url }) {
 	const session = await locals.getSession();
 
-	if (!session) {
-		redirect(303, `/login-redirect?returnTo=${url.pathname}`);
+	if (!isInRole({ userRoles: session.user?.permissions, requiredRoles: ['admin', 'volunteer'] })) {
+		throw error(401, 'Required Privileges Not Met');
 	}
 
-	if (!session.user?.permissions.includes('admin')) {
-		throw error(401, 'requires admin');
+	if (!session) {
+		redirect(303, `/login-redirect?returnTo=${url.pathname}`);
 	}
 }
diff --git a/src/routes/(admin)/admin/events/+page.server.js b/src/routes/(admin)/admin/events/+page.server.js
@@ -1,6 +1,19 @@
 import eventQueries from '$dataSources/api.that.tech/events/queries';
+import { error, redirect } from '@sveltejs/kit';
+
+import isInRole from '$lib/isInRole';
+
+export const load = async ({ locals, fetch, url }) => {
+	const session = await locals.getSession();
+
+	if (!session) {
+		redirect(303, `/login-redirect?returnTo=${url.pathname}`);
+	}
+
+	if (!isInRole({ userRoles: session.user?.permissions, requiredRoles: ['admin', 'volunteer'] })) {
+		throw error(401, 'Required Privileges Not Met');
+	}
 
-export const load = async ({ fetch }) => {
 	const { queryEventsByCommunity } = eventQueries(fetch);
 
 	const events = await queryEventsByCommunity();

diff --git a/src/routes/(admin)/admin/events/[id]/+page.server.js b/src/routes/(admin)/admin/events/[id]/+page.server.js
@@ -0,0 +1,13 @@
+import { error } from '@sveltejs/kit';
+
+import isInRole from '$lib/isInRole';
+
+export const load = async ({ locals }) => {
+	const session = await locals.getSession();
+
+	if (!isInRole({ userRoles: session.user?.permissions, requiredRoles: ['admin'] })) {
+		throw error(401, 'Required Administrative Privileges');
+	}
+
+	return {};
+};
diff --git a/src/routes/(admin)/admin/events/[id]/edit/+page.server.js b/src/routes/(admin)/admin/events/[id]/edit/+page.server.js
@@ -6,7 +6,15 @@ import eventQueries from '$dataSources/api.that.tech/admin/events/queries.js';
 import eventSchema from '$lib/formSchemas/event.js';
 import eventMutations from '$dataSources/api.that.tech/admin/events/mutations.js';
 
-export const load = async ({ params, fetch }) => {
+import isInRole from '$lib/isInRole';
+
+export const load = async ({ params, fetch, locals }) => {
+	const session = await locals.getSession();
+
+	if (!isInRole({ userRoles: session.user?.permissions, requiredRoles: ['admin'] })) {
+		throw error(401, 'Required Administrative Privileges');
+	}
+
 	const { id } = params;
 
 	const { getEventById } = eventQueries(fetch);

diff --git a/src/routes/(admin)/admin/events/[id]/orders/+page.server.js b/src/routes/(admin)/admin/events/[id]/orders/+page.server.js
@@ -1,6 +1,15 @@
+import { error } from '@sveltejs/kit';
 import orderQueries from '$dataSources/api.that.tech/admin/orders/queries';
 
-export const load = async ({ fetch, params }) => {
+import isInRole from '$lib/isInRole';
+
+export const load = async ({ fetch, params, locals }) => {
+	const session = await locals.getSession();
+
+	if (!isInRole({ userRoles: session.user?.permissions, requiredRoles: ['admin'] })) {
+		throw error(401, 'Required Administrative Privileges');
+	}
+
 	const { id } = params;
 
 	const { queryOrdersByEvent } = orderQueries(fetch);

diff --git a/src/routes/(admin)/admin/events/check-in/[eventName]/[year]/+page.server.js b/src/routes/(admin)/admin/events/check-in/[eventName]/[year]/+page.server.js
@@ -2,14 +2,17 @@ import { error } from '@sveltejs/kit';
 import lodash from 'lodash';
 import checkinQueryApi from '$dataSources/api.that.tech/checkin/queries';
 
+import isInRole from '$lib/isInRole';
+
 const { sortBy } = lodash;
 
 export async function load({ params, fetch, locals }) {
 	const session = await locals.getSession();
-	const permissions = session?.user?.permissions ?? [];
-	if (!permissions.includes('volunteer')) {
-		throw error(401, 'Unauthorized');
+
+	if (!isInRole({ userRoles: session.user?.permissions, requiredRoles: ['admin', 'volunteer'] })) {
+		throw error(401, 'Required Privileges Not Met');
 	}
+
 	const { eventName, year } = params;
 	const eventSlug = `${eventName}/${year}`;
 

diff --git a/src/routes/(admin)/admin/events/create/+page.server.js b/src/routes/(admin)/admin/events/create/+page.server.js
@@ -1,11 +1,19 @@
-import { fail } from '@sveltejs/kit';
+import { fail, error } from '@sveltejs/kit';
 import { superValidate } from 'sveltekit-superforms/server';
 import { redirect, setFlash } from 'sveltekit-flash-message/server';
 
 import eventSchema from '$lib/formSchemas/event.js';
 import eventMutations from '$dataSources/api.that.tech/admin/events/mutations.js';
 
-export const load = async () => {
+import isInRole from '$lib/isInRole';
+
+export const load = async ({ locals }) => {
+	const session = await locals.getSession();
+
+	if (!isInRole({ userRoles: session.user?.permissions, requiredRoles: ['admin'] })) {
+		throw error(401, 'Required Administrative Privileges');
+	}
+
 	const form = await superValidate(eventSchema);
 
 	return {