Skip to content

Commit 58ef3aa

Browse files
KillerXKillerX
committed
Add Mutations for roles
1 parent 346abe1 commit 58ef3aa

File tree

2 files changed

+161
-2
lines changed

2 files changed

+161
-2
lines changed

backend/internal/graph/api/schema.resolvers.go

Lines changed: 98 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

backend/internal/services/roles_test.go

Lines changed: 63 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -300,6 +300,69 @@ func TestAssignRole_UnauthorizedFails(t *testing.T) {
300300

301301
}
302302

303+
func TestRevokeRole_WithAuthorization(t *testing.T) {
304+
mockQueries := mocks.NewMockRoleQuerier(t)
305+
service := NewRoleService(mockQueries, newTestCache())
306+
307+
ctx := context.Background()
308+
revokerID := "US01ARZ3NDEKTSV4RRFFQ69G5FAV"
309+
targetUserID := "US02ARZ3NDEKTSV4RRFFQ69G5FAV"
310+
projectID := "PR01ARZ3NDEKTSV4RRFFQ69G5FAV"
311+
312+
// Mock: revoker is not a superadmin
313+
mockQueries.On("HasRole", ctx, sqlc.HasRoleParams{
314+
UserID: revokerID,
315+
Role: string(RoleSuperAdmin),
316+
}).Return(false, nil)
317+
318+
// Mock: revoker is an admin
319+
mockQueries.On("HasRole", ctx, sqlc.HasRoleParams{
320+
UserID: revokerID,
321+
Role: string(RoleAdmin),
322+
}).Return(true, nil)
323+
324+
// Mock: role revocation succeeds
325+
mockQueries.On("RevokeRole", ctx, mock.MatchedBy(func(params sqlc.RevokeRoleParams) bool {
326+
return params.UserID == targetUserID &&
327+
params.Role == string(RoleProjectAdmin) &&
328+
params.ProjectID != nil && *params.ProjectID == projectID
329+
})).Return(nil)
330+
331+
// Revoke the role
332+
err := service.RevokeRole(ctx, revokerID, targetUserID, RoleProjectAdmin, nil, &projectID, nil)
333+
334+
assert.NoError(t, err)
335+
336+
}
337+
338+
func TestRevokeRole_UnauthorizedFails(t *testing.T) {
339+
mockQueries := mocks.NewMockRoleQuerier(t)
340+
service := NewRoleService(mockQueries, newTestCache())
341+
342+
ctx := context.Background()
343+
revokerID := "US01ARZ3NDEKTSV4RRFFQ69G5FAV"
344+
targetUserID := "US02ARZ3NDEKTSV4RRFFQ69G5FAV"
345+
346+
// Mock: revoker is not a superadmin
347+
mockQueries.On("HasRole", ctx, sqlc.HasRoleParams{
348+
UserID: revokerID,
349+
Role: string(RoleSuperAdmin),
350+
}).Return(false, nil)
351+
352+
// Mock: revoker is not an admin
353+
mockQueries.On("HasRole", ctx, sqlc.HasRoleParams{
354+
UserID: revokerID,
355+
Role: string(RoleAdmin),
356+
}).Return(false, nil)
357+
358+
// Try to revoke admin role (should fail)
359+
err := service.RevokeRole(ctx, revokerID, targetUserID, RoleAdmin, nil, nil, nil)
360+
361+
assert.Error(t, err)
362+
assert.Contains(t, err.Error(), "does not have permission")
363+
364+
}
365+
303366
// Helper function
304367
func stringPtr(s string) *string {
305368
return &s

0 commit comments

Comments
 (0)