lywsvip/openclaw-zero-token
1
0
Fork 0
mirror of http://192.168.0.88:13333/lywsvip/openclaw-zero-token.git synced 2026-05-19 08:48:01 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
openclaw-zero-token/plugin-sdk/group-access.test.ts
sjhu 571e14a236 feat: upgrade to upstream v2026.3.28 
Major upgrade from e26988a38 to upstream v2026.3.28 (f9b107928).
Key changes:
- Upstream src/, ui/, extensions/ (89 bundled extensions)
- Zero-token web providers preserved in src/zero-token/
- AskOnce plugin restored and registered as CLI command
- Added missing packages: @anthropic-ai/vertex-sdk, @modelcontextprotocol/sdk
- Fixed tsconfig rootDir, skipLibCheck for plugin-sdk DTS build
- Added askonce to bundled plugin metadata and package.json exports
- Fixed AskOnce CLI command registration (missing commands metadata)
- Restored AskOnce adapter imports (correct 5-level relative paths)
- Removed stale migration artifacts from root directory
2026-03-30 17:58:12 +08:00

314 lines
8.0 KiB
TypeScript
Raw Permalink Blame History

import { describe, expect, it } from "vitest";
import {
evaluateGroupRouteAccessForPolicy,
evaluateMatchedGroupAccessForPolicy,
evaluateSenderGroupAccess,
evaluateSenderGroupAccessForPolicy,
resolveSenderScopedGroupPolicy,
} from "./group-access.js";
describe("resolveSenderScopedGroupPolicy", () => {
const cases: Array<{
name: string;
input: Parameters<typeof resolveSenderScopedGroupPolicy>[0];
expected: ReturnType<typeof resolveSenderScopedGroupPolicy>;
}> = [
{
name: "preserves disabled policy",
input: {
groupPolicy: "disabled",
groupAllowFrom: ["a"],
},
expected: "disabled",
},
{
name: "keeps allowlist policy when sender allowlist is present",
input: {
groupPolicy: "allowlist",
groupAllowFrom: ["a"],
},
expected: "allowlist",
},
{
name: "maps allowlist to open when sender allowlist is empty",
input: {
groupPolicy: "allowlist",
groupAllowFrom: [],
},
expected: "open",
},
];
it.each(cases)("$name", ({ input, expected }) => {
expect(resolveSenderScopedGroupPolicy(input)).toBe(expected);
});
});
describe("evaluateSenderGroupAccessForPolicy", () => {
const cases: Array<{
name: string;
input: Parameters<typeof evaluateSenderGroupAccessForPolicy>[0];
expected: Partial<ReturnType<typeof evaluateSenderGroupAccessForPolicy>>;
}> = [
{
name: "blocks disabled policy",
input: {
groupPolicy: "disabled",
groupAllowFrom: ["123"],
senderId: "123",
isSenderAllowed: () => true,
},
expected: { allowed: false, reason: "disabled", groupPolicy: "disabled" },
},
{
name: "blocks allowlist with empty list",
input: {
groupPolicy: "allowlist",
groupAllowFrom: [],
senderId: "123",
isSenderAllowed: () => true,
},
expected: {
allowed: false,
reason: "empty_allowlist",
groupPolicy: "allowlist",
},
},
];
it.each(cases)("$name", ({ input, expected }) => {
expect(evaluateSenderGroupAccessForPolicy(input)).toMatchObject(expected);
});
});
describe("evaluateGroupRouteAccessForPolicy", () => {
const cases: Array<{
name: string;
input: Parameters<typeof evaluateGroupRouteAccessForPolicy>[0];
expected: ReturnType<typeof evaluateGroupRouteAccessForPolicy>;
}> = [
{
name: "blocks disabled policy",
input: {
groupPolicy: "disabled",
routeAllowlistConfigured: true,
routeMatched: true,
routeEnabled: true,
},
expected: {
allowed: false,
groupPolicy: "disabled",
reason: "disabled",
},
},
{
name: "blocks allowlist without configured routes",
input: {
groupPolicy: "allowlist",
routeAllowlistConfigured: false,
routeMatched: false,
},
expected: {
allowed: false,
groupPolicy: "allowlist",
reason: "empty_allowlist",
},
},
{
name: "blocks unmatched allowlist route",
input: {
groupPolicy: "allowlist",
routeAllowlistConfigured: true,
routeMatched: false,
},
expected: {
allowed: false,
groupPolicy: "allowlist",
reason: "route_not_allowlisted",
},
},
{
name: "blocks disabled matched route even when group policy is open",
input: {
groupPolicy: "open",
routeAllowlistConfigured: true,
routeMatched: true,
routeEnabled: false,
},
expected: {
allowed: false,
groupPolicy: "open",
reason: "route_disabled",
},
},
];
it.each(cases)("$name", ({ input, expected }) => {
expect(evaluateGroupRouteAccessForPolicy(input)).toEqual(expected);
});
});
describe("evaluateMatchedGroupAccessForPolicy", () => {
const cases: Array<{
name: string;
input: Parameters<typeof evaluateMatchedGroupAccessForPolicy>[0];
expected: ReturnType<typeof evaluateMatchedGroupAccessForPolicy>;
}> = [
{
name: "blocks disabled policy",
input: {
groupPolicy: "disabled",
allowlistConfigured: true,
allowlistMatched: true,
},
expected: {
allowed: false,
groupPolicy: "disabled",
reason: "disabled",
},
},
{
name: "blocks allowlist without configured entries",
input: {
groupPolicy: "allowlist",
allowlistConfigured: false,
allowlistMatched: false,
},
expected: {
allowed: false,
groupPolicy: "allowlist",
reason: "empty_allowlist",
},
},
{
name: "blocks allowlist when required match input is missing",
input: {
groupPolicy: "allowlist",
requireMatchInput: true,
hasMatchInput: false,
allowlistConfigured: true,
allowlistMatched: false,
},
expected: {
allowed: false,
groupPolicy: "allowlist",
reason: "missing_match_input",
},
},
{
name: "blocks unmatched allowlist sender",
input: {
groupPolicy: "allowlist",
allowlistConfigured: true,
allowlistMatched: false,
},
expected: {
allowed: false,
groupPolicy: "allowlist",
reason: "not_allowlisted",
},
},
{
name: "allows open policy",
input: {
groupPolicy: "open",
allowlistConfigured: false,
allowlistMatched: false,
},
expected: {
allowed: true,
groupPolicy: "open",
reason: "allowed",
},
},
];
it.each(cases)("$name", ({ input, expected }) => {
expect(evaluateMatchedGroupAccessForPolicy(input)).toEqual(expected);
});
});
describe("evaluateSenderGroupAccess", () => {
const cases: Array<{
name: string;
input: Parameters<typeof evaluateSenderGroupAccess>[0];
expected: Partial<ReturnType<typeof evaluateSenderGroupAccess>>;
matcher: "equal" | "match";
}> = [
{
name: "defaults missing provider config to allowlist",
input: {
providerConfigPresent: false,
configuredGroupPolicy: undefined,
defaultGroupPolicy: "open",
groupAllowFrom: ["123"],
senderId: "123",
isSenderAllowed: () => true,
},
expected: {
allowed: true,
groupPolicy: "allowlist",
providerMissingFallbackApplied: true,
reason: "allowed",
},
matcher: "equal",
},
{
name: "blocks disabled policy",
input: {
providerConfigPresent: true,
configuredGroupPolicy: "disabled",
defaultGroupPolicy: "open",
groupAllowFrom: ["123"],
senderId: "123",
isSenderAllowed: () => true,
},
expected: { allowed: false, reason: "disabled", groupPolicy: "disabled" },
matcher: "match",
},
{
name: "blocks allowlist with empty list",
input: {
providerConfigPresent: true,
configuredGroupPolicy: "allowlist",
defaultGroupPolicy: "open",
groupAllowFrom: [],
senderId: "123",
isSenderAllowed: () => true,
},
expected: {
allowed: false,
reason: "empty_allowlist",
groupPolicy: "allowlist",
},
matcher: "match",
},
{
name: "blocks sender not allowlisted",
input: {
providerConfigPresent: true,
configuredGroupPolicy: "allowlist",
defaultGroupPolicy: "open",
groupAllowFrom: ["123"],
senderId: "999",
isSenderAllowed: () => false,
},
expected: {
allowed: false,
reason: "sender_not_allowlisted",
groupPolicy: "allowlist",
},
matcher: "match",
},
];
it.each(cases)("$name", ({ input, expected, matcher }) => {
const decision = evaluateSenderGroupAccess(input);
if (matcher === "equal") {
expect(decision).toEqual(expected);
return;
}
expect(decision).toMatchObject(expected);
});
});
Reference in New Issue View Git Blame Copy Permalink