34 lines
672 B
JavaScript
34 lines
672 B
JavaScript
import test from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import { can } from '../src/services/policy.js';
|
|
|
|
test('core actions require tenant scope', async () => {
|
|
const allowed = await can(
|
|
'core.verification.read',
|
|
'verification',
|
|
{
|
|
uid: 'user-1',
|
|
policyContext: {
|
|
user: { userId: 'user-1' },
|
|
tenant: { tenantId: 'tenant-1' },
|
|
},
|
|
},
|
|
{}
|
|
);
|
|
|
|
const denied = await can(
|
|
'core.verification.read',
|
|
'verification',
|
|
{
|
|
uid: 'user-1',
|
|
policyContext: {
|
|
user: { userId: 'user-1' },
|
|
},
|
|
},
|
|
{}
|
|
);
|
|
|
|
assert.equal(allowed, true);
|
|
assert.equal(denied, false);
|
|
});
|