feat(core): Allow custom project roles from being set to a user project relation (#18926)

packages/cli/test/integration/public-api/projects.test.ts

@@ -483,8 +483,8 @@ describe('Projects in Public API', () => {
 					relations: [
 						{
 							userId: member.id,
-							// role does not exist
-							role: 'project:boss',
+							// field does not exist
+							invalidField: 'invalidValue',
 						},
 					],
 				};
@@ -499,10 +499,33 @@ describe('Projects in Public API', () => {
 				// ASSERT
 				expect(response.body).toHaveProperty(
 					'message',
-					"Invalid enum value. Expected 'project:admin' | 'project:editor' | 'project:viewer', received 'project:boss'",
+					"request/body/relations/0 must have required property 'role'",
 				);
 			});
 
+			it('should reject if the relations have a role that do not exist', async () => {
+				const owner = await createOwnerWithApiKey();
+				const member = await createMember();
+				const project = await createTeamProject('shared-project', owner);
+
+				const payload = {
+					relations: [
+						{
+							userId: member.id,
+							role: 'project:invalid-role',
+						},
+					],
+				};
+
+				await testServer
+					.publicApiAgentFor(owner)
+					.post(`/projects/${project.id}/users`)
+					.send(payload)
+					.expect(400);
+
+				// TODO: add message check once we properly validate role from database
+			});
+
 			it('should reject with 404 if no project found', async () => {
 				const owner = await createOwnerWithApiKey();
 				const member = await createMember();
@@ -654,23 +677,23 @@ describe('Projects in Public API', () => {
 				testServer.license.enable('feat:projectRole:admin');
 			});
 
-			it("should reject with 400 if the payload can't be validated", async () => {
+			it('should reject with 400 if the role do not exist', async () => {
 				// ARRANGE
 				const owner = await createOwnerWithApiKey();
+				const member = await createMember();
+				const project = await createTeamProject('shared-project', owner);
+				await linkUserToProject(member, project, 'project:viewer');
 
 				// ACT
-				const response = await testServer
+				await testServer
 					.publicApiAgentFor(owner)
-					.patch('/projects/1234/users/1235')
+					.patch(`/projects/${project.id}/users/${member.id}`)
 					// role does not exist
 					.send({ role: 'project:boss' })
 					.expect(400);
 
 				// ASSERT
-				expect(response.body).toHaveProperty(
-					'message',
-					"Invalid enum value. Expected 'project:admin' | 'project:editor' | 'project:viewer', received 'project:boss'",
-				);
+				// TODO: add message check once we properly validate that the role exists
 			});
 
 			it("should change a user's role in a project", async () => {

packages/cli/test/integration/public-api/users.test.ts

@@ -9,6 +9,7 @@ import {
 	getUserById,
 } from '@test-integration/db/users';
 import { setupTestServer } from '@test-integration/utils';
+import { createRole } from '@test-integration/db/roles';
 
 describe('Users in Public API', () => {
 	const testServer = setupTestServer({ endpointGroups: ['publicApi'] });
@@ -61,13 +62,32 @@ describe('Users in Public API', () => {
 			expect(response.body).toHaveProperty('message', 'Forbidden');
 		});
 
+		it('should fail if role does not exist', async () => {
+			/**
+			 * Arrange
+			 */
+			testServer.license.enable('feat:advancedPermissions');
+			const owner = await createOwnerWithApiKey();
+			const payload = [{ email: 'test@test.com', role: 'non-existing-role' }];
+
+			/**
+			 * Act
+			 */
+			const response = await testServer.publicApiAgentFor(owner).post('/users').send(payload);
+
+			/**
+			 * Assert
+			 */
+			expect(response.status).toBe(400);
+			expect(response.body).toHaveProperty('message', 'Role non-existing-role does not exist');
+		});
+
 		it('should create a user', async () => {
 			/**
 			 * Arrange
 			 */
 			testServer.license.enable('feat:advancedPermissions');
 			const owner = await createOwnerWithApiKey();
-			await createOwnerWithApiKey();
 			const payload = [{ email: 'test@test.com', role: 'global:admin' }];
 
 			/**
@@ -97,6 +117,27 @@ describe('Users in Public API', () => {
 			expect(returnedUser.email).toBe(payloadUser.email);
 			expect(storedUser.role.slug).toBe(payloadUser.role);
 		});
+
+		it('should create a user with an existing custom role', async () => {
+			/**
+			 * Arrange
+			 */
+			testServer.license.enable('feat:advancedPermissions');
+			const owner = await createOwnerWithApiKey();
+			const customRole = 'custom:role';
+			await createRole({ slug: customRole, displayName: 'Custom role', roleType: 'global' });
+			const payload = [{ email: 'test@test.com', role: customRole }];
+
+			/**
+			 * Act
+			 */
+			const response = await testServer.publicApiAgentFor(owner).post('/users').send(payload);
+
+			/**
+			 * Assert
+			 */
+			expect(response.status).toBe(201);
+		});
 	});
 
 	describe('DELETE /users/:id', () => {
@@ -277,5 +318,32 @@ describe('Users in Public API', () => {
 			const storedUser = await getUserById(member.id);
 			expect(storedUser.role.slug).toBe(payload.newRoleName);
 		});
+
+		it('should change a user role to an existing custom role', async () => {
+			/**
+			 * Arrange
+			 */
+			testServer.license.enable('feat:advancedPermissions');
+			const owner = await createOwnerWithApiKey();
+			const member = await createMember();
+			const customRole = 'custom:role';
+			await createRole({ slug: customRole, displayName: 'Custom role', roleType: 'global' });
+			const payload = { newRoleName: customRole };
+
+			/**
+			 * Act
+			 */
+			const response = await testServer
+				.publicApiAgentFor(owner)
+				.patch(`/users/${member.id}/role`)
+				.send(payload);
+
+			/**
+			 * Assert
+			 */
+			expect(response.status).toBe(204);
+			const storedUser = await getUserById(member.id);
+			expect(storedUser.role.slug).toBe(payload.newRoleName);
+		});
 	});
 });