feat(core): Allow custom project roles from being set to a user project relation (#18926)

2025-12-21 03:42:16 +00:00 · 2025-09-01 10:22:33 +02:00
parent 5b5f60212a
commit 027edbe89d
32 changed files with 597 additions and 121 deletions
--- a/packages/cli/test/integration/public-api/users.test.ts
+++ b/packages/cli/test/integration/public-api/users.test.ts
@@ -9,6 +9,7 @@ import {
 	getUserById,
 } from '@test-integration/db/users';
 import { setupTestServer } from '@test-integration/utils';
+import { createRole } from '@test-integration/db/roles';

 describe('Users in Public API', () => {
 	const testServer = setupTestServer({ endpointGroups: ['publicApi'] });
@@ -61,13 +62,32 @@ describe('Users in Public API', () => {
 			expect(response.body).toHaveProperty('message', 'Forbidden');
 		});

+		it('should fail if role does not exist', async () => {
+			/**
+			 * Arrange
+			 */
+			testServer.license.enable('feat:advancedPermissions');
+			const owner = await createOwnerWithApiKey();
+			const payload = [{ email: 'test@test.com', role: 'non-existing-role' }];
+
+			/**
+			 * Act
+			 */
+			const response = await testServer.publicApiAgentFor(owner).post('/users').send(payload);
+
+			/**
+			 * Assert
+			 */
+			expect(response.status).toBe(400);
+			expect(response.body).toHaveProperty('message', 'Role non-existing-role does not exist');
+		});
+
 		it('should create a user', async () => {
 			/**
 			 * Arrange
 			 */
 			testServer.license.enable('feat:advancedPermissions');
 			const owner = await createOwnerWithApiKey();
-			await createOwnerWithApiKey();
 			const payload = [{ email: 'test@test.com', role: 'global:admin' }];

 			/**
@@ -97,6 +117,27 @@ describe('Users in Public API', () => {
 			expect(returnedUser.email).toBe(payloadUser.email);
 			expect(storedUser.role.slug).toBe(payloadUser.role);
 		});
+
+		it('should create a user with an existing custom role', async () => {
+			/**
+			 * Arrange
+			 */
+			testServer.license.enable('feat:advancedPermissions');
+			const owner = await createOwnerWithApiKey();
+			const customRole = 'custom:role';
+			await createRole({ slug: customRole, displayName: 'Custom role', roleType: 'global' });
+			const payload = [{ email: 'test@test.com', role: customRole }];
+
+			/**
+			 * Act
+			 */
+			const response = await testServer.publicApiAgentFor(owner).post('/users').send(payload);
+
+			/**
+			 * Assert
+			 */
+			expect(response.status).toBe(201);
+		});
 	});

 	describe('DELETE /users/:id', () => {
@@ -277,5 +318,32 @@ describe('Users in Public API', () => {
 			const storedUser = await getUserById(member.id);
 			expect(storedUser.role.slug).toBe(payload.newRoleName);
 		});
+
+		it('should change a user role to an existing custom role', async () => {
+			/**
+			 * Arrange
+			 */
+			testServer.license.enable('feat:advancedPermissions');
+			const owner = await createOwnerWithApiKey();
+			const member = await createMember();
+			const customRole = 'custom:role';
+			await createRole({ slug: customRole, displayName: 'Custom role', roleType: 'global' });
+			const payload = { newRoleName: customRole };
+
+			/**
+			 * Act
+			 */
+			const response = await testServer
+				.publicApiAgentFor(owner)
+				.patch(`/users/${member.id}/role`)
+				.send(payload);
+
+			/**
+			 * Assert
+			 */
+			expect(response.status).toBe(204);
+			const storedUser = await getUserById(member.id);
+			expect(storedUser.role.slug).toBe(payload.newRoleName);
+		});
 	});
 });