import { test } from "node:test"; import assert from "node:assert/strict"; import path from "node:path"; import { fileURLToPath } from "node:url"; import dotenv from "dotenv"; import getPool from "../lib/server/db"; import { getGroupSettings, setGroupSettings } from "../lib/server/group-settings"; import { cleanupTestData, uniqueInviteCode } from "./test-helpers"; const __filename = fileURLToPath(import.meta.url); const __dirname = path.dirname(__filename); const envLoaded = dotenv.config({ path: path.resolve(__dirname, "../../../.env") }); const hasDb = Boolean(process.env.DATABASE_URL); test("group settings update and read", async t => { if (!hasDb) { t.skip("DATABASE_URL not set"); return; } if (envLoaded.error) t.diagnostic(String(envLoaded.error)); const pool = getPool(); const client = await pool.connect(); let ownerId: number | null = null; let groupId: number | null = null; try { const ownerRes = await client.query( "insert into users(email, password_hash) values($1,$2) returning id", [`settings_owner_${Date.now()}@example.com`, "hash"] ); ownerId = Number(ownerRes.rows[0].id); const groupRes = await client.query( "insert into groups(name, invite_code, created_by) values($1,$2,$3) returning id", ["Settings Group", uniqueInviteCode("S"), ownerId] ); groupId = Number(groupRes.rows[0].id); await client.query( "insert into group_members(group_id, user_id, role) values($1,$2,'GROUP_OWNER')", [groupId, ownerId] ); const initial = await getGroupSettings(groupId); assert.equal(initial.allowMemberTagManage, false); assert.equal(initial.joinPolicy, "NOT_ACCEPTING"); await setGroupSettings({ userId: ownerId, groupId, allowMemberTagManage: true, joinPolicy: "AUTO_ACCEPT" }); const updated = await getGroupSettings(groupId); assert.equal(updated.allowMemberTagManage, true); assert.equal(updated.joinPolicy, "AUTO_ACCEPT"); await setGroupSettings({ userId: ownerId, groupId, allowMemberTagManage: false, joinPolicy: "APPROVAL_REQUIRED" }); const updatedAgain = await getGroupSettings(groupId); assert.equal(updatedAgain.allowMemberTagManage, false); assert.equal(updatedAgain.joinPolicy, "APPROVAL_REQUIRED"); } finally { await cleanupTestData(client, { userIds: [ownerId], groupId }); client.release(); } }); test("group settings require admin", async t => { if (!hasDb) { t.skip("DATABASE_URL not set"); return; } if (envLoaded.error) t.diagnostic(String(envLoaded.error)); const pool = getPool(); const client = await pool.connect(); let ownerId: number | null = null; let memberId: number | null = null; let groupId: number | null = null; try { const ownerRes = await client.query( "insert into users(email, password_hash) values($1,$2) returning id", [`settings_owner_${Date.now()}@example.com`, "hash"] ); ownerId = Number(ownerRes.rows[0].id); const memberRes = await client.query( "insert into users(email, password_hash) values($1,$2) returning id", [`settings_member_${Date.now()}@example.com`, "hash"] ); memberId = Number(memberRes.rows[0].id); const groupRes = await client.query( "insert into groups(name, invite_code, created_by) values($1,$2,$3) returning id", ["Settings Perms", uniqueInviteCode("P"), ownerId] ); groupId = Number(groupRes.rows[0].id); await client.query( "insert into group_members(group_id, user_id, role) values($1,$2,'GROUP_OWNER')", [groupId, ownerId] ); await client.query( "insert into group_members(group_id, user_id, role) values($1,$2,'MEMBER')", [groupId, memberId] ); await assert.rejects( () => setGroupSettings({ userId: memberId!, groupId, allowMemberTagManage: true, joinPolicy: "AUTO_ACCEPT" }), { message: "FORBIDDEN" } ); const settings = await getGroupSettings(groupId); assert.equal(settings.allowMemberTagManage, false); assert.equal(settings.joinPolicy, "NOT_ACCEPTING"); } finally { await cleanupTestData(client, { userIds: [ownerId, memberId], groupId }); client.release(); } });