fiddy/apps/web/__tests__/group-settings.test.ts

import { test } from "node:test";
import assert from "node:assert/strict";
import path from "node:path";
import { fileURLToPath } from "node:url";
import dotenv from "dotenv";
import getPool from "../lib/server/db";
import { getGroupSettings, setGroupSettings } from "../lib/server/group-settings";
import { cleanupTestData, uniqueInviteCode } from "./test-helpers";

const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const envLoaded = dotenv.config({ path: path.resolve(__dirname, "../../../.env") });

const hasDb = Boolean(process.env.DATABASE_URL);

test("group settings update and read", async t => {
    if (!hasDb) {
        t.skip("DATABASE_URL not set");
        return;
    }

    if (envLoaded.error) t.diagnostic(String(envLoaded.error));

    const pool = getPool();
    const client = await pool.connect();
    let ownerId: number | null = null;
    let groupId: number | null = null;
    try {
        const ownerRes = await client.query(
            "insert into users(email, password_hash) values($1,$2) returning id",
            [`settings_owner_${Date.now()}@example.com`, "hash"]
        );
        ownerId = Number(ownerRes.rows[0].id);

        const groupRes = await client.query(
            "insert into groups(name, invite_code, created_by) values($1,$2,$3) returning id",
            ["Settings Group", uniqueInviteCode("S"), ownerId]
        );
        groupId = Number(groupRes.rows[0].id);

        await client.query(
            "insert into group_members(group_id, user_id, role) values($1,$2,'GROUP_OWNER')",
            [groupId, ownerId]
        );

        const initial = await getGroupSettings(groupId);
        assert.equal(initial.allowMemberTagManage, false);
        assert.equal(initial.joinPolicy, "NOT_ACCEPTING");

        await setGroupSettings({ userId: ownerId, groupId, allowMemberTagManage: true, joinPolicy: "AUTO_ACCEPT" });
        const updated = await getGroupSettings(groupId);
        assert.equal(updated.allowMemberTagManage, true);
        assert.equal(updated.joinPolicy, "AUTO_ACCEPT");

        await setGroupSettings({ userId: ownerId, groupId, allowMemberTagManage: false, joinPolicy: "APPROVAL_REQUIRED" });
        const updatedAgain = await getGroupSettings(groupId);
        assert.equal(updatedAgain.allowMemberTagManage, false);
        assert.equal(updatedAgain.joinPolicy, "APPROVAL_REQUIRED");
    } finally {
        await cleanupTestData(client, { userIds: [ownerId], groupId });
        client.release();
    }
});

test("group settings require admin", async t => {
    if (!hasDb) {
        t.skip("DATABASE_URL not set");
        return;
    }

    if (envLoaded.error) t.diagnostic(String(envLoaded.error));

    const pool = getPool();
    const client = await pool.connect();
    let ownerId: number | null = null;
    let memberId: number | null = null;
    let groupId: number | null = null;
    try {
        const ownerRes = await client.query(
            "insert into users(email, password_hash) values($1,$2) returning id",
            [`settings_owner_${Date.now()}@example.com`, "hash"]
        );
        ownerId = Number(ownerRes.rows[0].id);

        const memberRes = await client.query(
            "insert into users(email, password_hash) values($1,$2) returning id",
            [`settings_member_${Date.now()}@example.com`, "hash"]
        );
        memberId = Number(memberRes.rows[0].id);

        const groupRes = await client.query(
            "insert into groups(name, invite_code, created_by) values($1,$2,$3) returning id",
            ["Settings Perms", uniqueInviteCode("P"), ownerId]
        );
        groupId = Number(groupRes.rows[0].id);

        await client.query(
            "insert into group_members(group_id, user_id, role) values($1,$2,'GROUP_OWNER')",
            [groupId, ownerId]
        );
        await client.query(
            "insert into group_members(group_id, user_id, role) values($1,$2,'MEMBER')",
            [groupId, memberId]
        );

        await assert.rejects(
            () => setGroupSettings({ userId: memberId!, groupId, allowMemberTagManage: true, joinPolicy: "AUTO_ACCEPT" }),
            { message: "FORBIDDEN" }
        );

        const settings = await getGroupSettings(groupId);
        assert.equal(settings.allowMemberTagManage, false);
        assert.equal(settings.joinPolicy, "NOT_ACCEPTING");
    } finally {
        await cleanupTestData(client, { userIds: [ownerId, memberId], groupId });
        client.release();
    }
});