drone-detector/server/test-rbac.js

/**
 * Test script to verify RBAC system functionality
 */

const { hasPermission, ROLES, PERMISSIONS } = require('./middleware/rbac');

// Mock users with different roles
const users = {
  admin: {
    id: 1,
    username: 'super_admin',
    role: 'admin'
  },
  user_admin: {
    id: 2,
    username: 'user_manager',
    role: 'user_admin'
  },
  security_admin: {
    id: 3,
    username: 'security_manager',
    role: 'security_admin'
  },
  branding_admin: {
    id: 4,
    username: 'branding_manager',
    role: 'branding_admin'
  },
  operator: {
    id: 5,
    username: 'basic_operator',
    role: 'operator'
  },
  viewer: {
    id: 6,
    username: 'read_only',
    role: 'viewer'
  }
};

// Test scenarios
const testScenarios = [
  {
    name: 'Admin - Full Access',
    user: users.admin,
    permissions: ['tenant.view', 'tenant.edit', 'branding.edit', 'security.edit', 'users.create', 'users.edit', 'users.delete'],
    expectedResults: [true, true, true, true, true, true, true]
  },
  {
    name: 'User Admin - User Management Only',
    user: users.user_admin,
    permissions: ['tenant.view', 'tenant.edit', 'branding.edit', 'security.edit', 'users.create', 'users.edit', 'users.delete'],
    expectedResults: [true, false, false, false, true, true, true]
  },
  {
    name: 'Security Admin - Security Only',
    user: users.security_admin,
    permissions: ['tenant.view', 'tenant.edit', 'branding.edit', 'security.edit', 'users.create', 'users.edit', 'users.delete'],
    expectedResults: [true, false, false, true, false, false, false]
  },
  {
    name: 'Branding Admin - Branding Only',
    user: users.branding_admin,
    permissions: ['tenant.view', 'tenant.edit', 'branding.edit', 'security.edit', 'users.create', 'users.edit', 'users.delete'],
    expectedResults: [true, false, true, false, false, false, false]
  },
  {
    name: 'Operator - Limited Access',
    user: users.operator,
    permissions: ['tenant.view', 'tenant.edit', 'branding.edit', 'security.edit', 'users.create', 'users.edit', 'users.delete'],
    expectedResults: [true, false, false, false, false, false, false]
  },
  {
    name: 'Viewer - Read Only',
    user: users.viewer,
    permissions: ['tenant.view', 'tenant.edit', 'branding.edit', 'security.edit', 'users.create', 'users.edit', 'users.delete'],
    expectedResults: [true, false, false, false, false, false, false]
  }
];

console.log('🧪 Testing RBAC System\n');

// Display available roles and permissions
console.log('📋 Available Roles:');
Object.keys(ROLES).forEach(role => {
  console.log(`  ${role}: ${ROLES[role].join(', ')}`);
});

console.log('\n📋 Available Permissions:');
Object.keys(PERMISSIONS).forEach(category => {
  console.log(`  ${category}:`);
  PERMISSIONS[category].forEach(permission => {
    console.log(`    - ${permission}`);
  });
});

console.log('\n🔍 Running Permission Tests:\n');

// Run tests
let totalTests = 0;
let passedTests = 0;

testScenarios.forEach(scenario => {
  console.log(`\n👤 ${scenario.name} (${scenario.user.username})`);
  console.log('─'.repeat(50));
  
  scenario.permissions.forEach((permission, index) => {
    totalTests++;
    const result = hasPermission(scenario.user, permission);
    const expected = scenario.expectedResults[index];
    const passed = result === expected;
    
    if (passed) passedTests++;
    
    const status = passed ? '✅' : '❌';
    const expectedText = expected ? 'ALLOW' : 'DENY';
    const actualText = result ? 'ALLOW' : 'DENY';
    
    console.log(`  ${status} ${permission}: Expected ${expectedText}, Got ${actualText}`);
  });
});

console.log('\n📊 Test Results:');
console.log(`  Passed: ${passedTests}/${totalTests}`);
console.log(`  Success Rate: ${Math.round((passedTests/totalTests) * 100)}%`);

if (passedTests === totalTests) {
  console.log('\n🎉 All tests passed! RBAC system is working correctly.');
} else {
  console.log('\n⚠️  Some tests failed. Please check the RBAC configuration.');
}