fix: test, org auth manager

Author: FinleyGe

Diff for: package.json

@@ -18,15 +18,15 @@
   },
   "devDependencies": {
     "@chakra-ui/cli": "^2.4.1",
-    "@vitest/coverage-v8": "^3.0.2",
+    "@vitest/coverage-v8": "^3.0.9",
     "husky": "^8.0.3",
     "i18next": "23.16.8",
     "lint-staged": "^13.3.0",
     "next-i18next": "15.4.2",
     "prettier": "3.2.4",
     "react-i18next": "14.1.2",
-    "vitest": "^3.0.2",
-    "vitest-mongodb": "^1.0.1",
+    "vitest": "^3.0.9",
+    "mongodb-memory-server": "^10.1.4",
     "zhlint": "^0.7.4"
   },
   "lint-staged": {

Diff for: packages/global/support/permission/memberGroup/type.d.ts

@@ -17,23 +17,23 @@ type GroupMemberSchemaType = {
   role: `${GroupMemberRole}`;
 };
 
-type MemberGroupListItemType<T extends boolean | undefined> = MemberGroupSchemaType & {
-  members: T extends true
+type MemberGroupListItemType<WithMembers extends boolean | undefined> = MemberGroupSchemaType & {
+  members: WithMembers extends true
     ? {
         tmbId: string;
         name: string;
         avatar: string;
       }[]
     : undefined;
-  count: T extends true ? number : undefined;
-  owner?: T extends true
+  count: WithMembers extends true ? number : undefined;
+  owner?: WithMembers extends true
     ? {
         tmbId: string;
         name: string;
         avatar: string;
       }
     : undefined;
-  permission: T extends true ? Permission : undefined;
+  permission: WithMembers extends true ? Permission : undefined;
 };
 
 type GroupMemberItemType = {

Diff for: packages/global/support/permission/user/constant.ts

@@ -15,29 +15,29 @@ export const TeamPermissionList: PermissionListType<TeamPermissionKeyEnum> = {
   },
   [PermissionKeyEnum.write]: {
     ...PermissionList[PermissionKeyEnum.write],
-    value: 0b000010
+    value: 0b000110
   },
   [PermissionKeyEnum.manage]: {
     ...PermissionList[PermissionKeyEnum.manage],
-    value: 0b000001
+    value: 0b000101
   },
   [TeamPermissionKeyEnum.appCreate]: {
     checkBoxType: 'multiple',
     description: '',
     name: i18nT('account_team:permission_appCreate'),
-    value: 0b001000
+    value: 0b001100
   },
   [TeamPermissionKeyEnum.datasetCreate]: {
     checkBoxType: 'multiple',
     description: '',
     name: i18nT('account_team:permission_datasetCreate'),
-    value: 0b010000
+    value: 0b010100
   },
   [TeamPermissionKeyEnum.apikeyCreate]: {
     checkBoxType: 'multiple',
     description: '',
     name: i18nT('account_team:permission_apikeyCreate'),
-    value: 0b100000
+    value: 0b100100
   }
 };
 

Diff for: packages/service/common/mongo/index.ts

@@ -60,7 +60,7 @@ const addCommonMiddleware = (schema: mongoose.Schema) => {
 
 export const getMongoModel = <T>(name: string, schema: mongoose.Schema) => {
   if (connectionMongo.models[name]) return connectionMongo.models[name] as Model<T>;
-  console.log('Load model======', name);
+  if (process.env.NODE_ENV !== 'test') console.log('Load model======', name);
   addCommonMiddleware(schema);
 
   const model = connectionMongo.model<T>(name, schema);

Diff for: packages/service/support/permission/auth/org.ts

@@ -2,7 +2,7 @@ import { TeamPermission } from '@fastgpt/global/support/permission/user/controll
 import { AuthModeType, AuthResponseType } from '../type';
 import { TeamErrEnum } from '@fastgpt/global/common/error/code/team';
 import { authUserPer } from '../user/auth';
-import { ManagePermissionVal } from '@fastgpt/global/support/permission/constant';
+import { TeamManagePermissionVal } from '@fastgpt/global/support/permission/user/constant';
 
 /*
   Team manager can control org
@@ -15,7 +15,7 @@ export const authOrgMember = async ({
 } & AuthModeType): Promise<AuthResponseType> => {
   const result = await authUserPer({
     ...props,
-    per: ManagePermissionVal
+    per: TeamManagePermissionVal
   });
   const { teamId, tmbId, isRoot, tmb } = result;
 

Diff for: test/datas/users.ts

@@ -1,4 +1,12 @@
-import { AuthUserTypeEnum } from '@fastgpt/global/support/permission/constant';
+import { AuthUserTypeEnum, PerResourceTypeEnum } from '@fastgpt/global/support/permission/constant';
+import { MemberGroupSchemaType } from '@fastgpt/global/support/permission/memberGroup/type';
+import { PermissionValueType } from '@fastgpt/global/support/permission/type';
+import { TeamManagePermissionVal } from '@fastgpt/global/support/permission/user/constant';
+import { DefaultGroupName } from '@fastgpt/global/support/user/team/group/constant';
+import { OrgSchemaType, OrgType } from '@fastgpt/global/support/user/team/org/type';
+import { MongoMemberGroupModel } from '@fastgpt/service/support/permission/memberGroup/memberGroupSchema';
+import { MongoOrgModel } from '@fastgpt/service/support/permission/org/orgSchema';
+import { MongoResourcePermission } from '@fastgpt/service/support/permission/schema';
 import { MongoUser } from '@fastgpt/service/support/user/schema';
 import { MongoTeamMember } from '@fastgpt/service/support/user/team/teamMemberSchema';
 import { MongoTeam } from '@fastgpt/service/support/user/team/teamSchema';
@@ -33,22 +41,40 @@ export async function getRootUser(): Promise<parseHeaderCertRet> {
   };
 }
 
-export async function getUser(username: string): Promise<parseHeaderCertRet> {
+export async function getUser(username: string, teamId?: string): Promise<parseHeaderCertRet> {
   const user = await MongoUser.create({
     username,
     password: '123456'
   });
 
-  const team = await MongoTeam.create({
-    name: 'test team',
-    ownerId: user._id
-  });
+  const tmb = await (async () => {
+    if (!teamId) {
+      const team = await MongoTeam.create({
+        name: username,
+        ownerId: user._id
+      });
+      const tmb = await MongoTeamMember.create({
+        name: username,
+        teamId: team._id,
+        userId: user._id,
+        status: 'active',
+        role: 'owner'
+      });
 
-  const tmb = await MongoTeamMember.create({
-    teamId: team._id,
-    userId: user._id,
-    status: 'active'
-  });
+      await MongoMemberGroupModel.create({
+        teamId: team._id,
+        name: DefaultGroupName,
+        avatar: team.avatar
+      });
+
+      return tmb;
+    }
+    return MongoTeamMember.create({
+      teamId,
+      userId: user._id,
+      status: 'active'
+    });
+  })();
 
   return {
     userId: user._id,
@@ -61,3 +87,90 @@ export async function getUser(username: string): Promise<parseHeaderCertRet> {
     tmbId: tmb?._id
   };
 }
+
+let fakeUsers: Record<string, parseHeaderCertRet> = {};
+
+async function getFakeUser(username: string) {
+  if (username === 'Owner') {
+    if (!fakeUsers[username]) {
+      fakeUsers[username] = await getUser(username);
+    }
+    return fakeUsers[username];
+  }
+  const owner = await getFakeUser('Owner');
+  const ownerTeamId = owner.teamId;
+  if (!fakeUsers[username]) {
+    fakeUsers[username] = await getUser(username, ownerTeamId);
+  }
+  return fakeUsers[username];
+}
+
+async function addPermission({
+  user,
+  permission
+}: {
+  user: parseHeaderCertRet;
+  permission: PermissionValueType;
+}) {
+  const { teamId, tmbId } = user;
+  await MongoResourcePermission.updateOne({
+    resourceType: PerResourceTypeEnum.team,
+    teamId,
+    resourceId: null,
+    tmbId,
+    permission
+  });
+}
+
+export async function getFakeUsers(num: number = 10) {
+  const owner = await getFakeUser('Owner');
+  const manager = await getFakeUser('Manager');
+  await MongoResourcePermission.create({
+    resourceType: PerResourceTypeEnum.team,
+    teamId: owner.teamId,
+    resourceId: null,
+    tmbId: manager.tmbId,
+    permission: TeamManagePermissionVal
+  });
+  const members = (await Promise.all(
+    Array.from({ length: num }, (_, i) => `member${i + 1}`) // 团队 member1, member2, ..., member10
+      .map((username) => getFakeUser(username))
+  )) as parseHeaderCertRet[];
+  return {
+    owner,
+    manager,
+    members
+  };
+}
+
+export async function getFakeGroups(num: number = 5) {
+  // create 5 groups
+  const teamId = (await getFakeUser('Owner')).teamId;
+  return MongoMemberGroupModel.create([
+    ...Array(num)
+      .keys()
+      .map((i) => ({
+        name: `group${i + 1}`,
+        teamId
+      }))
+  ]) as Promise<MemberGroupSchemaType[]>;
+}
+
+export async function getFakeOrgs() {
+  // create 5 orgs
+  const pathIds = ['root', 'org1', 'org2', 'org3', 'org4', 'org5'];
+  const paths = ['', '/root', '/root', '/root', '/root/org1', '/root/org1/org4'];
+  const teamId = (await getFakeUser('Owner')).teamId;
+  return MongoOrgModel.create(
+    pathIds.map((pathId, i) => ({
+      pathId,
+      name: pathId,
+      path: paths[i],
+      teamId
+    }))
+  ) as Promise<OrgSchemaType[]>;
+}
+
+export async function clean() {
+  fakeUsers = {};
+}

Diff for: test/globalSetup.ts

@@ -0,0 +1,18 @@
+import { MongoMemoryReplSet } from 'mongodb-memory-server';
+import type { TestProject } from 'vitest/node';
+
+export default async function setup(project: TestProject) {
+  const replset = await MongoMemoryReplSet.create({ replSet: { count: 1 } });
+  const uri = replset.getUri();
+  project.provide('MONGODB_URI', uri);
+
+  return async () => {
+    await replset.stop();
+  };
+}
+
+declare module 'vitest' {
+  export interface ProvidedContext {
+    MONGODB_URI: string;
+  }
+}

Diff for: test/mocks/request.ts

@@ -1,4 +1,8 @@
+import { TeamErrEnum } from '@fastgpt/global/common/error/code/team';
 import { AuthUserTypeEnum } from '@fastgpt/global/support/permission/constant';
+import { TeamPermission } from '@fastgpt/global/support/permission/user/controller';
+import { MongoGroupMemberModel } from '@fastgpt/service/support/permission/memberGroup/groupMemberSchema';
+import { getTmbInfoByTmbId } from '@fastgpt/service/support/user/team/controller';
 import { vi } from 'vitest';
 
 // vi.mock(import('@/service/middleware/entry'), async () => {
@@ -87,3 +91,62 @@ vi.mock(import('@fastgpt/service/support/permission/controller'), async (importO
     parseHeaderCert
   };
 });
+
+vi.mock(
+  import('@fastgpt/service/support/permission/memberGroup/controllers'),
+  async (importOriginal) => {
+    const mod = await importOriginal();
+    const parseHeaderCert = vi.fn(
+      ({
+        req,
+        authToken = false,
+        authRoot = false,
+        authApiKey = false
+      }: {
+        req: MockReqType;
+        authToken?: boolean;
+        authRoot?: boolean;
+        authApiKey?: boolean;
+      }) => {
+        const { auth } = req;
+        if (!auth) {
+          return Promise.reject(Error('unAuthorization(mock)'));
+        }
+        return Promise.resolve(auth);
+      }
+    );
+    const authGroupMemberRole = vi.fn(async ({ groupId, role, ...props }: any) => {
+      const result = await parseHeaderCert(props);
+      const { teamId, tmbId, isRoot } = result;
+      if (isRoot) {
+        return {
+          ...result,
+          permission: new TeamPermission({
+            isOwner: true
+          }),
+          teamId,
+          tmbId
+        };
+      }
+      const [groupMember, tmb] = await Promise.all([
+        MongoGroupMemberModel.findOne({ groupId, tmbId }),
+        getTmbInfoByTmbId({ tmbId })
+      ]);
+
+      // Team admin or role check
+      if (tmb.permission.hasManagePer || (groupMember && role.includes(groupMember.role))) {
+        return {
+          ...result,
+          permission: tmb.permission,
+          teamId,
+          tmbId
+        };
+      }
+      return Promise.reject(TeamErrEnum.unAuthTeam);
+    });
+    return {
+      ...mod,
+      authGroupMemberRole
+    };
+  }
+);