feat(pages-and-resources): add permission tests for grading and pages/resources access

bra-i-am · bra-i-am · commit 27c140e404c4 · 2026-04-28T11:13:03.000-05:00
diff --git a/src/authz/permissionHelpers.test.ts b/src/authz/permissionHelpers.test.ts
@@ -0,0 +1,120 @@
+import { getGradingPermissions, getPagesAndResourcesPermissions } from './permissionHelpers';
+import { COURSE_PERMISSIONS } from './constants';
+
+describe('permissionHelpers', () => {
+  const courseId = 'course-v1:org+course+run';
+
+  describe('getGradingPermissions', () => {
+    it('returns correct permission structure with VIEW action', () => {
+      const result = getGradingPermissions(courseId);
+
+      expect(result.canViewGradingSettings).toBeDefined();
+      expect(result.canViewGradingSettings.action).toBe(COURSE_PERMISSIONS.VIEW_GRADING_SETTINGS);
+      expect(result.canViewGradingSettings.scope).toBe(courseId);
+    });
+
+    it('returns correct permission structure with EDIT action', () => {
+      const result = getGradingPermissions(courseId);
+
+      expect(result.canEditGradingSettings).toBeDefined();
+      expect(result.canEditGradingSettings.action).toBe(COURSE_PERMISSIONS.EDIT_GRADING_SETTINGS);
+      expect(result.canEditGradingSettings.scope).toBe(courseId);
+    });
+
+    it('returns both VIEW and EDIT permissions in single call', () => {
+      const result = getGradingPermissions(courseId);
+
+      const permissions = Object.keys(result);
+      expect(permissions).toContain('canViewGradingSettings');
+      expect(permissions).toContain('canEditGradingSettings');
+    });
+
+    it('uses correct courseId as scope for all permissions', () => {
+      const customCourseId = 'course-v1:custom+org+custom_run';
+      const result = getGradingPermissions(customCourseId);
+
+      expect(result.canViewGradingSettings.scope).toBe(customCourseId);
+      expect(result.canEditGradingSettings.scope).toBe(customCourseId);
+    });
+  });
+
+  describe('getPagesAndResourcesPermissions', () => {
+    it('returns correct permission structure with VIEW action', () => {
+      const result = getPagesAndResourcesPermissions(courseId);
+
+      expect(result.canViewPagesAndResources).toBeDefined();
+      expect(result.canViewPagesAndResources.action).toBe(COURSE_PERMISSIONS.VIEW_PAGES_AND_RESOURCES);
+      expect(result.canViewPagesAndResources.scope).toBe(courseId);
+    });
+
+    it('returns correct permission structure with EDIT action', () => {
+      const result = getPagesAndResourcesPermissions(courseId);
+
+      expect(result.canEditPagesAndResources).toBeDefined();
+      expect(result.canEditPagesAndResources.action).toBe(COURSE_PERMISSIONS.EDIT_PAGES_AND_RESOURCES);
+      expect(result.canEditPagesAndResources.scope).toBe(courseId);
+    });
+
+    it('returns both VIEW and EDIT permissions in single call', () => {
+      const result = getPagesAndResourcesPermissions(courseId);
+
+      const permissions = Object.keys(result);
+      expect(permissions).toContain('canViewPagesAndResources');
+      expect(permissions).toContain('canEditPagesAndResources');
+    });
+
+    it('uses correct courseId as scope for all permissions', () => {
+      const customCourseId = 'course-v1:another+test+course';
+      const result = getPagesAndResourcesPermissions(customCourseId);
+
+      expect(result.canViewPagesAndResources.scope).toBe(customCourseId);
+      expect(result.canEditPagesAndResources.scope).toBe(customCourseId);
+    });
+  });
+
+  describe('permission constants verification', () => {
+    it('uses correct VIEW_GRADING_SETTINGS constant', () => {
+      const result = getGradingPermissions(courseId);
+      expect(result.canViewGradingSettings.action).toBe('courses.view_grading_settings');
+    });
+
+    it('uses correct EDIT_GRADING_SETTINGS constant', () => {
+      const result = getGradingPermissions(courseId);
+      expect(result.canEditGradingSettings.action).toBe('courses.edit_grading_settings');
+    });
+
+    it('uses correct VIEW_PAGES_AND_RESOURCES constant', () => {
+      const result = getPagesAndResourcesPermissions(courseId);
+      expect(result.canViewPagesAndResources.action).toBe('courses.view_pages_and_resources');
+    });
+
+    it('uses correct EDIT_PAGES_AND_RESOURCES constant', () => {
+      const result = getPagesAndResourcesPermissions(courseId);
+      expect(result.canEditPagesAndResources.action).toBe('courses.manage_pages_and_resources');
+    });
+  });
+
+  describe('edge cases', () => {
+    it('handles empty courseId', () => {
+      const result = getGradingPermissions('');
+
+      expect(result.canViewGradingSettings.scope).toBe('');
+      expect(result.canEditGradingSettings.scope).toBe('');
+    });
+
+    it('handles special characters in courseId', () => {
+      const specialCourseId = 'course-v1:test+special:id';
+      const result = getPagesAndResourcesPermissions(specialCourseId);
+
+      expect(result.canViewPagesAndResources.scope).toBe(specialCourseId);
+    });
+
+    it('returns consistent structure across multiple calls', () => {
+      const result1 = getGradingPermissions(courseId);
+      const result2 = getGradingPermissions(courseId);
+
+      expect(Object.keys(result1)).toEqual(Object.keys(result2));
+      expect(result1.canViewGradingSettings.action).toBe(result2.canViewGradingSettings.action);
+    });
+  });
+});
diff --git a/src/pages-and-resources/PagesAndResources.test.tsx b/src/pages-and-resources/PagesAndResources.test.tsx
@@ -8,8 +8,16 @@ import {
 import { getConfig, setConfig } from '@edx/frontend-platform';
 import { PLUGIN_OPERATIONS, DIRECT_PLUGIN } from '@openedx/frontend-plugin-framework';
 import { CourseAuthoringProvider } from '@src/CourseAuthoringContext';
+import { mockWaffleFlags } from '@src/data/apiHooks.mock';
+import { useCourseUserPermissions } from '@src/authz/hooks';
 import { PagesAndResources } from '.';
 
+// Mock authz hooks
+jest.mock('@src/authz/hooks', () => ({
+  ...jest.requireActual('@src/authz/hooks'),
+  useCourseUserPermissions: jest.fn(),
+}));
+
 const mockPlugin = (identifier) => ({
   plugins: [
     {
@@ -45,8 +53,30 @@ describe('PagesAndResources', () => {
         ),
       },
     });
+
+    // Set up waffle flags to disable authz by default
+    mockWaffleFlags({ enableAuthzCourseAuthoring: false });
+
+    // Default: authz disabled allows everything
+    jest.mocked(useCourseUserPermissions).mockReturnValue({
+      isLoading: false,
+      isAuthzEnabled: false,
+      canViewPagesAndResources: true,
+      canEditPagesAndResources: true,
+    } as ReturnType<typeof useCourseUserPermissions>);
   });
 
+  // Helper to set up permission mocks
+  const mockPermissions = (canView: boolean, canEdit: boolean) => {
+    mockWaffleFlags({ enableAuthzCourseAuthoring: true });
+    jest.mocked(useCourseUserPermissions).mockReturnValue({
+      isLoading: false,
+      isAuthzEnabled: true,
+      canViewPagesAndResources: canView,
+      canEditPagesAndResources: canEdit,
+    } as ReturnType<typeof useCourseUserPermissions>);
+  };
+
   it('doesn\'t show content permissions section if relevant apps are not enabled', async () => {
     const initialState = {
       models: {
@@ -128,4 +158,60 @@ describe('PagesAndResources', () => {
     await waitFor(() => expect(screen.queryByTestId('additional_course_plugin')).toBeInTheDocument());
     await waitFor(() => expect(screen.queryByTestId('additional_course_content_plugin')).toBeInTheDocument());
   });
+
+  describe('permission integration', () => {
+    it('shows PermissionDeniedAlert when user has no VIEW or EDIT permissions', async () => {
+      mockPermissions(false, false);
+
+      const initialState = {
+        models: {
+          courseApps: {},
+        },
+        pagesAndResources: {
+          courseAppIds: [],
+        },
+      };
+
+      initializeMocks({ initialState });
+      renderComponent();
+
+      await waitFor(() => expect(screen.getByTestId('permissionDeniedAlert')).toBeInTheDocument());
+    });
+
+    it('does NOT show PermissionDeniedAlert when user has VIEW permission', async () => {
+      mockPermissions(true, false);
+
+      const initialState = {
+        models: {
+          courseApps: {},
+        },
+        pagesAndResources: {
+          courseAppIds: [],
+        },
+      };
+
+      initializeMocks({ initialState });
+      renderComponent();
+
+      await waitFor(() => expect(screen.queryByTestId('permissionDeniedAlert')).not.toBeInTheDocument());
+    });
+
+    it('does NOT show PermissionDeniedAlert when user has EDIT permission', async () => {
+      mockPermissions(true, true);
+
+      const initialState = {
+        models: {
+          courseApps: {},
+        },
+        pagesAndResources: {
+          courseAppIds: [],
+        },
+      };
+
+      initializeMocks({ initialState });
+      renderComponent();
+
+      await waitFor(() => expect(screen.queryByTestId('permissionDeniedAlert')).not.toBeInTheDocument());
+    });
+  });
 });
diff --git a/src/pages-and-resources/discussions/app-list/AppCard.test.jsx b/src/pages-and-resources/discussions/app-list/AppCard.test.jsx
@@ -3,10 +3,12 @@ import {
   queryByLabelText,
   queryByTestId,
   initializeMocks,
+  fireEvent,
 } from '@src/testUtils';
 import { executeThunk } from '@src/utils';
 
 import { CourseAuthoringProvider } from '@src/CourseAuthoringContext';
+import PagesAndResourcesProvider from '../../PagesAndResourcesProvider';
 import AppCard from './AppCard';
 import messages from './messages';
 import appMessages from '../app-config-form/messages';
@@ -38,15 +40,17 @@ describe('AppCard', () => {
     await executeThunk(fetchProviders(courseId), store.dispatch);
   };
 
-  const createComponent = (data) => {
+  const createComponent = (data, { isEditable = false } = {}) => {
     const wrapper = render(
       <CourseAuthoringProvider courseId={courseId}>
-        <AppCard
-          app={data}
-          onClick={() => jest.fn()}
-          selected={selected}
-          features={[]}
-        />
+        <PagesAndResourcesProvider courseId={courseId} isEditable={isEditable}>
+          <AppCard
+            app={data}
+            onClick={() => jest.fn()}
+            selected={selected}
+            features={[]}
+          />
+        </PagesAndResourcesProvider>
       </CourseAuthoringProvider>,
     );
     container = wrapper.container;
@@ -96,4 +100,52 @@ describe('AppCard', () => {
 
     expect(queryByTestId(container, 'card-subtitle')).toHaveTextContent(subtitle);
   });
+
+  describe('isEditable integration', () => {
+    test('card responds to click when isEditable=true', async () => {
+      const handleClick = jest.fn();
+      await mockStore(legacyApiResponse);
+
+      const wrapper = render(
+        <CourseAuthoringProvider courseId={courseId}>
+          <PagesAndResourcesProvider courseId={courseId} isEditable>
+            <AppCard
+              app={app}
+              onClick={handleClick}
+              selected={false}
+              features={[]}
+            />
+          </PagesAndResourcesProvider>
+        </CourseAuthoringProvider>,
+      );
+      const card = wrapper.container.querySelector('[role="radio"]');
+
+      fireEvent.click(card);
+
+      expect(handleClick).toHaveBeenCalledWith(app.id);
+    });
+
+    test('card does NOT respond to click when isEditable=false', async () => {
+      const handleClick = jest.fn();
+      await mockStore(legacyApiResponse);
+
+      const wrapper = render(
+        <CourseAuthoringProvider courseId={courseId}>
+          <PagesAndResourcesProvider courseId={courseId} isEditable={false}>
+            <AppCard
+              app={app}
+              onClick={handleClick}
+              selected={false}
+              features={[]}
+            />
+          </PagesAndResourcesProvider>
+        </CourseAuthoringProvider>,
+      );
+      const card = wrapper.container.querySelector('[role="radio"]');
+
+      fireEvent.click(card);
+
+      expect(handleClick).not.toHaveBeenCalled();
+    });
+  });
 });
