From 62b7e3b3e2d4959fe30cb54d073a72b6810b1c06 Mon Sep 17 00:00:00 2001
From: guillermo <guillermo@verdnatura.es>
Date: Wed, 18 Dec 2024 09:02:31 +0100
Subject: [PATCH] feat: refs #8239 Added tests

---
 .../spec/checkColumnPermission.spec.js        | 74 +++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 loopback/common/methods/application/spec/checkColumnPermission.spec.js

diff --git a/loopback/common/methods/application/spec/checkColumnPermission.spec.js b/loopback/common/methods/application/spec/checkColumnPermission.spec.js
new file mode 100644
index 000000000..2987d059b
--- /dev/null
+++ b/loopback/common/methods/application/spec/checkColumnPermission.spec.js
@@ -0,0 +1,74 @@
+const {models} = require('vn-loopback/server/server');
+const UserError = require('vn-loopback/util/user-error');
+
+describe('Application checkColumnPermission()', () => {
+    let tx;
+    let options;
+    beforeEach(async() => {
+        tx = await models.Application.beginTransaction({});
+        options = {transaction: tx};
+
+        await models.Application.rawSql(`
+            CREATE TABLE vn.testTable (
+                testColumn VARCHAR(255)
+            ) ENGINE=InnoDB;
+        `, null, options);
+
+        const user = await models.VnUser.findById(1, null, options);
+        await user.updateAttributes({
+            roleFk: 1,
+        }, options);
+
+        await models.Application.rawSql(`
+            GRANT UPDATE (testColumn) ON vn.testTable TO employee;
+        `, null, options);
+    });
+
+    afterEach(async() => {
+        await models.Application.rawSql(`
+            DROP TABLE vn.testTable;
+        `); // Non-transactional DDL operations
+        await tx.rollback();
+    });
+
+    it('should pass if the user has the required permission', async() => {
+        const response = await models.Application.checkColumnPermission(
+            'vn',
+            'testTable',
+            'testColumn',
+            'UPDATE',
+            1
+        );
+
+        expect(response).toBeUndefined();
+    });
+
+    it('should throw an error if the user lacks permission', async() => {
+        try {
+            const result = await models.Application.checkColumnPermission(
+                'vn',
+                'testTable',
+                'testColumn',
+                'INSERT',
+                1
+            );
+
+            expect(result).toBeUndefined();
+        } catch (err) {
+            expect(err).toBeInstanceOf(UserError);
+            expect(err.message).toBeDefined();
+        }
+    });
+
+    it('should not throw an error if the user does not exist', async() => {
+        const response = await models.Application.checkColumnPermission(
+            'vn',
+            'testTable',
+            'testColumn',
+            'UPDATE',
+            999999 // Non-existent user
+        );
+
+        expect(response).toBeUndefined();
+    });
+});