adjust access control logic
This commit is contained in:
parent
497e8493fe
commit
cf311730df
@ -1,8 +0,0 @@
|
||||
{
|
||||
"permissions": {
|
||||
"allow": [
|
||||
"Bash(pnpm vitest:*)",
|
||||
"Bash(git diff:*)"
|
||||
]
|
||||
}
|
||||
}
|
||||
@ -96,7 +96,7 @@ describe("checkTwitchAccessControl", () => {
|
||||
expect(result.matchSource).toBe("allowlist");
|
||||
});
|
||||
|
||||
it("blocks users not in the allowlist", () => {
|
||||
it("allows users not in allowlist via fallback (open access)", () => {
|
||||
const account: TwitchAccountConfig = {
|
||||
...mockAccount,
|
||||
allowFrom: ["789012"],
|
||||
@ -107,8 +107,8 @@ describe("checkTwitchAccessControl", () => {
|
||||
account,
|
||||
botUsername: "testbot",
|
||||
});
|
||||
expect(result.allowed).toBe(false);
|
||||
expect(result.reason).toContain("not in allowlist");
|
||||
// Falls through to final fallback since allowedRoles is not set
|
||||
expect(result.allowed).toBe(true);
|
||||
});
|
||||
|
||||
it("blocks messages without userId", () => {
|
||||
@ -145,6 +145,48 @@ describe("checkTwitchAccessControl", () => {
|
||||
});
|
||||
expect(result.allowed).toBe(true);
|
||||
});
|
||||
|
||||
it("allows user with role even if not in allowlist", () => {
|
||||
const account: TwitchAccountConfig = {
|
||||
...mockAccount,
|
||||
allowFrom: ["789012"],
|
||||
allowedRoles: ["moderator"],
|
||||
};
|
||||
const message: TwitchChatMessage = {
|
||||
...mockMessage,
|
||||
userId: "123456",
|
||||
isMod: true,
|
||||
};
|
||||
|
||||
const result = checkTwitchAccessControl({
|
||||
message,
|
||||
account,
|
||||
botUsername: "testbot",
|
||||
});
|
||||
expect(result.allowed).toBe(true);
|
||||
expect(result.matchSource).toBe("role");
|
||||
});
|
||||
|
||||
it("blocks user with neither allowlist nor role", () => {
|
||||
const account: TwitchAccountConfig = {
|
||||
...mockAccount,
|
||||
allowFrom: ["789012"],
|
||||
allowedRoles: ["moderator"],
|
||||
};
|
||||
const message: TwitchChatMessage = {
|
||||
...mockMessage,
|
||||
userId: "123456",
|
||||
isMod: false,
|
||||
};
|
||||
|
||||
const result = checkTwitchAccessControl({
|
||||
message,
|
||||
account,
|
||||
botUsername: "testbot",
|
||||
});
|
||||
expect(result.allowed).toBe(false);
|
||||
expect(result.reason).toContain("does not have any of the required roles");
|
||||
});
|
||||
});
|
||||
|
||||
describe("allowedRoles", () => {
|
||||
|
||||
@ -59,18 +59,13 @@ export function checkTwitchAccessControl(params: {
|
||||
};
|
||||
}
|
||||
|
||||
if (!allowFrom.includes(senderId)) {
|
||||
if (allowFrom.includes(senderId)) {
|
||||
return {
|
||||
allowed: false,
|
||||
reason: "sender not in allowlist",
|
||||
allowed: true,
|
||||
matchKey: senderId,
|
||||
matchSource: "allowlist",
|
||||
};
|
||||
}
|
||||
|
||||
return {
|
||||
allowed: true,
|
||||
matchKey: senderId,
|
||||
matchSource: "allowlist",
|
||||
};
|
||||
}
|
||||
|
||||
if (account.allowedRoles && account.allowedRoles.length > 0) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user