admin/Hermes-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add user-scoped Hermes profile access

Browse Source
This commit is contained in:
ekko
2026-05-23 18:44:53 +08:00
committed by ekko
parent 56e7716302
commit 3f6a25d8f1
54 changed files with 2656 additions and 592 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/server/performance-monitor-controller.test.ts
+18
View File
@@ -37,4 +37,22 @@ describe('performance monitor controller', () => {
expect(ctx.status).toBeUndefined()
expect(ctx.body).toEqual({ timestamp: 0, error: 'boom' })
})
it('requires super admin on the runtime route', async () => {
const { performanceMonitorRoutes } = await import('../../packages/server/src/routes/hermes/performance-monitor')
const layer = performanceMonitorRoutes.stack.find((entry: any) => entry.path === '/api/hermes/performance/runtime')
expect(layer).toBeTruthy()
const deniedCtx: any = { state: { user: { role: 'admin' } }, status: 200, body: null }
const deniedNext = vi.fn(async () => {})
await layer.stack[0](deniedCtx, deniedNext)
expect(deniedCtx.status).toBe(403)
expect(deniedNext).not.toHaveBeenCalled()
const allowedCtx: any = { state: { user: { role: 'super_admin' } }, status: 200, body: null }
const allowedNext = vi.fn(async () => {})
await layer.stack[0](allowedCtx, allowedNext)
expect(allowedNext).toHaveBeenCalledOnce()
})
})