1package permission
 2
 3import (
 4	"testing"
 5)
 6
 7func TestPermissionService_AllowedCommands(t *testing.T) {
 8	tests := []struct {
 9		name            string
10		allowedCommands []string
11		toolName        string
12		action          string
13		expected        bool
14	}{
15		{
16			name:            "tool in allowlist",
17			allowedCommands: []string{"bash", "view"},
18			toolName:        "bash",
19			action:          "execute",
20			expected:        true,
21		},
22		{
23			name:            "tool:action in allowlist",
24			allowedCommands: []string{"bash:execute", "edit:create"},
25			toolName:        "bash",
26			action:          "execute",
27			expected:        true,
28		},
29		{
30			name:            "tool not in allowlist",
31			allowedCommands: []string{"view", "ls"},
32			toolName:        "bash",
33			action:          "execute",
34			expected:        false,
35		},
36		{
37			name:            "tool:action not in allowlist",
38			allowedCommands: []string{"bash:read", "edit:create"},
39			toolName:        "bash",
40			action:          "execute",
41			expected:        false,
42		},
43		{
44			name:            "empty allowlist",
45			allowedCommands: []string{},
46			toolName:        "bash",
47			action:          "execute",
48			expected:        false,
49		},
50	}
51
52	for _, tt := range tests {
53		t.Run(tt.name, func(t *testing.T) {
54			service := NewPermissionService("/tmp", false, tt.allowedCommands)
55
56			// Create a channel to capture the permission request
57			// Since we're testing the allowlist logic, we need to simulate the request
58			ps := service.(*permissionService)
59
60			// Test the allowlist logic directly
61			commandKey := tt.toolName + ":" + tt.action
62			allowed := false
63			for _, cmd := range ps.allowedCommands {
64				if cmd == commandKey || cmd == tt.toolName {
65					allowed = true
66					break
67				}
68			}
69
70			if allowed != tt.expected {
71				t.Errorf("expected %v, got %v for tool %s action %s with allowlist %v",
72					tt.expected, allowed, tt.toolName, tt.action, tt.allowedCommands)
73			}
74		})
75	}
76}
77
78func TestPermissionService_SkipMode(t *testing.T) {
79	service := NewPermissionService("/tmp", true, []string{})
80
81	result := service.Request(CreatePermissionRequest{
82		SessionID:   "test-session",
83		ToolName:    "bash",
84		Action:      "execute",
85		Description: "test command",
86		Path:        "/tmp",
87	})
88
89	if !result {
90		t.Error("expected permission to be granted in skip mode")
91	}
92}