1package permission
 2
 3import (
 4	"testing"
 5)
 6
 7func TestPermissionService_AllowedCommands(t *testing.T) {
 8	tests := []struct {
 9		name         string
10		allowedTools []string
11		toolName     string
12		action       string
13		expected     bool
14	}{
15		{
16			name:         "tool in allowlist",
17			allowedTools: []string{"bash", "view"},
18			toolName:     "bash",
19			action:       "execute",
20			expected:     true,
21		},
22		{
23			name:         "tool:action in allowlist",
24			allowedTools: []string{"bash:execute", "edit:create"},
25			toolName:     "bash",
26			action:       "execute",
27			expected:     true,
28		},
29		{
30			name:         "tool not in allowlist",
31			allowedTools: []string{"view", "ls"},
32			toolName:     "bash",
33			action:       "execute",
34			expected:     false,
35		},
36		{
37			name:         "tool:action not in allowlist",
38			allowedTools: []string{"bash:read", "edit:create"},
39			toolName:     "bash",
40			action:       "execute",
41			expected:     false,
42		},
43		{
44			name:         "empty allowlist",
45			allowedTools: []string{},
46			toolName:     "bash",
47			action:       "execute",
48			expected:     false,
49		},
50	}
51
52	for _, tt := range tests {
53		t.Run(tt.name, func(t *testing.T) {
54			service := NewPermissionService("/tmp", false, tt.allowedTools)
55
56			// Create a channel to capture the permission request
57			// Since we're testing the allowlist logic, we need to simulate the request
58			ps := service.(*permissionService)
59
60			// Test the allowlist logic directly
61			commandKey := tt.toolName + ":" + tt.action
62			allowed := false
63			for _, cmd := range ps.allowedTools {
64				if cmd == commandKey || cmd == tt.toolName {
65					allowed = true
66					break
67				}
68			}
69
70			if allowed != tt.expected {
71				t.Errorf("expected %v, got %v for tool %s action %s with allowlist %v",
72					tt.expected, allowed, tt.toolName, tt.action, tt.allowedTools)
73			}
74		})
75	}
76}
77
78func TestPermissionService_SkipMode(t *testing.T) {
79	service := NewPermissionService("/tmp", true, []string{})
80
81	result := service.Request(CreatePermissionRequest{
82		SessionID:   "test-session",
83		ToolName:    "bash",
84		Action:      "execute",
85		Description: "test command",
86		Path:        "/tmp",
87	})
88
89	if !result {
90		t.Error("expected permission to be granted in skip mode")
91	}
92}