import { test, expect } from "bun:test"; import { canRead, canWrite, defaultGrant, grantRead } from "../src/access"; test("public docs are readable by anyone, even anonymous", () => { const g = defaultGrant("public", "alice"); expect(canRead(g, null)).toBe(true); expect(canRead(g, "bob")).toBe(true); }); test("protected docs: owner + explicitly granted principals only", () => { let g = defaultGrant("protected", "alice"); expect(canRead(g, "alice")).toBe(true); expect(canRead(g, "bob")).toBe(false); g = grantRead(g, "bob"); // e.g. bob becomes a connection of alice expect(canRead(g, "bob")).toBe(true); }); test("private docs: owner only", () => { const g = defaultGrant("private", "alice"); expect(canRead(g, "alice")).toBe(true); expect(canRead(g, "bob")).toBe(false); expect(canRead(g, null)).toBe(false); }); test("write is restricted to the write grant", () => { const g = defaultGrant("public", "alice"); expect(canWrite(g, "alice")).toBe(true); expect(canWrite(g, "bob")).toBe(false); expect(canWrite(g, null)).toBe(false); });