39 lines
2.0 KiB
TypeScript
39 lines
2.0 KiB
TypeScript
import {
|
|
type PrivacyRetentionPolicyFieldKey,
|
|
type RetentionPolicyLimitCarrier,
|
|
privacyRetentionAuditDetailOptionDisabled,
|
|
privacyRetentionLocalAllowsLowerLevel,
|
|
privacyRetentionParentAllowsField
|
|
} from "../src/features/privacy/policyLogic";
|
|
|
|
function assert(condition: unknown, message: string): void {
|
|
if (!condition) throw new Error(message);
|
|
}
|
|
|
|
const field: PrivacyRetentionPolicyFieldKey = "raw_campaign_json_retention_days";
|
|
|
|
const parentPolicy: RetentionPolicyLimitCarrier = {
|
|
allow_lower_level_limits: {
|
|
store_raw_campaign_json: true,
|
|
raw_campaign_json_retention_days: false,
|
|
generated_eml_retention_days: true,
|
|
stored_report_detail_retention_days: true,
|
|
mock_mailbox_retention_days: true,
|
|
audit_detail_retention_days: true,
|
|
audit_detail_level: true
|
|
}
|
|
};
|
|
|
|
const localPatch: RetentionPolicyLimitCarrier = {
|
|
allow_lower_level_limits: { raw_campaign_json_retention_days: true }
|
|
};
|
|
|
|
assert(!privacyRetentionParentAllowsField(parentPolicy, field), "parent lock should disable the local field control");
|
|
assert(!privacyRetentionLocalAllowsLowerLevel(localPatch, parentPolicy, field, false), "local allow=true must not override a parent lock");
|
|
assert(privacyRetentionParentAllowsField(null, field), "missing parent policy should allow local field controls");
|
|
assert(privacyRetentionLocalAllowsLowerLevel({}, null, field, false), "unlocked inherited lower-level controls should remain enabled");
|
|
assert(!privacyRetentionLocalAllowsLowerLevel({ allow_lower_level_limits: { [field]: false } }, null, field, true), "system policy can disable lower-level choices");
|
|
assert(privacyRetentionAuditDetailOptionDisabled("full", "redacted"), "lower levels cannot widen audit detail from redacted to full");
|
|
assert(!privacyRetentionAuditDetailOptionDisabled("minimal", "redacted"), "lower levels can choose stricter audit detail than the parent");
|
|
assert(!privacyRetentionAuditDetailOptionDisabled("full", null), "system-level audit detail options are all viable");
|