Skip to content

Comments

CHI-3566: Add contactField permission tests and fix default-allow behavior#3912

Closed
Copilot wants to merge 2 commits intoCHI-3566-contact_field_view_permissionsfrom
copilot/sub-pr-3901
Closed

CHI-3566: Add contactField permission tests and fix default-allow behavior#3912
Copilot wants to merge 2 commits intoCHI-3566-contact_field_view_permissionsfrom
copilot/sub-pr-3901

Conversation

Copy link
Contributor

Copilot AI commented Feb 16, 2026
edited
Loading

Description

Adds comprehensive test coverage for contactField permissions and fixes the permission logic to implement default-allow for unspecified fields.

Key Changes:

  • Test Coverage: Added 28 tests covering all contactField permission edge cases:

    • Fields not mentioned in any field condition → allowed by default
    • Condition sets without field conditions → apply to all fields
    • Multiple field conditions in same set → always false, overridable by other sets
    • Time-based conditions, owner/supervisor checks with field restrictions

  • Permission Logic Fix: Modified contactField case in rules.ts:

    • Check if field is mentioned in any field condition before applying restrictions
    • Return true (allow) for fields not explicitly restricted
    • Apply time-based conditions using contact.createdAt instead of non-existent target.createdAt

Example Behavior:

// Rules: [['isOwner', { field: 'rawJson.caseInformation.callSummary' }]]
can('editContactField', { contact, field: 'rawJson.caseInformation.callSummary' }) 
  // → checks isOwner condition
can('editContactField', { contact, field: 'rawJson.caseInformation.categories' }) 
  // → true (field not mentioned, allowed by default)

Checklist

  • Corresponding issue has been opened
  • New tests added
  • Feature flags added
  • Strings are localized
  • Tested for chat contacts
  • Tested for call contacts

Other Related Issues

None

Verification steps

Run the test suite:

cd plugin-hrm-form && npm test -- rules.test.ts

All 293 tests should pass, including the new contactField permission tests.

AFTER YOU MERGE

  1. Cut a release tag using the Github workflow. Wait for it to complete and notify in the #aselo-deploys Slack channel.
  2. Comment on the ticket with the release tag version AND any additional instructions required to configure an environment to test the changes.
  3. Only then move the ticket into the QA column in JIRA

You are responsible for ensuring the above steps are completed. If you move a ticket into QA without advising what version to test, the QA team will assume the latest tag has the changes. If it does not, the following confusion is on you! :-P

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Feb 16, 2026
Open
6 tasks
@stephenhand
Add contactField permission tests and fix permission logic
1d9347b 
Co-authored-by: stephenhand <1694716+stephenhand@users.noreply.github.com>
Copilot AI changed the title [WIP] Add contact field permission support CHI-3566: Add contactField permission tests and fix default-allow behavior Feb 16, 2026
Copilot AI requested a review from stephenhand February 16, 2026 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stephenhand stephenhand Awaiting requested review from stephenhand

Assignees

@stephenhand stephenhand

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@stephenhand