test: add security exceptions functional test

[Mohamed-Hacene]

Summary by CodeRabbit

• Bug Fixes

  • Enhanced localization for clarity by updating message text in English and French (e.g., pluralizing "Owner" to "Owners" and refining security exception terminology).

• New Features

  • Upgraded the security exception form with updated labeling, refined approver selection criteria, a nullable option, and added help text for improved usability.
  • Introduced a new test step for creating security exceptions, enhancing test coverage for this functionality.
  • Added new permissions related to security exceptions for various user roles, expanding user management capabilities.

[coderabbitai]

Walkthrough

This pull request updates localization files to correct pluralization and add a security prefix for exception-related terms in English and French. It adjusts the conditional date formatting logic to include the expiration_date field in a detail view component and refines the security exception form by updating labels, query parameters, and adding properties like nullability and help text. Additionally, the test suites and utilities are enhanced with new steps and definitions for creating and managing security exceptions.

Changes

Files	Change Summary
frontend/messages/en.json, frontend/messages/fr.json	Updated localization strings: pluralized "Owner" to "Owners" and prefixed exception terms with "Security" (English) / "de sécurité" (French) for clarity.
frontend/src/lib/components/DetailView/DetailView.svelte	Modified conditional rendering logic to include the expiration_date key for ISO 8601 date formatting.
frontend/src/lib/components/Forms/ModelForm/SecurityExceptionForm.svelte	Updated labels in the Security Exception Form: changed "owner" to "owners", updated the approver field’s API query parameter, and added nullable and helpText properties for enhanced UX.
frontend/tests/functional/user-route.test.ts, frontend/tests/utils/form-content.ts, frontend/tests/utils/test-data.ts, frontend/tests/utils/test-utils.ts	Added a test step for creating security exceptions, updated utility logic for form field value extraction, introduced new test data with security exception permissions, and added a new page definition (securityExceptionsPage) to support security exception management in tests.

Possibly related PRs

• docs: exceptions management spec #1428: Modifies localization strings and manages security exceptions, aligning with the changes in exception terminology.
• feat: security exceptions #1486: Introduces a new SecurityException model with ownership fields, which correlates with the updated localization and form modifications in this PR.

Suggested labels

data-model, perf

Suggested reviewers

• eric-intuitem
• ab-smith
• nas-tabchiche

Poem

I'm a rabbit skipping through the code,
Hopping on changes in every mode,
Localization sings with a plural beat,
Security exceptions now look neat,
With tests and forms in flawless array,
I nibble on success at the end of the day! 🐰

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

frontend/tests/utils/test-utils.ts (1)

603-620: Consider using more realistic test dates.

The implementation follows the established pattern, but the expiration dates are set to year 2100, which might not effectively test date-related edge cases or realistic scenarios.

Consider using dates closer to the present, similar to other test cases in the codebase. For example:

-					expiration_date: '2100-01-01',
+					expiration_date: '2025-01-01',
-					expiration_date: '2100-12-31'
+					expiration_date: '2025-12-31'

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 554deae and 497ad30.

📒 Files selected for processing (8)

• frontend/messages/en.json (2 hunks)
• frontend/messages/fr.json (1 hunks)
• frontend/src/lib/components/DetailView/DetailView.svelte (1 hunks)
• frontend/src/lib/components/Forms/ModelForm/SecurityExceptionForm.svelte (1 hunks)
• frontend/tests/functional/user-route.test.ts (1 hunks)
• frontend/tests/utils/form-content.ts (1 hunks)
• frontend/tests/utils/test-data.ts (10 hunks)
• frontend/tests/utils/test-utils.ts (5 hunks)

✅ Files skipped from review due to trivial changes (2)

• frontend/messages/fr.json
• frontend/messages/en.json

🧰 Additional context used

🧠 Learnings (1)

frontend/src/lib/components/Forms/ModelForm/SecurityExceptionForm.svelte (1)

Learnt from: nas-tabchiche
PR: intuitem/ciso-assistant-community#1486
File: frontend/src/lib/components/Forms/ModelForm/SecurityExceptionForm.svelte:0-0
Timestamp: 2025-02-13T11:07:39.687Z
Learning: Form validation constraints for components should be defined in zod schemas located in `$lib/schemas.ts` rather than directly in the form components.

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: enterprise-startup-docker-compose-test
• GitHub Check: startup-functional-test (3.12)
• GitHub Check: enterprise-startup-functional-test (3.12)
• GitHub Check: functional-tests (3.12, chromium)
• GitHub Check: startup-docker-compose-test
• GitHub Check: enterprise-functional-tests (3.12, chromium)

🔇 Additional comments (12)

frontend/src/lib/components/Forms/ModelForm/SecurityExceptionForm.svelte (2)

43-43: LGTM! Label updated to reflect plural form.

The label change from m.owner() to m.owners() correctly reflects that multiple owners can be selected.

---

47-54: LGTM! Approver field enhancements improve UX.

The changes to the approver field are well-thought-out:

1. The query now correctly filters for users with approver permissions
2. Making the field nullable allows for draft states
3. Added help text improves user understanding

frontend/tests/utils/form-content.ts (1)

79-83: LGTM! Simplified value access pattern.

The removal of .value property access simplifies the code and makes it more maintainable.

frontend/tests/utils/test-data.ts (5)

14-14: LGTM! Added test data for security exceptions.

The securityExceptionName follows the consistent naming pattern used for other test data.

---

41-41: LGTM! Analyst role permissions are appropriate.

The analyst role receives full CRUD permissions for security exceptions, which is appropriate for their role.

Also applies to: 58-59, 74-75, 100-101

---

132-133: LGTM! Reader role has appropriate limited access.

The reader role only receives view permissions, which is appropriate for their role.

---

140-141: LGTM! Domain manager permissions are appropriate.

The domain manager role receives full CRUD permissions, which is appropriate for their management role.

Also applies to: 156-157, 175-176

---

246-247: LGTM! Approver role has view-only access.

The approver role appropriately receives only view permissions for security exceptions.

frontend/tests/functional/user-route.test.ts (1)

120-135: LGTM! Comprehensive test coverage for security exception creation.

The test step:

1. Properly validates navigation
2. Tests creation with all required fields
3. Uses realistic test data
4. Follows the established pattern of other test steps

frontend/src/lib/components/DetailView/DetailView.svelte (1)

330-330: LGTM!

The addition of expiration_date to the list of date fields is consistent with the broader context of security exception management and ensures proper date formatting.

frontend/tests/utils/test-utils.ts (2)

33-33: LGTM!

The addition of securityExceptionsPage to the Fixtures type is consistent with the type definitions of other pages.

---

252-263: LGTM!

The implementation of securityExceptionsPage follows the established pattern and includes all necessary form fields for security exceptions.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

frontend/tests/utils/test-utils.ts (1)

604-623: Consider using more realistic test dates.

The implementation is well-structured, but the expiration dates (2100-01-01 and 2100-12-31) are set too far in the future. Consider using dates that are closer to the present to better test date-related edge cases and validations.

-					expiration_date: '2100-01-01',
+					expiration_date: '2025-01-01',
-					expiration_date: '2100-12-31'
+					expiration_date: '2025-12-31'

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 497ad30 and 13ac4c0.

📒 Files selected for processing (2)

• frontend/tests/utils/form-content.ts (2 hunks)
• frontend/tests/utils/test-utils.ts (5 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• frontend/tests/utils/form-content.ts

🔇 Additional comments (3)

frontend/tests/utils/test-utils.ts (3)

33-33: LGTM!

The type definition for securityExceptionsPage follows the established pattern and maintains consistency with other page types.

---

70-70: LGTM!

The fixture registration maintains alphabetical ordering and follows the established pattern.

Also applies to: 90-90

---

252-264: LGTM!

The fixture implementation is well-structured with appropriate form fields and types. The path and display name are consistent with the feature's purpose.