rbac-policy-tester

star 5

Creates comprehensive permission tests ensuring RBAC doesn't regress with test matrices, CI gating, and authorization coverage. Use for "RBAC testing", "permission tests", "authorization testing", or "access control tests".

patricio0312rev By patricio0312rev schedule Updated 12/31/2025
play_arrow Run Skill in Manus View GitHub

name: rbac-policy-tester description: Creates comprehensive permission tests ensuring RBAC doesn't regress with test matrices, CI gating, and authorization coverage. Use for "RBAC testing", "permission tests", "authorization testing", or "access control tests".

RBAC/Policy Tester

Comprehensive testing for role-based access control.

Permission Test Matrix

type Role = 'ADMIN' | 'MANAGER' | 'USER' | 'GUEST';
type Action = 'create' | 'read' | 'update' | 'delete';
type Resource = 'users' | 'orders' | 'reports';

const permissionMatrix: Record<Role, Record<Resource, Action[]>> = {
  ADMIN: {
    users: ['create', 'read', 'update', 'delete'],
    orders: ['create', 'read', 'update', 'delete'],
    reports: ['create', 'read', 'update', 'delete'],
  },
  MANAGER: {
    users: ['read', 'update'],
    orders: ['create', 'read', 'update'],
    reports: ['read', 'update'],
  },
  USER: {
    users: ['read'], // Only own profile
    orders: ['create', 'read'], // Only own orders
    reports: ['read'],
  },
  GUEST: {
    users: [],
    orders: [],
    reports: ['read'],
  },
};

describe('RBAC Tests', () => {
  Object.entries(permissionMatrix).forEach(([role, resources]) => {
    describe(\`Role: \${role}\`, () => {
      Object.entries(resources).forEach(([resource, actions]) => {
        actions.forEach(action => {
          it(\`should allow \${action} on \${resource}\`, async () => {
            const token = generateToken({ role });
            await request(app)
              .post(\`/api/\${resource}/\${action}\`)
              .set('Authorization', \`Bearer \${token}\`)
              .expect(200);
          });
        });

        // Test forbidden actions
        const allActions: Action[] = ['create', 'read', 'update', 'delete'];
        const forbidden = allActions.filter(a => !actions.includes(a));

        forbidden.forEach(action => {
          it(\`should deny \${action} on \${resource}\`, async () => {
            const token = generateToken({ role });
            await request(app)
              .post(\`/api/\${resource}/\${action}\`)
              .set('Authorization', \`Bearer \${token}\`)
              .expect(403);
          });
        });
      });
    });
  });
});

Output Checklist

  • Permission matrix defined
  • Test suite for all roles
  • Positive and negative tests
  • CI gating enabled
  • Coverage monitoring ENDFILE
Install via CLI
npx skills add https://github.com/patricio0312rev/skillset --skill rbac-policy-tester
Repository Details
star Stars 5
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
patricio0312rev
patricio0312rev Explore all skills →