shad0w/pelagia-portal
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pelagia-portal/App/tests/unit/permissions.test.ts
Hardik 19029a5a77 chore: restructure repo — flatten App/pelagia-portal to App, rename Prototype→Wireframe and Spec→Design 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 23:18:58 +05:30

113 lines
4 KiB
TypeScript
Raw Blame History

import { describe, it, expect } from "vitest";
import { hasPermission, requirePermission } from "@/lib/permissions";
describe("Permissions", () => {
describe("hasPermission", () => {
// ── Original cases ─────────────────────────────────────────────────────
it("TECHNICAL can create POs", () => {
expect(hasPermission("TECHNICAL", "create_po")).toBe(true);
});
it("TECHNICAL cannot approve POs", () => {
expect(hasPermission("TECHNICAL", "approve_po")).toBe(false);
});
it("MANAGER can approve POs", () => {
expect(hasPermission("MANAGER", "approve_po")).toBe(true);
});
it("MANAGER cannot process payment", () => {
expect(hasPermission("MANAGER", "process_payment")).toBe(false);
});
it("ACCOUNTS can process payment", () => {
expect(hasPermission("ACCOUNTS", "process_payment")).toBe(true);
});
it("SUPERUSER has all operational permissions", () => {
expect(hasPermission("SUPERUSER", "create_po")).toBe(true);
expect(hasPermission("SUPERUSER", "approve_po")).toBe(true);
expect(hasPermission("SUPERUSER", "process_payment")).toBe(true);
expect(hasPermission("SUPERUSER", "confirm_receipt")).toBe(true);
});
it("ADMIN can manage users", () => {
expect(hasPermission("ADMIN", "manage_users")).toBe(true);
});
it("AUDITOR has read-only access", () => {
expect(hasPermission("AUDITOR", "view_all_pos")).toBe(true);
expect(hasPermission("AUDITOR", "approve_po")).toBe(false);
expect(hasPermission("AUDITOR", "create_po")).toBe(false);
});
// ── New permissions: MANAGER and ACCOUNTS expansions ──────────────────
it("MANAGER can create POs", () => {
expect(hasPermission("MANAGER", "create_po")).toBe(true);
});
it("MANAGER can submit POs", () => {
expect(hasPermission("MANAGER", "submit_po")).toBe(true);
});
it("MANAGER can manage vendors", () => {
expect(hasPermission("MANAGER", "manage_vendors")).toBe(true);
});
it("ACCOUNTS can manage vendors", () => {
expect(hasPermission("ACCOUNTS", "manage_vendors")).toBe(true);
});
it("ACCOUNTS cannot create POs", () => {
expect(hasPermission("ACCOUNTS", "create_po")).toBe(false);
});
it("ACCOUNTS cannot approve POs", () => {
expect(hasPermission("ACCOUNTS", "approve_po")).toBe(false);
});
it("TECHNICAL cannot manage vendors", () => {
expect(hasPermission("TECHNICAL", "manage_vendors")).toBe(false);
});
it("MANNING cannot manage vendors", () => {
expect(hasPermission("MANNING", "manage_vendors")).toBe(false);
});
it("AUDITOR cannot create, submit, or approve POs", () => {
expect(hasPermission("AUDITOR", "create_po")).toBe(false);
expect(hasPermission("AUDITOR", "submit_po")).toBe(false);
expect(hasPermission("AUDITOR", "approve_po")).toBe(false);
});
it("AUDITOR cannot manage vendors or products", () => {
expect(hasPermission("AUDITOR", "manage_vendors")).toBe(false);
expect(hasPermission("AUDITOR", "manage_products")).toBe(false);
});
it("ADMIN cannot approve or process payments", () => {
expect(hasPermission("ADMIN", "approve_po")).toBe(false);
expect(hasPermission("ADMIN", "process_payment")).toBe(false);
});
it("SUPERUSER does not have manage_vendors (admin-only permission)", () => {
expect(hasPermission("SUPERUSER", "manage_vendors")).toBe(false);
});
});
describe("requirePermission", () => {
it("does not throw when permission is granted", () => {
expect(() => requirePermission("MANAGER", "approve_po")).not.toThrow();
});
it("throws when permission is denied", () => {
expect(() => requirePermission("TECHNICAL", "approve_po")).toThrow();
});
it("throws with a message containing the role name", () => {
expect(() => requirePermission("ACCOUNTS", "approve_po")).toThrow(/ACCOUNTS/);
});
});
});
Reference in a new issue View git blame Copy permalink