107 lines
3.8 KiB
TypeScript
107 lines
3.8 KiB
TypeScript
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
import { checkPermission, createUnauthorizedResponse } from "../auth-middleware.server";
|
|
import { AUTH_LEVELS, USER_STATUS } from "~/types/auth";
|
|
import type { SafeUser } from "~/types/auth";
|
|
|
|
// Mock user data for testing permissions
|
|
const mockSuperAdmin: SafeUser = {
|
|
id: 1,
|
|
name: "Super Admin",
|
|
username: "superadmin",
|
|
email: "super@example.com",
|
|
status: USER_STATUS.ACTIVE,
|
|
authLevel: AUTH_LEVELS.SUPERADMIN,
|
|
createdDate: new Date(),
|
|
editDate: new Date(),
|
|
};
|
|
|
|
const mockAdmin: SafeUser = {
|
|
id: 2,
|
|
name: "Admin User",
|
|
username: "admin",
|
|
email: "admin@example.com",
|
|
status: USER_STATUS.ACTIVE,
|
|
authLevel: AUTH_LEVELS.ADMIN,
|
|
createdDate: new Date(),
|
|
editDate: new Date(),
|
|
};
|
|
|
|
const mockUser: SafeUser = {
|
|
id: 3,
|
|
name: "Regular User",
|
|
username: "user",
|
|
email: "user@example.com",
|
|
status: USER_STATUS.ACTIVE,
|
|
authLevel: AUTH_LEVELS.USER,
|
|
createdDate: new Date(),
|
|
editDate: new Date(),
|
|
};
|
|
|
|
describe("Route Protection Integration Tests", () => {
|
|
describe("checkPermission", () => {
|
|
it("should correctly check view_all_users permission", () => {
|
|
expect(checkPermission(mockSuperAdmin, "view_all_users")).toBe(true);
|
|
expect(checkPermission(mockAdmin, "view_all_users")).toBe(false);
|
|
expect(checkPermission(mockUser, "view_all_users")).toBe(false);
|
|
});
|
|
|
|
it("should correctly check create_users permission", () => {
|
|
expect(checkPermission(mockSuperAdmin, "create_users")).toBe(true);
|
|
expect(checkPermission(mockAdmin, "create_users")).toBe(true);
|
|
expect(checkPermission(mockUser, "create_users")).toBe(false);
|
|
});
|
|
|
|
it("should correctly check manage_finances permission", () => {
|
|
expect(checkPermission(mockSuperAdmin, "manage_finances")).toBe(true);
|
|
expect(checkPermission(mockAdmin, "manage_finances")).toBe(true);
|
|
expect(checkPermission(mockUser, "manage_finances")).toBe(false);
|
|
});
|
|
|
|
it("should correctly check view_reports permission", () => {
|
|
expect(checkPermission(mockSuperAdmin, "view_reports")).toBe(true);
|
|
expect(checkPermission(mockAdmin, "view_reports")).toBe(true);
|
|
expect(checkPermission(mockUser, "view_reports")).toBe(false);
|
|
});
|
|
|
|
it("should return false for unknown permission", () => {
|
|
expect(checkPermission(mockUser, "unknown_permission" as any)).toBe(false);
|
|
expect(checkPermission(mockAdmin, "unknown_permission" as any)).toBe(false);
|
|
expect(checkPermission(mockSuperAdmin, "unknown_permission" as any)).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("createUnauthorizedResponse", () => {
|
|
it("should create response with default message", () => {
|
|
const response = createUnauthorizedResponse();
|
|
expect(response.status).toBe(403);
|
|
expect(response.headers.get("Content-Type")).toBe("text/plain; charset=utf-8");
|
|
});
|
|
|
|
it("should create response with custom message", () => {
|
|
const customMessage = "Custom error message";
|
|
const response = createUnauthorizedResponse(customMessage);
|
|
expect(response.status).toBe(403);
|
|
expect(response.headers.get("Content-Type")).toBe("text/plain; charset=utf-8");
|
|
});
|
|
});
|
|
|
|
describe("Auth Level Hierarchy", () => {
|
|
it("should have correct auth level values", () => {
|
|
expect(AUTH_LEVELS.SUPERADMIN).toBe(1);
|
|
expect(AUTH_LEVELS.ADMIN).toBe(2);
|
|
expect(AUTH_LEVELS.USER).toBe(3);
|
|
});
|
|
|
|
it("should enforce correct hierarchy (lower number = higher privilege)", () => {
|
|
expect(AUTH_LEVELS.SUPERADMIN < AUTH_LEVELS.ADMIN).toBe(true);
|
|
expect(AUTH_LEVELS.ADMIN < AUTH_LEVELS.USER).toBe(true);
|
|
});
|
|
});
|
|
|
|
describe("User Status", () => {
|
|
it("should have correct status values", () => {
|
|
expect(USER_STATUS.ACTIVE).toBe("active");
|
|
expect(USER_STATUS.INACTIVE).toBe("inactive");
|
|
});
|
|
});
|
|
}); |