58 lines
2.0 KiB
TypeScript
58 lines
2.0 KiB
TypeScript
import { describe, it, expect, vi } from "vitest";
|
|
import { hasPermission, canAccessUserManagement } from "../auth-helpers.server";
|
|
import { AUTH_LEVELS } from "~/types/auth";
|
|
|
|
// Mock the database
|
|
vi.mock("../db.server", () => ({
|
|
prisma: {
|
|
user: {
|
|
findFirst: vi.fn(),
|
|
findUnique: vi.fn(),
|
|
create: vi.fn(),
|
|
count: vi.fn(),
|
|
},
|
|
},
|
|
}));
|
|
|
|
// Mock auth.server to avoid session secret requirement
|
|
vi.mock("../auth.server", () => ({
|
|
hashPassword: vi.fn(),
|
|
verifyPassword: vi.fn(),
|
|
createUserSession: vi.fn(),
|
|
getUserSession: vi.fn(),
|
|
getUserId: vi.fn(),
|
|
requireUserId: vi.fn(),
|
|
getUser: vi.fn(),
|
|
requireUser: vi.fn(),
|
|
logout: vi.fn(),
|
|
}));
|
|
|
|
describe("Authentication System", () => {
|
|
|
|
describe("Authorization Helpers", () => {
|
|
it("should check permissions correctly", () => {
|
|
// Superadmin should have access to everything
|
|
expect(hasPermission(AUTH_LEVELS.SUPERADMIN, AUTH_LEVELS.SUPERADMIN)).toBe(true);
|
|
expect(hasPermission(AUTH_LEVELS.SUPERADMIN, AUTH_LEVELS.ADMIN)).toBe(true);
|
|
expect(hasPermission(AUTH_LEVELS.SUPERADMIN, AUTH_LEVELS.USER)).toBe(true);
|
|
|
|
// Admin should have access to admin and user levels
|
|
expect(hasPermission(AUTH_LEVELS.ADMIN, AUTH_LEVELS.SUPERADMIN)).toBe(false);
|
|
expect(hasPermission(AUTH_LEVELS.ADMIN, AUTH_LEVELS.ADMIN)).toBe(true);
|
|
expect(hasPermission(AUTH_LEVELS.ADMIN, AUTH_LEVELS.USER)).toBe(true);
|
|
|
|
// User should only have access to user level
|
|
expect(hasPermission(AUTH_LEVELS.USER, AUTH_LEVELS.SUPERADMIN)).toBe(false);
|
|
expect(hasPermission(AUTH_LEVELS.USER, AUTH_LEVELS.ADMIN)).toBe(false);
|
|
expect(hasPermission(AUTH_LEVELS.USER, AUTH_LEVELS.USER)).toBe(true);
|
|
});
|
|
|
|
it("should check user management access correctly", () => {
|
|
expect(canAccessUserManagement(AUTH_LEVELS.SUPERADMIN)).toBe(true);
|
|
expect(canAccessUserManagement(AUTH_LEVELS.ADMIN)).toBe(true);
|
|
expect(canAccessUserManagement(AUTH_LEVELS.USER)).toBe(false);
|
|
});
|
|
});
|
|
|
|
|
|
}); |