diff --git a/packages/api/src/__tests__/assistant-tools-settings-role-config-admin.test.ts b/packages/api/src/__tests__/assistant-tools-settings-role-config-admin.test.ts new file mode 100644 index 0000000..8024270 --- /dev/null +++ b/packages/api/src/__tests__/assistant-tools-settings-role-config-admin.test.ts @@ -0,0 +1,129 @@ +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; +import { SystemRole } from "@capakraken/shared"; + +import { createToolContext, executeTool } from "./assistant-tools-settings-test-helpers.js"; + +describe("assistant settings tools system role configuration", () => { + beforeEach(() => { + vi.clearAllMocks(); + }); + + afterEach(() => { + vi.unstubAllGlobals(); + vi.unstubAllEnvs(); + }); + + it("lists system role configs for admin users through the real router path", async () => { + const findMany = vi.fn().mockResolvedValue([ + { + role: SystemRole.ADMIN, + label: "Admin", + description: "System administrator", + color: "#000000", + sortOrder: 0, + defaultPermissions: ["users.read"], + }, + ]); + const ctx = createToolContext({ + systemRoleConfig: { + findMany, + }, + }); + + const result = await executeTool("list_system_role_configs", JSON.stringify({}), ctx); + + expect(JSON.parse(result.content)).toEqual([ + { + role: "ADMIN", + label: "Admin", + description: "System administrator", + color: "#000000", + sortOrder: 0, + defaultPermissions: ["users.read"], + }, + ]); + expect(findMany).toHaveBeenCalledWith({ + orderBy: { sortOrder: "asc" }, + }); + }); + + it("updates one system role config for admin users through the real router path", async () => { + const findUnique = vi.fn().mockResolvedValue({ + role: SystemRole.MANAGER, + label: "Manager", + description: "Before", + color: "#111111", + defaultPermissions: ["projects.read"], + }); + const update = vi.fn().mockResolvedValue({ + role: SystemRole.MANAGER, + label: "Delivery Manager", + description: "Updated", + color: "#222222", + sortOrder: 1, + defaultPermissions: ["projects.read", "projects.write"], + }); + const ctx = createToolContext({ + systemRoleConfig: { + findUnique, + update, + }, + }); + + const result = await executeTool( + "update_system_role_config", + JSON.stringify({ + role: "MANAGER", + label: "Delivery Manager", + description: "Updated", + color: "#222222", + defaultPermissions: ["projects.read", "projects.write"], + }), + ctx, + ); + + expect(JSON.parse(result.content)).toEqual({ + role: "MANAGER", + label: "Delivery Manager", + description: "Updated", + color: "#222222", + sortOrder: 1, + defaultPermissions: ["projects.read", "projects.write"], + }); + expect(findUnique).toHaveBeenCalledWith({ + where: { role: "MANAGER" }, + }); + expect(update).toHaveBeenCalledWith({ + where: { role: "MANAGER" }, + data: { + label: "Delivery Manager", + description: "Updated", + color: "#222222", + defaultPermissions: ["projects.read", "projects.write"], + }, + }); + }); + + it("rejects system role config tools for non-admin assistant users", async () => { + const ctx = createToolContext( + { + systemRoleConfig: { + findMany: vi.fn(), + findUnique: vi.fn(), + update: vi.fn(), + }, + }, + SystemRole.MANAGER, + ); + + for (const [toolName, payload] of [ + ["list_system_role_configs", {}], + ["update_system_role_config", { role: "MANAGER", label: "Manager" }], + ] as const) { + const result = await executeTool(toolName, JSON.stringify(payload), ctx); + expect(JSON.parse(result.content)).toEqual({ + error: "You do not have permission to perform this action.", + }); + } + }); +});