test(api): cover assistant system role configs

packages/api/src/__tests__/assistant-tools-settings-role-config-admin.test.ts

@@ -0,0 +1,129 @@
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+import { SystemRole } from "@capakraken/shared";
+
+import { createToolContext, executeTool } from "./assistant-tools-settings-test-helpers.js";
+
+describe("assistant settings tools system role configuration", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  afterEach(() => {
+    vi.unstubAllGlobals();
+    vi.unstubAllEnvs();
+  });
+
+  it("lists system role configs for admin users through the real router path", async () => {
+    const findMany = vi.fn().mockResolvedValue([
+      {
+        role: SystemRole.ADMIN,
+        label: "Admin",
+        description: "System administrator",
+        color: "#000000",
+        sortOrder: 0,
+        defaultPermissions: ["users.read"],
+      },
+    ]);
+    const ctx = createToolContext({
+      systemRoleConfig: {
+        findMany,
+      },
+    });
+
+    const result = await executeTool("list_system_role_configs", JSON.stringify({}), ctx);
+
+    expect(JSON.parse(result.content)).toEqual([
+      {
+        role: "ADMIN",
+        label: "Admin",
+        description: "System administrator",
+        color: "#000000",
+        sortOrder: 0,
+        defaultPermissions: ["users.read"],
+      },
+    ]);
+    expect(findMany).toHaveBeenCalledWith({
+      orderBy: { sortOrder: "asc" },
+    });
+  });
+
+  it("updates one system role config for admin users through the real router path", async () => {
+    const findUnique = vi.fn().mockResolvedValue({
+      role: SystemRole.MANAGER,
+      label: "Manager",
+      description: "Before",
+      color: "#111111",
+      defaultPermissions: ["projects.read"],
+    });
+    const update = vi.fn().mockResolvedValue({
+      role: SystemRole.MANAGER,
+      label: "Delivery Manager",
+      description: "Updated",
+      color: "#222222",
+      sortOrder: 1,
+      defaultPermissions: ["projects.read", "projects.write"],
+    });
+    const ctx = createToolContext({
+      systemRoleConfig: {
+        findUnique,
+        update,
+      },
+    });
+
+    const result = await executeTool(
+      "update_system_role_config",
+      JSON.stringify({
+        role: "MANAGER",
+        label: "Delivery Manager",
+        description: "Updated",
+        color: "#222222",
+        defaultPermissions: ["projects.read", "projects.write"],
+      }),
+      ctx,
+    );
+
+    expect(JSON.parse(result.content)).toEqual({
+      role: "MANAGER",
+      label: "Delivery Manager",
+      description: "Updated",
+      color: "#222222",
+      sortOrder: 1,
+      defaultPermissions: ["projects.read", "projects.write"],
+    });
+    expect(findUnique).toHaveBeenCalledWith({
+      where: { role: "MANAGER" },
+    });
+    expect(update).toHaveBeenCalledWith({
+      where: { role: "MANAGER" },
+      data: {
+        label: "Delivery Manager",
+        description: "Updated",
+        color: "#222222",
+        defaultPermissions: ["projects.read", "projects.write"],
+      },
+    });
+  });
+
+  it("rejects system role config tools for non-admin assistant users", async () => {
+    const ctx = createToolContext(
+      {
+        systemRoleConfig: {
+          findMany: vi.fn(),
+          findUnique: vi.fn(),
+          update: vi.fn(),
+        },
+      },
+      SystemRole.MANAGER,
+    );
+
+    for (const [toolName, payload] of [
+      ["list_system_role_configs", {}],
+      ["update_system_role_config", { role: "MANAGER", label: "Manager" }],
+    ] as const) {
+      const result = await executeTool(toolName, JSON.stringify(payload), ctx);
+      expect(JSON.parse(result.content)).toEqual({
+        error: "You do not have permission to perform this action.",
+      });
+    }
+  });
+});