feat(utilization-category): scope reads to planning audience

2026-03-30 10:29:40 +02:00
parent ae74700f7c
commit 54769ca0f5
5 changed files with 86 additions and 3 deletions
@@ -3,6 +3,7 @@ import { describe, expect, it, vi } from "vitest";
 import { clientRouter } from "../router/client.js";
 import { countryRouter } from "../router/country.js";
 import { orgUnitRouter } from "../router/org-unit.js";
+import { utilizationCategoryRouter } from "../router/utilization-category.js";
 import { createCallerFactory } from "../trpc.js";

 function createProtectedContext(
@@ -506,4 +507,73 @@ describe("master-data router authorization", () => {
      include: { _count: { select: { projects: true, children: true } } },
    }));
  });
+
+  it("requires planning read access for utilization-category reads with project counts", async () => {
+    const listFindMany = vi.fn();
+    const getByIdFindUnique = vi.fn();
+    const caller = createCallerFactory(utilizationCategoryRouter)(createProtectedContext({
+      utilizationCategory: {
+        findMany: listFindMany,
+        findUnique: getByIdFindUnique,
+      },
+    }));
+
+    await expect(caller.list({ isActive: true })).rejects.toMatchObject({
+      code: "FORBIDDEN",
+      message: "Planning read access required",
+    });
+    await expect(caller.getById({ id: "util_chargeable" })).rejects.toMatchObject({
+      code: "FORBIDDEN",
+      message: "Planning read access required",
+    });
+
+    expect(listFindMany).not.toHaveBeenCalled();
+    expect(getByIdFindUnique).not.toHaveBeenCalled();
+  });
+
+  it("allows utilization-category reads for users with planning access", async () => {
+    const listFindMany = vi.fn().mockResolvedValue([
+      {
+        id: "util_chargeable",
+        code: "CHARGEABLE",
+        name: "Chargeable",
+        description: "Revenue-generating project work",
+        sortOrder: 1,
+        isDefault: true,
+        isActive: true,
+      },
+    ]);
+    const getByIdFindUnique = vi.fn().mockResolvedValue({
+      id: "util_chargeable",
+      code: "CHARGEABLE",
+      name: "Chargeable",
+      description: "Revenue-generating project work",
+      sortOrder: 1,
+      isDefault: true,
+      isActive: true,
+      _count: { projects: 12 },
+    });
+    const caller = createCallerFactory(utilizationCategoryRouter)(createProtectedContext({
+      utilizationCategory: {
+        findMany: listFindMany,
+        findUnique: getByIdFindUnique,
+      },
+    }, {
+      granted: [PermissionKey.VIEW_PLANNING],
+    }));
+
+    const listResult = await caller.list({ isActive: true });
+    const byIdResult = await caller.getById({ id: "util_chargeable" });
+
+    expect(listResult).toHaveLength(1);
+    expect(byIdResult._count.projects).toBe(12);
+    expect(listFindMany).toHaveBeenCalledWith({
+      where: { isActive: true },
+      orderBy: { sortOrder: "asc" },
+    });
+    expect(getByIdFindUnique).toHaveBeenCalledWith({
+      where: { id: "util_chargeable" },
+      include: { _count: { select: { projects: true } } },
+    });
+  });
 });