CapaKraken/packages/api/src/__tests__/system-role-config-router.test.ts

import { SystemRole } from "@capakraken/shared";
import { describe, expect, it, vi } from "vitest";
import { systemRoleConfigRouter } from "../router/system-role-config.js";
import { createCallerFactory } from "../trpc.js";

const createCaller = createCallerFactory(systemRoleConfigRouter);

function createAdminCaller(db: Record<string, unknown>) {
  return createCaller({
    session: {
      user: { email: "admin@example.com", name: "Admin", image: null },
      expires: "2099-01-01T00:00:00.000Z",
    },
    db: db as never,
    dbUser: {
      id: "admin_1",
      systemRole: SystemRole.ADMIN,
      permissionOverrides: null,
    },
  });
}

function createProtectedCaller(db: Record<string, unknown>) {
  return createCaller({
    session: {
      user: { email: "user@example.com", name: "User", image: null },
      expires: "2099-01-01T00:00:00.000Z",
    },
    db: db as never,
    dbUser: {
      id: "user_1",
      systemRole: SystemRole.USER,
      permissionOverrides: null,
    },
  });
}

describe("system role config router authorization", () => {
  it("requires admin access for listing role configs", async () => {
    const caller = createProtectedCaller({});

    await expect(caller.list()).rejects.toThrow(
      expect.objectContaining({
        code: "FORBIDDEN",
        message: "Admin role required",
      }),
    );
  });

  it("allows admins to list role configs", async () => {
    const db = {
      systemRoleConfig: {
        findMany: vi.fn().mockResolvedValue([
          {
            role: SystemRole.ADMIN,
            label: "Admin",
            description: "System administrator",
            color: "#000000",
            sortOrder: 0,
            defaultPermissions: [],
          },
        ]),
      },
    };

    const caller = createAdminCaller(db);
    const result = await caller.list();

    expect(db.systemRoleConfig.findMany).toHaveBeenCalledWith({
      orderBy: { sortOrder: "asc" },
    });
    expect(result).toEqual([
      {
        role: SystemRole.ADMIN,
        label: "Admin",
        description: "System administrator",
        color: "#000000",
        sortOrder: 0,
        defaultPermissions: [],
      },
    ]);
  });
});