Nexus/packages/api/src/__tests__/assistant-tools-settings-role-config-admin.test.ts

import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import { SystemRole } from "@capakraken/shared";

import { createToolContext, executeTool } from "./assistant-tools-settings-test-helpers.js";

describe("assistant settings tools system role configuration", () => {
  beforeEach(() => {
    vi.clearAllMocks();
  });

  afterEach(() => {
    vi.unstubAllGlobals();
    vi.unstubAllEnvs();
  });

  it("lists system role configs for admin users through the real router path", async () => {
    const findMany = vi.fn().mockResolvedValue([
      {
        role: SystemRole.ADMIN,
        label: "Admin",
        description: "System administrator",
        color: "#000000",
        sortOrder: 0,
        defaultPermissions: ["users.read"],
      },
    ]);
    const ctx = createToolContext({
      systemRoleConfig: {
        findMany,
      },
    });

    const result = await executeTool("list_system_role_configs", JSON.stringify({}), ctx);

    expect(JSON.parse(result.content)).toEqual([
      {
        role: "ADMIN",
        label: "Admin",
        description: "System administrator",
        color: "#000000",
        sortOrder: 0,
        defaultPermissions: ["users.read"],
      },
    ]);
    expect(findMany).toHaveBeenCalledWith({
      orderBy: { sortOrder: "asc" },
    });
  });

  it("updates one system role config for admin users through the real router path", async () => {
    const findUnique = vi.fn().mockResolvedValue({
      role: SystemRole.MANAGER,
      label: "Manager",
      description: "Before",
      color: "#111111",
      defaultPermissions: ["projects.read"],
    });
    const update = vi.fn().mockResolvedValue({
      role: SystemRole.MANAGER,
      label: "Delivery Manager",
      description: "Updated",
      color: "#222222",
      sortOrder: 1,
      defaultPermissions: ["projects.read", "projects.write"],
    });
    const ctx = createToolContext({
      systemRoleConfig: {
        findUnique,
        update,
      },
    });

    const result = await executeTool(
      "update_system_role_config",
      JSON.stringify({
        role: "MANAGER",
        label: "Delivery Manager",
        description: "Updated",
        color: "#222222",
        defaultPermissions: ["projects.read", "projects.write"],
      }),
      ctx,
    );

    expect(JSON.parse(result.content)).toEqual({
      role: "MANAGER",
      label: "Delivery Manager",
      description: "Updated",
      color: "#222222",
      sortOrder: 1,
      defaultPermissions: ["projects.read", "projects.write"],
    });
    expect(findUnique).toHaveBeenCalledWith({
      where: { role: "MANAGER" },
    });
    expect(update).toHaveBeenCalledWith({
      where: { role: "MANAGER" },
      data: {
        label: "Delivery Manager",
        description: "Updated",
        color: "#222222",
        defaultPermissions: ["projects.read", "projects.write"],
      },
    });
  });

  it("rejects system role config tools for non-admin assistant users", async () => {
    const ctx = createToolContext(
      {
        systemRoleConfig: {
          findMany: vi.fn(),
          findUnique: vi.fn(),
          update: vi.fn(),
        },
      },
      SystemRole.MANAGER,
    );

    for (const [toolName, payload] of [
      ["list_system_role_configs", {}],
      ["update_system_role_config", { role: "MANAGER", label: "Manager" }],
    ] as const) {
      const result = await executeTool(toolName, JSON.stringify(payload), ctx);
      expect(JSON.parse(result.content)).toEqual({
        error: "You do not have permission to perform this action.",
      });
    }
  });
});