| 1234567891011121314151617181920212223242526272829303132333435363738 |
- /* @vitest-environment node */
- import { describe, it, expect } from "vitest";
- import { getBranchAccess, BRANCH_ACCESS } from "./branchAccess.js";
- describe("lib/frontend/rbac/branchAccess", () => {
- it("allows branch users only for their own branch", () => {
- const user = { userId: "u1", role: "branch", branchId: "NL01" };
- expect(getBranchAccess(user, "NL01")).toBe(BRANCH_ACCESS.ALLOWED);
- expect(getBranchAccess(user, "NL02")).toBe(BRANCH_ACCESS.FORBIDDEN);
- });
- it("allows admin-like users for any branch (admin/superadmin/dev)", () => {
- const admin = { userId: "u2", role: "admin", branchId: null };
- const superadmin = { userId: "u3", role: "superadmin", branchId: null };
- const dev = { userId: "u4", role: "dev", branchId: null };
- expect(getBranchAccess(admin, "NL01")).toBe(BRANCH_ACCESS.ALLOWED);
- expect(getBranchAccess(admin, "NL99")).toBe(BRANCH_ACCESS.ALLOWED);
- expect(getBranchAccess(superadmin, "NL01")).toBe(BRANCH_ACCESS.ALLOWED);
- expect(getBranchAccess(superadmin, "NL99")).toBe(BRANCH_ACCESS.ALLOWED);
- expect(getBranchAccess(dev, "NL01")).toBe(BRANCH_ACCESS.ALLOWED);
- expect(getBranchAccess(dev, "NL99")).toBe(BRANCH_ACCESS.ALLOWED);
- });
- it("denies unknown roles and missing data", () => {
- expect(getBranchAccess(null, "NL01")).toBe(BRANCH_ACCESS.FORBIDDEN);
- const weird = { userId: "u9", role: "user", branchId: "NL01" };
- expect(getBranchAccess(weird, "NL01")).toBe(BRANCH_ACCESS.FORBIDDEN);
- const branchNoId = { userId: "u1", role: "branch", branchId: null };
- expect(getBranchAccess(branchNoId, "NL01")).toBe(BRANCH_ACCESS.FORBIDDEN);
- });
- });
|
