| 123456789101112131415161718192021222324252627282930313233343536373839404142 |
- /* @vitest-environment node */
- import { describe, it, expect } from "vitest";
- import { decideBranchUi, BRANCH_UI_DECISION } from "./branchUiDecision.js";
- describe("lib/frontend/rbac/branchUiDecision", () => {
- it("returns FORBIDDEN for branch users accessing other branches", () => {
- const user = { userId: "u1", role: "branch", branchId: "NL01" };
- expect(decideBranchUi({ user, branch: "NL02" })).toBe(
- BRANCH_UI_DECISION.FORBIDDEN
- );
- });
- it("returns ALLOWED for branch users accessing their own branch", () => {
- const user = { userId: "u1", role: "branch", branchId: "NL01" };
- expect(decideBranchUi({ user, branch: "NL01" })).toBe(
- BRANCH_UI_DECISION.ALLOWED
- );
- });
- it("returns NOT_FOUND for admin/dev when branch is not in allowedBranches", () => {
- const admin = { userId: "u2", role: "admin", branchId: null };
- expect(
- decideBranchUi({
- user: admin,
- branch: "NL200",
- allowedBranches: ["NL01", "NL02"],
- })
- ).toBe(BRANCH_UI_DECISION.NOT_FOUND);
- });
- it("fails open (ALLOWED) for admin/dev when allowedBranches is not available", () => {
- const admin = { userId: "u2", role: "admin", branchId: null };
- expect(decideBranchUi({ user: admin, branch: "NL200" })).toBe(
- BRANCH_UI_DECISION.ALLOWED
- );
- });
- });
|
