test(front): add test suite frontend (WIP)

2026-06-22 06:41:46 +00:00 · 2026-04-07 12:31:09 +02:00
parent 96080e8a03
commit 3c31902885
97 changed files with 16973 additions and 4 deletions
@@ -0,0 +1,110 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { renderHook } from '@testing-library/react';
+import { usePermissionsStore, useCanDo } from '../../../src/store/permissionsStore';
+import { useAuthStore } from '../../../src/store/authStore';
+import { resetAllStores } from '../../helpers/store';
+import { buildUser, buildAdmin } from '../../helpers/factories';
+
+beforeEach(() => {
+  resetAllStores();
+});
+
+describe('permissionsStore', () => {
+  describe('FE-PERMS-001: setPermissions()', () => {
+    it('stores the permission map', () => {
+      const perms = { trip_create: 'everybody', file_upload: 'trip_member' } as const;
+      usePermissionsStore.getState().setPermissions(perms);
+
+      expect(usePermissionsStore.getState().permissions).toEqual(perms);
+    });
+  });
+
+  describe('FE-PERMS-002: useCanDo() — basic allow/deny', () => {
+    it('returns false when user is not authenticated', () => {
+      usePermissionsStore.getState().setPermissions({ trip_create: 'everybody' });
+
+      const { result } = renderHook(() => useCanDo());
+      expect(result.current('trip_create')).toBe(false);
+    });
+
+    it('returns true for "everybody" when user is authenticated', () => {
+      useAuthStore.setState({ user: buildUser(), isAuthenticated: true });
+      usePermissionsStore.getState().setPermissions({ trip_create: 'everybody' });
+
+      const { result } = renderHook(() => useCanDo());
+      expect(result.current('trip_create')).toBe(true);
+    });
+
+    it('returns true when action has no configured permission (default allow)', () => {
+      useAuthStore.setState({ user: buildUser(), isAuthenticated: true });
+      usePermissionsStore.getState().setPermissions({});
+
+      const { result } = renderHook(() => useCanDo());
+      expect(result.current('unconfigured_action')).toBe(true);
+    });
+  });
+
+  describe('Admin user', () => {
+    it('can do anything regardless of configured permissions', () => {
+      useAuthStore.setState({ user: buildAdmin(), isAuthenticated: true });
+      usePermissionsStore.getState().setPermissions({ restricted_action: 'admin' });
+
+      const { result } = renderHook(() => useCanDo());
+      expect(result.current('restricted_action')).toBe(true);
+    });
+  });
+
+  describe('Owner permissions', () => {
+    it('trip_owner level: owner can act, member cannot', () => {
+      const user = buildUser({ id: 42 });
+      useAuthStore.setState({ user, isAuthenticated: true });
+      usePermissionsStore.getState().setPermissions({ delete_trip: 'trip_owner' });
+
+      const { result } = renderHook(() => useCanDo());
+      const trip = { owner_id: 42 };      // user is owner
+      const otherTrip = { owner_id: 99 }; // user is not owner
+
+      expect(result.current('delete_trip', trip)).toBe(true);
+      expect(result.current('delete_trip', otherTrip)).toBe(false);
+    });
+
+    it('trip_owner level: is_owner flag grants access', () => {
+      const user = buildUser({ id: 1 });
+      useAuthStore.setState({ user, isAuthenticated: true });
+      usePermissionsStore.getState().setPermissions({ delete_trip: 'trip_owner' });
+
+      const { result } = renderHook(() => useCanDo());
+      expect(result.current('delete_trip', { is_owner: true })).toBe(true);
+      expect(result.current('delete_trip', { is_owner: false })).toBe(false);
+    });
+  });
+
+  describe('Member permissions', () => {
+    it('trip_member level: members and owners can act, unauthenticated trip context cannot', () => {
+      const user = buildUser({ id: 1 });
+      useAuthStore.setState({ user, isAuthenticated: true });
+      usePermissionsStore.getState().setPermissions({ upload_file: 'trip_member' });
+
+      const { result } = renderHook(() => useCanDo());
+      const asOwner = { owner_id: 1 };       // user is owner
+      const asMember = { owner_id: 99 };     // user is member (trip context provided, not owner)
+      const noTrip = null;                   // no trip context
+
+      expect(result.current('upload_file', asOwner)).toBe(true);
+      expect(result.current('upload_file', asMember)).toBe(true);
+      expect(result.current('upload_file', noTrip)).toBe(false);
+    });
+  });
+
+  describe('Nobody / admin-only level', () => {
+    it('admin level: regular user is denied even as trip owner', () => {
+      const user = buildUser({ id: 1 });
+      useAuthStore.setState({ user, isAuthenticated: true });
+      usePermissionsStore.getState().setPermissions({ admin_action: 'admin' });
+
+      const { result } = renderHook(() => useCanDo());
+      expect(result.current('admin_action', { owner_id: 1 })).toBe(false);
+      expect(result.current('admin_action')).toBe(false);
+    });
+  });
+});