41 lines
1.3 KiB
TypeScript
41 lines
1.3 KiB
TypeScript
import { describe, it, expect } from 'vitest';
|
|
import {
|
|
isAdmin,
|
|
assertAdmin,
|
|
resolveTenantId,
|
|
canAccessTenant,
|
|
type AuthUser,
|
|
} from '@/lib/auth/authz';
|
|
|
|
const reformista: AuthUser = {
|
|
id: 'u1', email: 'r@x.com', nombre: 'R', role: 'reformista', tenantId: 't1', status: 'activo',
|
|
};
|
|
const admin: AuthUser = {
|
|
id: 'u2', email: 'a@x.com', nombre: 'A', role: 'admin', tenantId: null, status: 'activo',
|
|
};
|
|
|
|
describe('authz', () => {
|
|
it('isAdmin distingue roles', () => {
|
|
expect(isAdmin(admin)).toBe(true);
|
|
expect(isAdmin(reformista)).toBe(false);
|
|
});
|
|
|
|
it('assertAdmin lanza si no es admin o es null', () => {
|
|
expect(() => assertAdmin(admin)).not.toThrow();
|
|
expect(() => assertAdmin(reformista)).toThrow();
|
|
expect(() => assertAdmin(null)).toThrow();
|
|
});
|
|
|
|
it('resolveTenantId devuelve el tenant del reformista y lanza para admin/null', () => {
|
|
expect(resolveTenantId(reformista)).toBe('t1');
|
|
expect(() => resolveTenantId(admin)).toThrow();
|
|
expect(() => resolveTenantId(null)).toThrow();
|
|
});
|
|
|
|
it('canAccessTenant: reformista solo el suyo, admin cualquiera', () => {
|
|
expect(canAccessTenant(reformista, 't1')).toBe(true);
|
|
expect(canAccessTenant(reformista, 't2')).toBe(false);
|
|
expect(canAccessTenant(admin, 't2')).toBe(true);
|
|
});
|
|
});
|