import { describe, expect, it, vi } from "vitest" vi.mock("next/navigation", () => ({ redirect: vi.fn((path: string) => { throw new Error(`redirect:${path}`) }), })) vi.mock("@/lib/auth", () => ({ auth: vi.fn(), })) import type { Session } from "next-auth" import { hasAnyRole, hasMinimumRole, hasRole, isAdmin, } from "@/services/auth.service" function sessionWithRole(role: Session["user"]["role"]): Session { return { expires: new Date(Date.now() + 60_000).toISOString(), user: { id: "user-id", name: "Test User", email: "test@example.test", role, }, } } describe("auth service role helpers", () => { it("checks exact roles", () => { const admin = sessionWithRole("ADMIN") const staff = sessionWithRole("STAFF") expect(hasRole(admin, "ADMIN")).toBe(true) expect(hasRole(staff, "ADMIN")).toBe(false) expect(hasRole(null, "ADMIN")).toBe(false) }) it("checks any allowed role", () => { const manager = sessionWithRole("MANAGER") expect(hasAnyRole(manager, ["ADMIN", "MANAGER"])).toBe(true) expect(hasAnyRole(manager, ["ADMIN", "STAFF"])).toBe(false) expect(hasAnyRole(null, ["ADMIN", "MANAGER"])).toBe(false) }) it("checks minimum role hierarchy", () => { expect(hasMinimumRole(sessionWithRole("ADMIN"), "MANAGER")).toBe(true) expect(hasMinimumRole(sessionWithRole("MANAGER"), "STAFF")).toBe(true) expect(hasMinimumRole(sessionWithRole("STAFF"), "MANAGER")).toBe(false) expect(hasMinimumRole(sessionWithRole("VIEWER"), "STAFF")).toBe(false) expect(hasMinimumRole(null, "VIEWER")).toBe(false) }) it("identifies admins", () => { expect(isAdmin(sessionWithRole("ADMIN"))).toBe(true) expect(isAdmin(sessionWithRole("MANAGER"))).toBe(false) expect(isAdmin(null)).toBe(false) }) })