import { test, expect } from '../../../fixtures/auth.fixture.js'; /** * TC-AUTH – Autorisierung * Quelle: GitHub Issue #67 */ test.describe('TC-AUTH: Autorisierung', () => { test('TC-AUTH-01: Unauthentifizierter Zugriff wird abgelehnt', async ({ request }) => { const res = await request.get('/api/suppliers'); expect([401, 403]).toContain(res.status()); }); test('TC-AUTH-02: Admin darf Lieferant erstellen', async ({ request, adminToken }) => { const res = await request.post('/api/suppliers', { data: { name: `Auth-Test-${Date.now()}`, phone: '+49 30 00000' }, headers: { Authorization: `Bearer ${adminToken}` }, }); expect(res.status()).toBe(201); }); test('TC-AUTH-03: Viewer darf keine Lieferanten erstellen', async ({ request, viewerToken }) => { const res = await request.post('/api/suppliers', { data: { name: `Viewer-Test-${Date.now()}`, phone: '+49 30 00001' }, headers: { Authorization: `Bearer ${viewerToken}` }, }); expect(res.status()).toBe(403); }); test('TC-AUTH-04: Viewer darf Lieferanten lesen', async ({ request, viewerToken }) => { const res = await request.get('/api/suppliers', { headers: { Authorization: `Bearer ${viewerToken}` }, }); expect(res.status()).toBe(200); }); test('TC-AUTH-05: Viewer darf keine Kategorien erstellen', async ({ request, viewerToken }) => { const res = await request.post('/api/categories', { data: { name: `Viewer-Kat-${Date.now()}` }, headers: { Authorization: `Bearer ${viewerToken}` }, }); expect(res.status()).toBe(403); }); test('TC-AUTH-06: Admin darf Kategorien erstellen', async ({ request, adminToken }) => { const res = await request.post('/api/categories', { data: { name: `AdminKat-${Date.now()}` }, headers: { Authorization: `Bearer ${adminToken}` }, }); expect(res.status()).toBe(201); }); test('TC-AUTH-07: Ungültiges JWT wird abgelehnt', async ({ request }) => { const res = await request.get('/api/suppliers', { headers: { Authorization: 'Bearer invalid.jwt.token' }, }); expect([401, 403]).toContain(res.status()); }); });