import { test, expect } from '../../../fixtures/auth.fixture.js';

/**
 * TC-AUTH – Autorisierung Masterdata
 * Quelle: GitHub Issue #67
 */
test.describe('TC-AUTH: Autorisierung', () => {
  test('TC-AUTH-01: Unauthentifizierter Zugriff wird abgelehnt', async ({ request }) => {
    const res = await request.get('/api/suppliers');
    expect([401, 403]).toContain(res.status());
  });

  test('TC-AUTH-02: Admin darf Lieferant erstellen', async ({ request, adminToken }) => {
    const res = await request.post('/api/suppliers', {
      data: { name: `Auth-Test-${Date.now()}`, phone: '+49 30 00000' },
      headers: { Authorization: `Bearer ${adminToken}` },
    });
    expect(res.status()).toBe(201);
  });

  test('TC-AUTH-03: Viewer darf keine Lieferanten erstellen', async ({ request, viewerToken }) => {
    const res = await request.post('/api/suppliers', {
      data: { name: `Viewer-Test-${Date.now()}`, phone: '+49 30 00001' },
      headers: { Authorization: `Bearer ${viewerToken}` },
    });
    expect(res.status()).toBe(403);
  });

  // TODO: Weitere ACs aus Issue #67 ergänzen
});