mirror of
https://github.com/s-frick/effigenix.git
synced 2026-03-28 10:09:35 +01:00
58 lines
2.1 KiB
TypeScript
58 lines
2.1 KiB
TypeScript
import { test, expect } from '../../../fixtures/auth.fixture.js';
|
||
|
||
/**
|
||
* TC-AUTH – Autorisierung
|
||
* Quelle: GitHub Issue #67
|
||
*/
|
||
test.describe('TC-AUTH: Autorisierung', () => {
|
||
test('TC-AUTH-01: Unauthentifizierter Zugriff wird abgelehnt', async ({ request }) => {
|
||
const res = await request.get('/api/suppliers');
|
||
expect([401, 403]).toContain(res.status());
|
||
});
|
||
|
||
test('TC-AUTH-02: Admin darf Lieferant erstellen', async ({ request, adminToken }) => {
|
||
const res = await request.post('/api/suppliers', {
|
||
data: { name: `Auth-Test-${Date.now()}`, phone: '+49 30 00000' },
|
||
headers: { Authorization: `Bearer ${adminToken}` },
|
||
});
|
||
expect(res.status()).toBe(201);
|
||
});
|
||
|
||
test('TC-AUTH-03: Viewer darf keine Lieferanten erstellen', async ({ request, viewerToken }) => {
|
||
const res = await request.post('/api/suppliers', {
|
||
data: { name: `Viewer-Test-${Date.now()}`, phone: '+49 30 00001' },
|
||
headers: { Authorization: `Bearer ${viewerToken}` },
|
||
});
|
||
expect(res.status()).toBe(403);
|
||
});
|
||
|
||
test('TC-AUTH-04: Viewer darf Lieferanten lesen', async ({ request, viewerToken }) => {
|
||
const res = await request.get('/api/suppliers', {
|
||
headers: { Authorization: `Bearer ${viewerToken}` },
|
||
});
|
||
expect(res.status()).toBe(200);
|
||
});
|
||
|
||
test('TC-AUTH-05: Viewer darf keine Kategorien erstellen', async ({ request, viewerToken }) => {
|
||
const res = await request.post('/api/categories', {
|
||
data: { name: `Viewer-Kat-${Date.now()}` },
|
||
headers: { Authorization: `Bearer ${viewerToken}` },
|
||
});
|
||
expect(res.status()).toBe(403);
|
||
});
|
||
|
||
test('TC-AUTH-06: Admin darf Kategorien erstellen', async ({ request, adminToken }) => {
|
||
const res = await request.post('/api/categories', {
|
||
data: { name: `AdminKat-${Date.now()}` },
|
||
headers: { Authorization: `Bearer ${adminToken}` },
|
||
});
|
||
expect(res.status()).toBe(201);
|
||
});
|
||
|
||
test('TC-AUTH-07: Ungültiges JWT wird abgelehnt', async ({ request }) => {
|
||
const res = await request.get('/api/suppliers', {
|
||
headers: { Authorization: 'Bearer invalid.jwt.token' },
|
||
});
|
||
expect([401, 403]).toContain(res.status());
|
||
});
|
||
});
|