arbret/frontend/e2e/permissions.spec.ts

import { test, expect, Page } from "@playwright/test";
import { getBackendUrl } from "./helpers/backend-url";

/**
 * Permission-based E2E tests
 *
 * These tests verify that:
 * 1. Regular users can access exchange and trades pages
 * 2. Admin users can access admin pages (trades, invites, availability)
 * 3. Users are properly redirected based on their permissions
 * 4. API calls respect permission boundaries
 */

// Test credentials - must match what's seeded in the database via seed.py
// These come from environment variables DEV_USER_EMAIL/PASSWORD and DEV_ADMIN_EMAIL/PASSWORD
// Tests will fail fast if these are not set
function getRequiredEnv(name: string): string {
  const value = process.env[name];
  if (!value) {
    throw new Error(
      `Required environment variable ${name} is not set. Run 'source .env' or set it in your environment.`
    );
  }
  return value;
}

const REGULAR_USER = {
  email: getRequiredEnv("DEV_USER_EMAIL"),
  password: getRequiredEnv("DEV_USER_PASSWORD"),
};

const ADMIN_USER = {
  email: getRequiredEnv("DEV_ADMIN_EMAIL"),
  password: getRequiredEnv("DEV_ADMIN_PASSWORD"),
};

// Helper to clear auth cookies
async function clearAuth(page: Page) {
  await page.context().clearCookies();
}

// Helper to login a user
async function loginUser(page: Page, email: string, password: string) {
  await page.goto("/login");
  await page.fill('input[type="email"]', email);
  await page.fill('input[type="password"]', password);
  await page.click('button[type="submit"]');
  // Wait for navigation away from login page
  await page.waitForURL((url) => !url.pathname.includes("/login"), { timeout: 10000 });
}

// Setup: Users are pre-seeded via seed.py before e2e tests run
// The seed script creates:
// - A regular user (DEV_USER_EMAIL/PASSWORD) with "regular" role
// - An admin user (DEV_ADMIN_EMAIL/PASSWORD) with "admin" role
test.beforeAll(async () => {
  // No need to create users - they are seeded by scripts/e2e.sh
});

test.describe("Regular User Access", () => {
  test.beforeEach(async ({ context, page }) => {
    await context.addInitScript(() => {
      window.localStorage.setItem("arbret-locale", "en");
    });
    await clearAuth(page);
    await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
  });

  test("can access exchange and trades pages with correct navigation", async ({ page }) => {
    // Test redirect from home
    await page.goto("/");
    await expect(page).toHaveURL("/exchange");

    // Test exchange page access
    await page.goto("/exchange");
    await expect(page).toHaveURL("/exchange");
    await expect(page.getByText("Exchange Bitcoin")).toBeVisible();

    // Test trades page access
    await page.goto("/trades");
    await expect(page).toHaveURL("/trades");
    await expect(page.getByRole("heading", { name: "My Trades" })).toBeVisible();

    // Test navigation shows exchange and trades, but not admin links
    await expect(page.locator('a[href="/exchange"]').first()).toBeVisible();
    const adminTradesLinks = page.locator('a[href="/admin/trades"]');
    await expect(adminTradesLinks).toHaveCount(0);
  });
});

test.describe("Admin User Access", () => {
  test.beforeEach(async ({ context, page }) => {
    await context.addInitScript(() => {
      window.localStorage.setItem("arbret-locale", "en");
    });
    await clearAuth(page);
    await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
  });

  test("can access admin pages with correct navigation", async ({ page }) => {
    // Test redirect from home
    await page.goto("/");
    await expect(page).toHaveURL("/admin/trades");

    // Test admin trades page
    await page.goto("/admin/trades");
    await expect(page).toHaveURL("/admin/trades");
    await expect(page.getByRole("heading", { name: "Trades" })).toBeVisible();

    // Test admin availability page
    await page.goto("/admin/availability");
    await expect(page).toHaveURL("/admin/availability");
    await expect(page.getByRole("heading", { name: "Availability" })).toBeVisible();

    // Test navigation shows admin links but not regular user links
    await page.goto("/admin/trades");
    await expect(page.locator('a[href="/admin/invites"]')).toBeVisible();
    await expect(page.locator('a[href="/admin/availability"]')).toBeVisible();
    await expect(page.locator('a[href="/admin/trades"]')).toHaveCount(0); // Current page, shown as text not link
    const exchangeLinks = page.locator('a[href="/exchange"]');
    await expect(exchangeLinks).toHaveCount(0);
  });
});

test.describe("Unauthenticated Access", () => {
  test.beforeEach(async ({ context, page }) => {
    await context.addInitScript(() => {
      window.localStorage.setItem("arbret-locale", "en");
    });
    await clearAuth(page);
  });

  test("all protected pages redirect to login", async ({ page }) => {
    // Test home page redirect
    await page.goto("/");
    await expect(page).toHaveURL("/login");

    // Test exchange page redirect
    await page.goto("/exchange");
    await expect(page).toHaveURL("/login");

    // Test admin page redirect
    await page.goto("/admin/trades");
    await expect(page).toHaveURL("/login");
  });
});

test.describe("Permission Boundary via API", () => {
  test("API calls respect permission boundaries", async ({ page, request }) => {
    // Test regular user cannot access admin API
    await clearAuth(page);
    await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
    let cookies = await page.context().cookies();
    let authCookie = cookies.find((c) => c.name === "auth_token");

    if (authCookie) {
      const response = await request.get(`${getBackendUrl()}/api/admin/trades/upcoming`, {
        headers: {
          Cookie: `auth_token=${authCookie.value}`,
        },
      });
      expect(response.status()).toBe(403);
    }

    // Test admin cannot access regular user API
    await clearAuth(page);
    await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
    cookies = await page.context().cookies();
    authCookie = cookies.find((c) => c.name === "auth_token");

    if (authCookie) {
      const response = await request.get(`${getBackendUrl()}/api/exchange/price`, {
        headers: {
          Cookie: `auth_token=${authCookie.value}`,
        },
      });
      expect(response.status()).toBe(403);
    }
  });
});

test.describe("Session and Logout", () => {
  test.beforeEach(async ({ context }) => {
    await context.addInitScript(() => {
      window.localStorage.setItem("arbret-locale", "en");
    });
  });

  test("logout clears permissions and tampered cookies are rejected", async ({ page, context }) => {
    // Test logout clears permissions
    await clearAuth(page);
    await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
    await expect(page).toHaveURL("/exchange");

    await page.click("text=Sign out");
    await expect(page).toHaveURL("/login");

    await page.goto("/exchange");
    await expect(page).toHaveURL("/login");

    // Test tampered cookie is rejected
    await context.addCookies([
      {
        name: "auth_token",
        value: "fake-token-that-should-not-work",
        domain: "localhost",
        path: "/",
      },
    ]);

    await page.goto("/exchange");
    await expect(page).toHaveURL("/login");
  });
});
review 2025-12-18 23:54:51 +01:00			`import { test, expect, Page } from "@playwright/test";`
working 2025-12-26 19:21:34 +01:00			`import { getBackendUrl } from "./helpers/backend-url";`
tests passing 2025-12-18 23:33:32 +01:00
			`/**`
			`* Permission-based E2E tests`
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00			`*`
tests passing 2025-12-18 23:33:32 +01:00			`* These tests verify that:`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`* 1. Regular users can access exchange and trades pages`
			`* 2. Admin users can access admin pages (trades, invites, availability)`
tests passing 2025-12-18 23:33:32 +01:00			`* 3. Users are properly redirected based on their permissions`
			`* 4. API calls respect permission boundaries`
			`*/`

			`// Test credentials - must match what's seeded in the database via seed.py`
			`// These come from environment variables DEV_USER_EMAIL/PASSWORD and DEV_ADMIN_EMAIL/PASSWORD`
review 2025-12-18 23:54:51 +01:00			`// Tests will fail fast if these are not set`
			`function getRequiredEnv(name: string): string {`
			`const value = process.env[name];`
			`if (!value) {`
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00			`throw new Error(`
			`Required environment variable ${name} is not set. Run 'source .env' or set it in your environment.`
			`);`
review 2025-12-18 23:54:51 +01:00			`}`
			`return value;`
			`}`

tests passing 2025-12-18 23:33:32 +01:00			`const REGULAR_USER = {`
review 2025-12-18 23:54:51 +01:00			`email: getRequiredEnv("DEV_USER_EMAIL"),`
			`password: getRequiredEnv("DEV_USER_PASSWORD"),`
tests passing 2025-12-18 23:33:32 +01:00			`};`

			`const ADMIN_USER = {`
review 2025-12-18 23:54:51 +01:00			`email: getRequiredEnv("DEV_ADMIN_EMAIL"),`
			`password: getRequiredEnv("DEV_ADMIN_PASSWORD"),`
tests passing 2025-12-18 23:33:32 +01:00			`};`

			`// Helper to clear auth cookies`
			`async function clearAuth(page: Page) {`
			`await page.context().clearCookies();`
			`}`

			`// Helper to login a user`
			`async function loginUser(page: Page, email: string, password: string) {`
			`await page.goto("/login");`
			`await page.fill('input[type="email"]', email);`
			`await page.fill('input[type="password"]', password);`
			`await page.click('button[type="submit"]');`
			`// Wait for navigation away from login page`
			`await page.waitForURL((url) => !url.pathname.includes("/login"), { timeout: 10000 });`
			`}`

			`// Setup: Users are pre-seeded via seed.py before e2e tests run`
			`// The seed script creates:`
			`// - A regular user (DEV_USER_EMAIL/PASSWORD) with "regular" role`
			`// - An admin user (DEV_ADMIN_EMAIL/PASSWORD) with "admin" role`
			`test.beforeAll(async () => {`
			`// No need to create users - they are seeded by scripts/e2e.sh`
			`});`

			`test.describe("Regular User Access", () => {`
Fix date/time formatting to use es-ES locale - Update all date/time formatting functions to use 'es-ES' locale instead of 'en-US' or 'de-DE' - Update utility functions in utils/date.ts and utils/exchange.ts - Update all component files that use date formatting - Update e2e test helper to match new Spanish date format - All formatting now uses Spanish locale regardless of selected language as per PR requirements 2025-12-26 11:38:17 +01:00			`test.beforeEach(async ({ context, page }) => {`
			`await context.addInitScript(() => {`
			`window.localStorage.setItem("arbret-locale", "en");`
			`});`
tests passing 2025-12-18 23:33:32 +01:00			`await clearAuth(page);`
			`await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);`
			`});`

merged tests 2025-12-24 23:52:52 +01:00			`test("can access exchange and trades pages with correct navigation", async ({ page }) => {`
			`// Test redirect from home`
tests passing 2025-12-18 23:33:32 +01:00			`await page.goto("/");`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await expect(page).toHaveURL("/exchange");`
tests passing 2025-12-18 23:33:32 +01:00
merged tests 2025-12-24 23:52:52 +01:00			`// Test exchange page access`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/exchange");`
			`await expect(page).toHaveURL("/exchange");`
			`await expect(page.getByText("Exchange Bitcoin")).toBeVisible();`
tests passing 2025-12-18 23:33:32 +01:00
merged tests 2025-12-24 23:52:52 +01:00			`// Test trades page access`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/trades");`
			`await expect(page).toHaveURL("/trades");`
Fix: Update permissions and add missing /api/exchange/slots endpoint - Updated auth-context.tsx to use new exchange permissions (CREATE_EXCHANGE, VIEW_OWN_EXCHANGES, etc.) instead of old appointment permissions (BOOK_APPOINTMENT, etc.) - Updated exchange/page.tsx, trades/page.tsx, admin/trades/page.tsx to use correct permission constants - Updated profile/page.test.tsx mock permissions - Updated admin/availability/page.tsx to use constants.exchange instead of constants.booking - Added /api/exchange/slots endpoint to return available slots for a date, filtering out already booked slots - Fixed E2E tests: - exchange.spec.ts: Wait for button to be enabled before clicking - permissions.spec.ts: Use more specific heading selector - price-history.spec.ts: Expect /exchange redirect for regular users 2025-12-22 21:42:42 +01:00			`await expect(page.getByRole("heading", { name: "My Trades" })).toBeVisible();`
tests passing 2025-12-18 23:33:32 +01:00
merged tests 2025-12-24 23:52:52 +01:00			`// Test navigation shows exchange and trades, but not admin links`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await expect(page.locator('a[href="/exchange"]').first()).toBeVisible();`
			`const adminTradesLinks = page.locator('a[href="/admin/trades"]');`
			`await expect(adminTradesLinks).toHaveCount(0);`
tests passing 2025-12-18 23:33:32 +01:00			`});`
			`});`

			`test.describe("Admin User Access", () => {`
Fix date/time formatting to use es-ES locale - Update all date/time formatting functions to use 'es-ES' locale instead of 'en-US' or 'de-DE' - Update utility functions in utils/date.ts and utils/exchange.ts - Update all component files that use date formatting - Update e2e test helper to match new Spanish date format - All formatting now uses Spanish locale regardless of selected language as per PR requirements 2025-12-26 11:38:17 +01:00			`test.beforeEach(async ({ context, page }) => {`
			`await context.addInitScript(() => {`
			`window.localStorage.setItem("arbret-locale", "en");`
			`});`
tests passing 2025-12-18 23:33:32 +01:00			`await clearAuth(page);`
review 2025-12-18 23:54:51 +01:00			`await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);`
tests passing 2025-12-18 23:33:32 +01:00			`});`

merged tests 2025-12-24 23:52:52 +01:00			`test("can access admin pages with correct navigation", async ({ page }) => {`
			`// Test redirect from home`
tests passing 2025-12-18 23:33:32 +01:00			`await page.goto("/");`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await expect(page).toHaveURL("/admin/trades");`
tests passing 2025-12-18 23:33:32 +01:00
merged tests 2025-12-24 23:52:52 +01:00			`// Test admin trades page`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/admin/trades");`
			`await expect(page).toHaveURL("/admin/trades");`
			`await expect(page.getByRole("heading", { name: "Trades" })).toBeVisible();`
tests passing 2025-12-18 23:33:32 +01:00
merged tests 2025-12-24 23:52:52 +01:00			`// Test admin availability page`
Phase 0.3: Update E2E tests for cleanup - Delete counter.spec.ts and random-jobs.spec.ts - Rewrite permissions.spec.ts for new permission structure - Update scripts/e2e.sh: remove worker.py execution - Update generated api.ts types 2025-12-22 18:13:24 +01:00			`await page.goto("/admin/availability");`
			`await expect(page).toHaveURL("/admin/availability");`
			`await expect(page.getByRole("heading", { name: "Availability" })).toBeVisible();`
tests passing 2025-12-18 23:33:32 +01:00
merged tests 2025-12-24 23:52:52 +01:00			`// Test navigation shows admin links but not regular user links`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/admin/trades");`
Phase 0.3: Update E2E tests for cleanup - Delete counter.spec.ts and random-jobs.spec.ts - Rewrite permissions.spec.ts for new permission structure - Update scripts/e2e.sh: remove worker.py execution - Update generated api.ts types 2025-12-22 18:13:24 +01:00			`await expect(page.locator('a[href="/admin/invites"]')).toBeVisible();`
			`await expect(page.locator('a[href="/admin/availability"]')).toBeVisible();`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await expect(page.locator('a[href="/admin/trades"]')).toHaveCount(0); // Current page, shown as text not link`
			`const exchangeLinks = page.locator('a[href="/exchange"]');`
			`await expect(exchangeLinks).toHaveCount(0);`
tests passing 2025-12-18 23:33:32 +01:00			`});`
			`});`

			`test.describe("Unauthenticated Access", () => {`
Fix date/time formatting to use es-ES locale - Update all date/time formatting functions to use 'es-ES' locale instead of 'en-US' or 'de-DE' - Update utility functions in utils/date.ts and utils/exchange.ts - Update all component files that use date formatting - Update e2e test helper to match new Spanish date format - All formatting now uses Spanish locale regardless of selected language as per PR requirements 2025-12-26 11:38:17 +01:00			`test.beforeEach(async ({ context, page }) => {`
			`await context.addInitScript(() => {`
			`window.localStorage.setItem("arbret-locale", "en");`
			`});`
tests passing 2025-12-18 23:33:32 +01:00			`await clearAuth(page);`
			`});`

merged tests 2025-12-24 23:52:52 +01:00			`test("all protected pages redirect to login", async ({ page }) => {`
			`// Test home page redirect`
tests passing 2025-12-18 23:33:32 +01:00			`await page.goto("/");`
			`await expect(page).toHaveURL("/login");`

merged tests 2025-12-24 23:52:52 +01:00			`// Test exchange page redirect`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/exchange");`
tests passing 2025-12-18 23:33:32 +01:00			`await expect(page).toHaveURL("/login");`

merged tests 2025-12-24 23:52:52 +01:00			`// Test admin page redirect`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/admin/trades");`
tests passing 2025-12-18 23:33:32 +01:00			`await expect(page).toHaveURL("/login");`
			`});`
			`});`

			`test.describe("Permission Boundary via API", () => {`
merged tests 2025-12-24 23:52:52 +01:00			`test("API calls respect permission boundaries", async ({ page, request }) => {`
			`// Test regular user cannot access admin API`
tests passing 2025-12-18 23:33:32 +01:00			`await clearAuth(page);`
			`await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);`
merged tests 2025-12-24 23:52:52 +01:00			`let cookies = await page.context().cookies();`
			`let authCookie = cookies.find((c) => c.name === "auth_token");`
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00
tests passing 2025-12-18 23:33:32 +01:00			`if (authCookie) {`
working 2025-12-26 19:21:34 +01:00			const response = await request.get(`${getBackendUrl()}/api/admin/trades/upcoming`, {
tests passing 2025-12-18 23:33:32 +01:00			`headers: {`
			Cookie: `auth_token=${authCookie.value}`,
			`},`
			`});`
			`expect(response.status()).toBe(403);`
			`}`

merged tests 2025-12-24 23:52:52 +01:00			`// Test admin cannot access regular user API`
tests passing 2025-12-18 23:33:32 +01:00			`await clearAuth(page);`
review 2025-12-18 23:54:51 +01:00			`await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);`
merged tests 2025-12-24 23:52:52 +01:00			`cookies = await page.context().cookies();`
			`authCookie = cookies.find((c) => c.name === "auth_token");`
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00
tests passing 2025-12-18 23:33:32 +01:00			`if (authCookie) {`
working 2025-12-26 19:21:34 +01:00			const response = await request.get(`${getBackendUrl()}/api/exchange/price`, {
tests passing 2025-12-18 23:33:32 +01:00			`headers: {`
			Cookie: `auth_token=${authCookie.value}`,
			`},`
			`});`
			`expect(response.status()).toBe(403);`
			`}`
			`});`
			`});`

			`test.describe("Session and Logout", () => {`
Fix date/time formatting to use es-ES locale - Update all date/time formatting functions to use 'es-ES' locale instead of 'en-US' or 'de-DE' - Update utility functions in utils/date.ts and utils/exchange.ts - Update all component files that use date formatting - Update e2e test helper to match new Spanish date format - All formatting now uses Spanish locale regardless of selected language as per PR requirements 2025-12-26 11:38:17 +01:00			`test.beforeEach(async ({ context }) => {`
			`await context.addInitScript(() => {`
			`window.localStorage.setItem("arbret-locale", "en");`
			`});`
			`});`

merged tests 2025-12-24 23:52:52 +01:00			`test("logout clears permissions and tampered cookies are rejected", async ({ page, context }) => {`
			`// Test logout clears permissions`
tests passing 2025-12-18 23:33:32 +01:00			`await clearAuth(page);`
			`await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);`
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await expect(page).toHaveURL("/exchange");`
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00
tests passing 2025-12-18 23:33:32 +01:00			`await page.click("text=Sign out");`
			`await expect(page).toHaveURL("/login");`
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/exchange");`
tests passing 2025-12-18 23:33:32 +01:00			`await expect(page).toHaveURL("/login");`

merged tests 2025-12-24 23:52:52 +01:00			`// Test tampered cookie is rejected`
tests passing 2025-12-18 23:33:32 +01:00			`await context.addCookies([`
			`{`
			`name: "auth_token",`
			`value: "fake-token-that-should-not-work",`
			`domain: "localhost",`
			`path: "/",`
			`},`
			`]);`
Add Prettier for TypeScript formatting - Install prettier - Configure .prettierrc.json and .prettierignore - Add npm scripts: format, format:check - Add Makefile target: format-frontend - Format all frontend files 2025-12-21 21:59:26 +01:00
Phase 4.1: Update E2E permissions tests for exchange Update permissions.spec.ts to test new exchange routes: - Regular user: /exchange, /trades, /api/exchange/price - Admin user: /admin/trades, /api/admin/trades/upcoming - Updated all redirects and navigation tests - Updated API permission boundary tests 2025-12-22 20:10:57 +01:00			`await page.goto("/exchange");`
tests passing 2025-12-18 23:33:32 +01:00			`await expect(page).toHaveURL("/login");`
			`});`
			`});`