refactor(auth): unify authorization patterns with MANAGE_OWN_PROFILE permission

Issue #2: The profile route used a custom role-based check instead of the permission-based pattern used everywhere else. Changes: - Add MANAGE_OWN_PROFILE permission to backend Permission enum - Add permission to ROLE_REGULAR role definition - Update profile routes to use require_permission(MANAGE_OWN_PROFILE) - Remove custom require_regular_user dependency - Update frontend Permission constant and profile page - Update invites page to use permission instead of role check - Update profile tests with proper permission mocking This ensures consistent authorization patterns across all routes.
2025-12-21 23:50:06 +01:00 · 2025-12-21 23:50:06 +01:00 · 21698203fe
commit 21698203fe
parent 81cd34b0e7
7 changed files with 40 additions and 23 deletions
--- a/frontend/app/profile/page.test.tsx
+++ b/frontend/app/profile/page.test.tsx
@ -15,11 +15,14 @@ let mockUser: { id: number; email: string; roles: string[]; permissions: string[
  id: 1,
  email: "test@example.com",
  roles: ["regular"],
-  permissions: ["view_counter", "increment_counter", "use_sum"],
+  permissions: ["view_counter", "increment_counter", "use_sum", "manage_own_profile"],
 };
 let mockIsLoading = false;
 const mockLogout = vi.fn();
 const mockHasRole = vi.fn((role: string) => mockUser?.roles.includes(role) ?? false);
+const mockHasPermission = vi.fn(
+  (permission: string) => mockUser?.permissions.includes(permission) ?? false
+);

 vi.mock("../auth-context", () => ({
  useAuth: () => ({
@ -27,7 +30,23 @@ vi.mock("../auth-context", () => ({
    isLoading: mockIsLoading,
    logout: mockLogout,
    hasRole: mockHasRole,
+    hasPermission: mockHasPermission,
  }),
+  Permission: {
+    VIEW_COUNTER: "view_counter",
+    INCREMENT_COUNTER: "increment_counter",
+    USE_SUM: "use_sum",
+    VIEW_AUDIT: "view_audit",
+    MANAGE_OWN_PROFILE: "manage_own_profile",
+    MANAGE_INVITES: "manage_invites",
+    VIEW_OWN_INVITES: "view_own_invites",
+    BOOK_APPOINTMENT: "book_appointment",
+    VIEW_OWN_APPOINTMENTS: "view_own_appointments",
+    CANCEL_OWN_APPOINTMENT: "cancel_own_appointment",
+    MANAGE_AVAILABILITY: "manage_availability",
+    VIEW_ALL_APPOINTMENTS: "view_all_appointments",
+    CANCEL_ANY_APPOINTMENT: "cancel_any_appointment",
+  },
 }));

 // Mock profile data
@ -45,10 +64,13 @@ beforeEach(() => {
    id: 1,
    email: "test@example.com",
    roles: ["regular"],
-    permissions: ["view_counter", "increment_counter", "use_sum"],
+    permissions: ["view_counter", "increment_counter", "use_sum", "manage_own_profile"],
  };
  mockIsLoading = false;
  mockHasRole.mockImplementation((role: string) => mockUser?.roles.includes(role) ?? false);
+  mockHasPermission.mockImplementation(
+    (permission: string) => mockUser?.permissions.includes(permission) ?? false
+  );
 });

 afterEach(() => {