working

2025-12-26 19:21:34 +01:00 · 2025-12-26 19:21:34 +01:00 · 4e1a339432
commit 4e1a339432
parent c0999370c6
17 changed files with 393 additions and 91 deletions
--- a/frontend/e2e/permissions.spec.ts
+++ b/frontend/e2e/permissions.spec.ts
@ -1,4 +1,5 @@
 import { test, expect, Page } from "@playwright/test";
+import { getBackendUrl } from "./helpers/backend-url";

 /**
 * Permission-based E2E tests
@ -10,8 +11,6 @@ import { test, expect, Page } from "@playwright/test";
 * 4. API calls respect permission boundaries
 */

-const API_URL = process.env.NEXT_PUBLIC_API_URL || "http://localhost:8000";
-
 // Test credentials - must match what's seeded in the database via seed.py
 // These come from environment variables DEV_USER_EMAIL/PASSWORD and DEV_ADMIN_EMAIL/PASSWORD
 // Tests will fail fast if these are not set
@ -155,7 +154,7 @@ test.describe("Permission Boundary via API", () => {
    let authCookie = cookies.find((c) => c.name === "auth_token");

    if (authCookie) {
-      const response = await request.get(`${API_URL}/api/admin/trades/upcoming`, {
+      const response = await request.get(`${getBackendUrl()}/api/admin/trades/upcoming`, {
        headers: {
          Cookie: `auth_token=${authCookie.value}`,
        },
@ -170,7 +169,7 @@ test.describe("Permission Boundary via API", () => {
    authCookie = cookies.find((c) => c.name === "auth_token");

    if (authCookie) {
-      const response = await request.get(`${API_URL}/api/exchange/price`, {
+      const response = await request.get(`${getBackendUrl()}/api/exchange/price`, {
        headers: {
          Cookie: `auth_token=${authCookie.value}`,
        },