counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

review

Browse source
This commit is contained in:
counterweight 2025-12-18 23:54:51 +01:00
parent b173b47925
commit 66bc4c5a45
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
10 changed files with 367 additions and 320 deletions
Download patch file Download diff file Expand all files Collapse all files

52
frontend/e2e/permissions.spec.ts
View file

@ -1,4 +1,4 @@
import { test, expect, Page, APIRequestContext } from "@playwright/test";
import { test, expect, Page } from "@playwright/test";
/**
* Permission-based E2E tests
@ -14,14 +14,23 @@ const API_URL = process.env.NEXT_PUBLIC_API_URL || "http://localhost:8000";
// Test credentials - must match what's seeded in the database via seed.py
// These come from environment variables DEV_USER_EMAIL/PASSWORD and DEV_ADMIN_EMAIL/PASSWORD
// Tests will fail fast if these are not set
function getRequiredEnv(name: string): string {
const value = process.env[name];
if (!value) {
throw new Error(`Required environment variable ${name} is not set. Run 'source .env' or set it in your environment.`);
}
return value;
}
const REGULAR_USER = {
email: process.env.DEV_USER_EMAIL || "user@example.com",
password: process.env.DEV_USER_PASSWORD || "user123",
email: getRequiredEnv("DEV_USER_EMAIL"),
password: getRequiredEnv("DEV_USER_PASSWORD"),
};
const ADMIN_USER = {
email: process.env.DEV_ADMIN_EMAIL || "admin@example.com",
password: process.env.DEV_ADMIN_PASSWORD || "admin123",
email: getRequiredEnv("DEV_ADMIN_EMAIL"),
password: getRequiredEnv("DEV_ADMIN_PASSWORD"),
};
// Helper to clear auth cookies
@ -29,17 +38,6 @@ async function clearAuth(page: Page) {
await page.context().clearCookies();
}
// Helper to create a user with specific role via API
async function createUserWithRole(
request: APIRequestContext,
email: string,
password: string,
roleName: string
): Promise<void> {
// This requires direct DB access or a test endpoint
// For now, we'll use the seeded users from conftest
}
// Helper to login a user
async function loginUser(page: Page, email: string, password: string) {
await page.goto("/login");
@ -149,19 +147,9 @@ test.describe("Regular User Access", () => {
});
test.describe("Admin User Access", () => {
// Skip these tests if admin user isn't set up
// In real scenario, you'd create admin user in beforeAll
test.skip(
!process.env.DEV_ADMIN_EMAIL,
"Admin tests require DEV_ADMIN_EMAIL and DEV_ADMIN_PASSWORD env vars"
);
const adminEmail = process.env.DEV_ADMIN_EMAIL || ADMIN_USER.email;
const adminPassword = process.env.DEV_ADMIN_PASSWORD || ADMIN_USER.password;
test.beforeEach(async ({ page }) => {
await clearAuth(page);
await loginUser(page, adminEmail, adminPassword);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
});
test("redirected from counter page to audit", async ({ page }) => {
@ -258,17 +246,9 @@ test.describe("Permission Boundary via API", () => {
});
test("admin user API call to counter returns 403", async ({ page, request }) => {
const adminEmail = process.env.DEV_ADMIN_EMAIL;
const adminPassword = process.env.DEV_ADMIN_PASSWORD;
if (!adminEmail || !adminPassword) {
test.skip();
return;
}
// Login as admin
await clearAuth(page);
await loginUser(page, adminEmail, adminPassword);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
// Get cookies
const cookies = await page.context().cookies();