test(roles): add unit, integration and e2e tests for /roles (#112)

- unit: fixture shapes, mock API (GET/POST/PUT/DELETE), mock DB CRUD - integration: list, create, assign permissions, update, reset perms, delete - e2e: handler calls with mock context + real DB, covers 400/404 cases
2026-04-26 14:06:12 +02:00
parent e3eefd945c
commit e75098083a
3 changed files with 447 additions and 0 deletions
@@ -0,0 +1,172 @@
+// #112 - E2E tests for /roles endpoints
+
+import { assertEquals, assertExists } from "@std/assert";
+import {
+  makeEmployeeContext,
+  makeGetRequest,
+  makeJsonRequest,
+} from "../helpers/handler.ts";
+import { seedRoles, testDb, truncateAll } from "../helpers/db_integration.ts";
+import { permissions } from "$root/databases/schema.ts";
+import { handler as rolesHandler } from "$apps/admin/api/roles.ts";
+import { handler as roleHandler } from "$apps/admin/api/roles/[idRole].ts";
+
+// --- GET /roles ---
+
+Deno.test({
+  name: "e2e roles: GET /roles returns all with permissions",
+  async fn() {
+    await truncateAll();
+    await seedRoles([{ nom: "admin" }, { nom: "employee" }]);
+    const res = await rolesHandler.GET!(makeGetRequest("/roles"), makeEmployeeContext());
+    assertEquals(res.status, 200);
+    const body = await res.json();
+    assertEquals(body.length, 2);
+    assertExists(body[0].permissions);
+    assertEquals(Array.isArray(body[0].permissions), true);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+// --- POST /roles ---
+
+Deno.test({
+  name: "e2e roles: POST /roles creates role (201)",
+  async fn() {
+    await truncateAll();
+    const res = await rolesHandler.POST!(
+      makeJsonRequest("/roles", "POST", { nom: "viewer" }),
+      makeEmployeeContext(),
+    );
+    assertEquals(res.status, 201);
+    const body = await res.json();
+    assertExists(body.id);
+    assertEquals(body.nom, "viewer");
+    assertEquals(body.permissions, []);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+Deno.test({
+  name: "e2e roles: POST /roles 400 on missing nom",
+  async fn() {
+    await truncateAll();
+    const res = await rolesHandler.POST!(
+      makeJsonRequest("/roles", "POST", {}),
+      makeEmployeeContext(),
+    );
+    assertEquals(res.status, 400);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+// --- GET /roles/:id ---
+
+Deno.test({
+  name: "e2e roles: GET /roles/:id returns role with permissions",
+  async fn() {
+    await truncateAll();
+    const [role] = await seedRoles([{ nom: "admin" }]);
+    await testDb.insert(permissions).values([
+      { id: "student_read", nom: "Consulter les élèves" },
+    ]);
+    const res = await roleHandler.GET!(
+      makeGetRequest(`/roles/${role.id}`),
+      makeEmployeeContext({ idRole: String(role.id) }),
+    );
+    assertEquals(res.status, 200);
+    const body = await res.json();
+    assertEquals(body.nom, "admin");
+    assertEquals(Array.isArray(body.permissions), true);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+Deno.test({
+  name: "e2e roles: GET /roles/:id 404 when not found",
+  async fn() {
+    await truncateAll();
+    const res = await roleHandler.GET!(
+      makeGetRequest("/roles/9999"),
+      makeEmployeeContext({ idRole: "9999" }),
+    );
+    assertEquals(res.status, 404);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+// --- PUT /roles/:id ---
+
+Deno.test({
+  name: "e2e roles: PUT /roles/:id updates nom and permissions",
+  async fn() {
+    await truncateAll();
+    const [role] = await seedRoles([{ nom: "employee" }]);
+    await testDb.insert(permissions).values([
+      { id: "note_read", nom: "Consulter les notes" },
+    ]);
+    const res = await roleHandler.PUT!(
+      makeJsonRequest(`/roles/${role.id}`, "PUT", {
+        nom: "teacher",
+        permissions: ["note_read"],
+      }),
+      makeEmployeeContext({ idRole: String(role.id) }),
+    );
+    assertEquals(res.status, 200);
+    const body = await res.json();
+    assertEquals(body.nom, "teacher");
+    assertEquals(body.permissions, ["note_read"]);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+Deno.test({
+  name: "e2e roles: PUT /roles/:id 404 when not found",
+  async fn() {
+    await truncateAll();
+    const res = await roleHandler.PUT!(
+      makeJsonRequest("/roles/9999", "PUT", { nom: "ghost", permissions: [] }),
+      makeEmployeeContext({ idRole: "9999" }),
+    );
+    assertEquals(res.status, 404);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+// --- DELETE /roles/:id ---
+
+Deno.test({
+  name: "e2e roles: DELETE /roles/:id returns 204",
+  async fn() {
+    await truncateAll();
+    const [role] = await seedRoles([{ nom: "moderator" }]);
+    const res = await roleHandler.DELETE!(
+      makeGetRequest(`/roles/${role.id}`),
+      makeEmployeeContext({ idRole: String(role.id) }),
+    );
+    assertEquals(res.status, 204);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+Deno.test({
+  name: "e2e roles: DELETE /roles/:id 404 when not found",
+  async fn() {
+    await truncateAll();
+    const res = await roleHandler.DELETE!(
+      makeGetRequest("/roles/9999"),
+      makeEmployeeContext({ idRole: "9999" }),
+    );
+    assertEquals(res.status, 404);
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});