Files
X-Financial/web/tests/accessControl.test.mjs

22 lines
962 B
JavaScript
Raw Normal View History

import assert from 'node:assert/strict'
import test from 'node:test'
import { canManageExpenseClaims, canReturnExpenseClaims } from '../src/utils/accessControl.js'
test('direct approvers can return claims without receiving delete permissions', () => {
const managerUser = { roleCodes: ['manager'] }
const approverUser = { roleCodes: ['approver'] }
assert.equal(canReturnExpenseClaims(managerUser), true)
assert.equal(canReturnExpenseClaims(approverUser), true)
assert.equal(canManageExpenseClaims(managerUser), false)
assert.equal(canManageExpenseClaims(approverUser), false)
})
test('finance and executives can return and manage claims', () => {
assert.equal(canReturnExpenseClaims({ roleCodes: ['finance'] }), true)
assert.equal(canManageExpenseClaims({ roleCodes: ['finance'] }), true)
assert.equal(canReturnExpenseClaims({ roleCodes: ['executive'] }), true)
assert.equal(canManageExpenseClaims({ roleCodes: ['executive'] }), true)
})