import assert from 'node:assert/strict'
import test from 'node:test'

import { canManageExpenseClaims, canReturnExpenseClaims } from '../src/utils/accessControl.js'

test('direct approvers can return claims without receiving delete permissions', () => {
  const managerUser = { roleCodes: ['manager'] }
  const approverUser = { roleCodes: ['approver'] }

  assert.equal(canReturnExpenseClaims(managerUser), true)
  assert.equal(canReturnExpenseClaims(approverUser), true)
  assert.equal(canManageExpenseClaims(managerUser), false)
  assert.equal(canManageExpenseClaims(approverUser), false)
})

test('finance and executives can return and manage claims', () => {
  assert.equal(canReturnExpenseClaims({ roleCodes: ['finance'] }), true)
  assert.equal(canManageExpenseClaims({ roleCodes: ['finance'] }), true)
  assert.equal(canReturnExpenseClaims({ roleCodes: ['executive'] }), true)
  assert.equal(canManageExpenseClaims({ roleCodes: ['executive'] }), true)
})