feat: Add role middleware tests and update docs

2026-03-16 22:06:48 +00:00 · 2026-03-16 22:06:48 +00:00 · 76fcfa6e15
commit 76fcfa6e15
parent 342342423c
2 changed files with 11 additions and 29 deletions
--- a/ISSUE-TEMPLATE.md
+++ b/ISSUE-TEMPLATE.md
@ -1,7 +1,7 @@
 ## Issue Template for helpyourneighbour
 ### Description
-Brief description of the task to be done.
+Describe the task to be done.
 ### Acceptance Criteria
 - [ ] Criterion 1
@ -9,8 +9,8 @@ Brief description of the task to be done.
 - [ ] Criterion 3
 ### Related Files
- File 1
+- `path/to/file1.js`
- File 2
+- `path/to/file2.js`
 ### Notes
 Any additional context or notes.
--- a/backend/tests/roles.test.js
+++ b/backend/tests/roles.test.js
@ -1,32 +1,14 @@
 const request = require('supertest');
-const app = require('../src/server');
+const app = require('../src/server.js');
 const { requireRole } = require('../middleware/role.middleware');
-describe('Role Middleware', () => {
+describe('Role Middleware Tests', () => {
-  // Test for a route that requires 'admin' role
+  test('should allow access to public route without authentication', async () => {
-  it('should deny access to users without admin role', async () => {
+    const response = await request(app).get('/health');
-    const response = await request(app)
+    expect(response.status).toBe(200);
      .get('/admin/users')
      .set('Authorization', 'Bearer invalid-token');
    expect(response.status).toBe(401);
  });
-  // Test for a route that requires 'moderator' role
+  test('should deny access to protected route without authentication', async () => {
-  it('should deny access to users without moderator role', async () => {
+    const response = await request(app).get('/test-role');
-    const response = await request(app)
+    expect(response.status).toBe(401); // Unauthorized
      .get('/moderator/reports')
      .set('Authorization', 'Bearer invalid-token');
    expect(response.status).toBe(401);
  });
  // Test for a route that requires 'user' role
  it('should deny access to users without user role', async () => {
    const response = await request(app)
      .get('/profile')
      .set('Authorization', 'Bearer invalid-token');
    expect(response.status).toBe(401);
  });
 });