diff --git a/backend/middleware/role.middleware.js b/backend/middleware/role.middleware.js index 8470fe9..1d10b56 100644 --- a/backend/middleware/role.middleware.js +++ b/backend/middleware/role.middleware.js @@ -23,4 +23,4 @@ const requireRole = (requiredRoles) => { }; }; -module.exports = { requireRole }; \ No newline at end of file +export { requireRole }; \ No newline at end of file diff --git a/backend/tests/roles.test.js b/backend/tests/roles.test.js index 839d973..3b9585f 100644 --- a/backend/tests/roles.test.js +++ b/backend/tests/roles.test.js @@ -1,55 +1,88 @@ -const { requireRole } = require('../middleware/role.middleware'); +import request from 'supertest'; +import app from '../app.js'; +import { requireRole } from '../middleware/role.middleware.js'; describe('Role-based Access Control', () => { - // Test that the middleware exists and is a function + // Test that the middleware is properly exported test('requireRole should be a function', () => { expect(typeof requireRole).toBe('function'); }); - // Test that middleware allows access for users with correct role - test('should allow access for user with correct role', () => { - // This would need to be implemented with actual JWT mocking - // For now, just testing the middleware structure - const mockReq = { user: { role: 'admin' } }; - const mockRes = { + // Mock user authentication for testing + const mockUser = (role) => { + return { + role: role, + id: 'test-user-id' + }; + }; + + // Test that middleware allows access to users with correct roles + test('should allow access to users with correct roles', () => { + const req = { + user: mockUser('admin') + }; + const res = { status: jest.fn().mockReturnThis(), json: jest.fn() }; - const mockNext = jest.fn(); + const next = jest.fn(); const middleware = requireRole(['admin']); - middleware(mockReq, mockRes, mockNext); + middleware(req, res, next); - expect(mockNext).toHaveBeenCalled(); + expect(next).toHaveBeenCalled(); }); - // Test that middleware denies access for users with incorrect role - test('should deny access for user with incorrect role', () => { - const mockReq = { user: { role: 'user' } }; - const mockRes = { + // Test that middleware denies access to users with incorrect roles + test('should deny access to users with incorrect roles', () => { + const req = { + user: mockUser('user') + }; + const res = { status: jest.fn().mockReturnThis(), json: jest.fn() }; - const mockNext = jest.fn(); + const next = jest.fn(); const middleware = requireRole(['admin']); - middleware(mockReq, mockRes, mockNext); + middleware(req, res, next); - expect(mockRes.status).toHaveBeenCalledWith(403); + expect(res.status).toHaveBeenCalledWith(403); + expect(res.json).toHaveBeenCalledWith({ error: 'Insufficient permissions' }); }); - // Test that middleware denies access for unauthenticated users - test('should deny access for unauthenticated user', () => { - const mockReq = { }; - const mockRes = { + // Test that middleware denies access to unauthenticated users + test('should deny access to unauthenticated users', () => { + const req = { + user: null + }; + const res = { status: jest.fn().mockReturnThis(), json: jest.fn() }; - const mockNext = jest.fn(); + const next = jest.fn(); const middleware = requireRole(['admin']); - middleware(mockReq, mockRes, mockNext); + middleware(req, res, next); - expect(mockRes.status).toHaveBeenCalledWith(401); + expect(res.status).toHaveBeenCalledWith(401); + expect(res.json).toHaveBeenCalledWith({ error: 'Authentication required' }); + }); + + // Test that middleware allows access to users with one of multiple roles + test('should allow access to users with one of multiple roles', () => { + const req = { + user: mockUser('moderator') + }; + const res = { + status: jest.fn().mockReturnThis(), + json: jest.fn() + }; + const next = jest.fn(); + + const middleware = requireRole(['admin', 'moderator']); + middleware(req, res, next); + + expect(next).toHaveBeenCalled(); }); }); \ No newline at end of file