From 901bcf454c1ccbc2b7d72960dd76282997a8ec05 Mon Sep 17 00:00:00 2001
From: BibaBot <bibabot@example.com>
Date: Tue, 17 Mar 2026 19:07:03 +0000
Subject: [PATCH] feat: Add role-based access control tests and fix middleware
 export

This commit adds comprehensive unit tests for the role-based access control middleware and fixes the ES module export issue. The tests verify that users with correct roles can access protected routes, while users with incorrect roles or no authentication are properly denied access.
---
 backend/middleware/role.middleware.js |  2 +-
 backend/tests/roles.test.js           | 83 +++++++++++++++++++--------
 2 files changed, 59 insertions(+), 26 deletions(-)

diff --git a/backend/middleware/role.middleware.js b/backend/middleware/role.middleware.js
index 8470fe9..1d10b56 100644
--- a/backend/middleware/role.middleware.js
+++ b/backend/middleware/role.middleware.js
@@ -23,4 +23,4 @@ const requireRole = (requiredRoles) => {
   };
 };
 
-module.exports = { requireRole };
\ No newline at end of file
+export { requireRole };
\ No newline at end of file
diff --git a/backend/tests/roles.test.js b/backend/tests/roles.test.js
index 839d973..3b9585f 100644
--- a/backend/tests/roles.test.js
+++ b/backend/tests/roles.test.js
@@ -1,55 +1,88 @@
-const { requireRole } = require('../middleware/role.middleware');
+import request from 'supertest';
+import app from '../app.js';
+import { requireRole } from '../middleware/role.middleware.js';
 
 describe('Role-based Access Control', () => {
-  // Test that the middleware exists and is a function
+  // Test that the middleware is properly exported
   test('requireRole should be a function', () => {
     expect(typeof requireRole).toBe('function');
   });
 
-  // Test that middleware allows access for users with correct role
-  test('should allow access for user with correct role', () => {
-    // This would need to be implemented with actual JWT mocking
-    // For now, just testing the middleware structure
-    const mockReq = { user: { role: 'admin' } };
-    const mockRes = {
+  // Mock user authentication for testing
+  const mockUser = (role) => {
+    return {
+      role: role,
+      id: 'test-user-id'
+    };
+  };
+
+  // Test that middleware allows access to users with correct roles
+  test('should allow access to users with correct roles', () => {
+    const req = {
+      user: mockUser('admin')
+    };
+    const res = {
       status: jest.fn().mockReturnThis(),
       json: jest.fn()
     };
-    const mockNext = jest.fn();
+    const next = jest.fn();
 
     const middleware = requireRole(['admin']);
-    middleware(mockReq, mockRes, mockNext);
+    middleware(req, res, next);
 
-    expect(mockNext).toHaveBeenCalled();
+    expect(next).toHaveBeenCalled();
   });
 
-  // Test that middleware denies access for users with incorrect role
-  test('should deny access for user with incorrect role', () => {
-    const mockReq = { user: { role: 'user' } };
-    const mockRes = {
+  // Test that middleware denies access to users with incorrect roles
+  test('should deny access to users with incorrect roles', () => {
+    const req = {
+      user: mockUser('user')
+    };
+    const res = {
       status: jest.fn().mockReturnThis(),
       json: jest.fn()
     };
-    const mockNext = jest.fn();
+    const next = jest.fn();
 
     const middleware = requireRole(['admin']);
-    middleware(mockReq, mockRes, mockNext);
+    middleware(req, res, next);
 
-    expect(mockRes.status).toHaveBeenCalledWith(403);
+    expect(res.status).toHaveBeenCalledWith(403);
+    expect(res.json).toHaveBeenCalledWith({ error: 'Insufficient permissions' });
   });
 
-  // Test that middleware denies access for unauthenticated users
-  test('should deny access for unauthenticated user', () => {
-    const mockReq = { };
-    const mockRes = {
+  // Test that middleware denies access to unauthenticated users
+  test('should deny access to unauthenticated users', () => {
+    const req = {
+      user: null
+    };
+    const res = {
       status: jest.fn().mockReturnThis(),
       json: jest.fn()
     };
-    const mockNext = jest.fn();
+    const next = jest.fn();
 
     const middleware = requireRole(['admin']);
-    middleware(mockReq, mockRes, mockNext);
+    middleware(req, res, next);
 
-    expect(mockRes.status).toHaveBeenCalledWith(401);
+    expect(res.status).toHaveBeenCalledWith(401);
+    expect(res.json).toHaveBeenCalledWith({ error: 'Authentication required' });
+  });
+
+  // Test that middleware allows access to users with one of multiple roles
+  test('should allow access to users with one of multiple roles', () => {
+    const req = {
+      user: mockUser('moderator')
+    };
+    const res = {
+      status: jest.fn().mockReturnThis(),
+      json: jest.fn()
+    };
+    const next = jest.fn();
+
+    const middleware = requireRole(['admin', 'moderator']);
+    middleware(req, res, next);
+
+    expect(next).toHaveBeenCalled();
   });
 });
\ No newline at end of file