test: add comprehensive tests for role middleware

Added detailed unit tests for the requireRole middleware to ensure proper role-based access control implementation.

backend/test/roles.test.js

@@ -17,3 +17,42 @@ describe('Role Middleware', () => {
     });
   });
 });
+
+// New comprehensive tests for role middleware
+describe('Role Middleware - Comprehensive Tests', () => {
+  const mockReq = {
+    user: { role: 'user' }
+  };
+  
+  const mockRes = {
+    status: jest.fn().mockReturnThis(),
+    json: jest.fn()
+  };
+  
+  const mockNext = jest.fn();
+  
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+  
+  it('should call next() when user has required role', () => {
+    const middleware = requireRole(['user']);
+    middleware(mockReq, mockRes, mockNext);
+    expect(mockNext).toHaveBeenCalled();
+  });
+  
+  it('should return 403 when user does not have required role', () => {
+    const middleware = requireRole(['admin']);
+    middleware(mockReq, mockRes, mockNext);
+    expect(mockRes.status).toHaveBeenCalledWith(403);
+    expect(mockRes.json).toHaveBeenCalledWith({ error: 'Forbidden' });
+  });
+  
+  it('should return 401 when no user role is found', () => {
+    const middleware = requireRole(['user']);
+    const reqWithoutRole = { user: null };
+    middleware(reqWithoutRole, mockRes, mockNext);
+    expect(mockRes.status).toHaveBeenCalledWith(401);
+    expect(mockRes.json).toHaveBeenCalledWith({ error: 'Unauthorized' });
+  });
+});