feat: Add role-based access control middleware and tests

backend/tests/roles.test.js

@@ -1,88 +0,0 @@
-import request from 'supertest';
-import app from '../app.js';
-import { requireRole } from '../middleware/role.middleware.js';
-
-describe('Role-based Access Control', () => {
-  // Test that the middleware is properly exported
-  test('requireRole should be a function', () => {
-    expect(typeof requireRole).toBe('function');
-  });
-
-  // Mock user authentication for testing
-  const mockUser = (role) => {
-    return {
-      role: role,
-      id: 'test-user-id'
-    };
-  };
-
-  // Test that middleware allows access to users with correct roles
-  test('should allow access to users with correct roles', () => {
-    const req = {
-      user: mockUser('admin')
-    };
-    const res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn()
-    };
-    const next = jest.fn();
-
-    const middleware = requireRole(['admin']);
-    middleware(req, res, next);
-
-    expect(next).toHaveBeenCalled();
-  });
-
-  // Test that middleware denies access to users with incorrect roles
-  test('should deny access to users with incorrect roles', () => {
-    const req = {
-      user: mockUser('user')
-    };
-    const res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn()
-    };
-    const next = jest.fn();
-
-    const middleware = requireRole(['admin']);
-    middleware(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(403);
-    expect(res.json).toHaveBeenCalledWith({ error: 'Insufficient permissions' });
-  });
-
-  // Test that middleware denies access to unauthenticated users
-  test('should deny access to unauthenticated users', () => {
-    const req = {
-      user: null
-    };
-    const res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn()
-    };
-    const next = jest.fn();
-
-    const middleware = requireRole(['admin']);
-    middleware(req, res, next);
-
-    expect(res.status).toHaveBeenCalledWith(401);
-    expect(res.json).toHaveBeenCalledWith({ error: 'Authentication required' });
-  });
-
-  // Test that middleware allows access to users with one of multiple roles
-  test('should allow access to users with one of multiple roles', () => {
-    const req = {
-      user: mockUser('moderator')
-    };
-    const res = {
-      status: jest.fn().mockReturnThis(),
-      json: jest.fn()
-    };
-    const next = jest.fn();
-
-    const middleware = requireRole(['admin', 'moderator']);
-    middleware(req, res, next);
-
-    expect(next).toHaveBeenCalled();
-  });
-});