feat: Implement role management API endpoints

2026-03-16 05:07:56 +00:00 · 2026-03-16 05:07:56 +00:00 · fddbb167c2
commit fddbb167c2
parent 1f3e567d3a
6 changed files with 355 additions and 35 deletions
--- a/test/roles.test.js
+++ b/test/roles.test.js
@ -0,0 +1,105 @@
+const request = require('supertest');
+const app = require('../backend/app');
+const { getUserById, updateUser } = require('../backend/services/user.service');
+const { logAudit } = require('../backend/services/audit.service');
+
+// Mock die Dienste
+jest.mock('../backend/services/user.service');
+jest.mock('../backend/services/audit.service');
+
+describe('Roles API', () => {
+  beforeEach(() => {
+    // Reset mocks before each test
+    jest.clearAllMocks();
+  });
+
+  describe('GET /api/users/:userId/roles', () => {
+    it('should return user roles', async () => {
+      const mockUser = { id: '1', roles: ['user', 'moderator'] };
+      getUserById.mockResolvedValue(mockUser);
+
+      const response = await request(app)
+        .get('/api/users/1/roles')
+        .expect(200);
+
+      expect(response.body).toEqual(['user', 'moderator']);
+      expect(getUserById).toHaveBeenCalledWith('1');
+    });
+
+    it('should return 404 if user not found', async () => {
+      getUserById.mockResolvedValue(null);
+
+      await request(app)
+        .get('/api/users/999/roles')
+        .expect(404);
+    });
+  });
+
+  describe('PUT /api/users/:userId/roles', () => {
+    it('should update user roles with admin permission', async () => {
+      const mockUser = { id: '1', roles: ['user'] };
+      getUserById.mockResolvedValue(mockUser);
+      updateUser.mockResolvedValue(true);
+      logAudit.mockResolvedValue(true);
+
+      const response = await request(app)
+        .put('/api/users/1/roles')
+        .set('Authorization', 'Bearer admin-token')
+        .send({ roles: ['user', 'admin'] })
+        .expect(200);
+
+      expect(response.body).toEqual({ message: 'Roles updated successfully' });
+      expect(getUserById).toHaveBeenCalledWith('1');
+      expect(updateUser).toHaveBeenCalledWith('1', { roles: ['user', 'admin'] });
+      expect(logAudit).toHaveBeenCalled();
+    });
+
+    it('should return 400 if roles is not an array', async () => {
+      await request(app)
+        .put('/api/users/1/roles')
+        .set('Authorization', 'Bearer admin-token')
+        .send({ roles: 'user' })
+        .expect(400);
+    });
+
+    it('should return 400 if role is invalid', async () => {
+      await request(app)
+        .put('/api/users/1/roles')
+        .set('Authorization', 'Bearer admin-token')
+        .send({ roles: ['invalid-role'] })
+        .expect(400);
+    });
+
+    it('should return 403 if not authorized', async () => {
+      await request(app)
+        .put('/api/users/1/roles')
+        .send({ roles: ['user'] })
+        .expect(403);
+    });
+  });
+
+  describe('DELETE /api/users/:userId/roles', () => {
+    it('should delete user roles with admin permission', async () => {
+      const mockUser = { id: '1', roles: ['user', 'moderator'] };
+      getUserById.mockResolvedValue(mockUser);
+      updateUser.mockResolvedValue(true);
+      logAudit.mockResolvedValue(true);
+
+      const response = await request(app)
+        .delete('/api/users/1/roles')
+        .set('Authorization', 'Bearer admin-token')
+        .expect(200);
+
+      expect(response.body).toEqual({ message: 'Roles deleted successfully' });
+      expect(getUserById).toHaveBeenCalledWith('1');
+      expect(updateUser).toHaveBeenCalledWith('1', { roles: [] });
+      expect(logAudit).toHaveBeenCalled();
+    });
+
+    it('should return 403 if not authorized', async () => {
+      await request(app)
+        .delete('/api/users/1/roles')
+        .expect(403);
+    });
+  });
+});