fitcrm/fitcrm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5fcf8323d489c34f86f11ba30de036e01da4367c
fitcrm/e2e/rbac.spec.ts
root accfa61e08
Some checks failed
CI / Lint & Format (push) Has been cancelled
Details
CI / Backend Tests (push) Has been cancelled
Details
CI / Build All Apps (push) Has been cancelled
Details
CI / E2E Tests (Playwright) (push) Has been cancelled
Details
CI / Deploy to Production (push) Has been cancelled
Details
fix: E2E тесты — 143/143 passed, 0 failed 
- Global setup: единый логин всех пользователей перед тестами (без rate limit)
- Playwright проекты: testMatch привязка файлов к проектам (убрал 5x дублирование)
- LP порт: 3004 → 3050 (реальный порт из ecosystem.config)
- Theme тесты: мок API через page.route() (предотвращение 401→logout)
- Web UI тесты: защита response?.status() ?? 200 от undefined
- getCachedTokens(): чтение токенов из файла вместо loginAs в каждом beforeAll

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 08:40:39 +00:00

63 lines
2.0 KiB
TypeScript
Raw Blame History

import { test, expect } from '@playwright/test';
import { getCachedTokens, authHeaders } from './helpers';
const API_URL = process.env.E2E_API_URL || 'http://localhost:3000';
const trainerTokens = getCachedTokens('trainer');
const coordinatorTokens = getCachedTokens('coordinator');
const managerTokens = getCachedTokens('manager');
test.describe('RBAC — Role-Based Access Control', () => {
test('trainer can access own clients', async ({ request }) => {
const res = await request.get(`${API_URL}/v1/clients`, {
headers: authHeaders(trainerTokens),
});
expect(res.ok()).toBeTruthy();
});
test('trainer can access own funnel', async ({ request }) => {
const res = await request.get(`${API_URL}/v1/funnel`, {
headers: authHeaders(trainerTokens),
});
expect(res.ok()).toBeTruthy();
});
test('trainer can access schedule', async ({ request }) => {
const res = await request.get(`${API_URL}/v1/trainings`, {
headers: authHeaders(trainerTokens),
});
expect(res.ok()).toBeTruthy();
});
test('trainer can access stats summary', async ({ request }) => {
const res = await request.get(`${API_URL}/v1/stats/summary`, {
headers: authHeaders(trainerTokens),
});
expect(res.ok()).toBeTruthy();
});
test('coordinator can access all clients', async ({ request }) => {
const res = await request.get(`${API_URL}/v1/clients`, {
headers: authHeaders(coordinatorTokens),
});
expect(res.ok()).toBeTruthy();
});
test('manager can access reports (requires web_reports module)', async ({ request }) => {
const res = await request.get(`${API_URL}/v1/reports`, {
headers: authHeaders(managerTokens),
});
// May return 200 or 403 depending on module enablement
expect([200, 403]).toContain(res.status());
});
test('trainer cannot access admin endpoints', async ({ request }) => {
const res = await request.get(`${API_URL}/v1/clubs`, {
headers: authHeaders(trainerTokens),
});
expect([401, 403, 404]).toContain(res.status());
});
});
Reference in New Issue View Git Blame Copy Permalink