feat(plan): listEntries/listOverrides with employee scoping

This commit is contained in:
BOHA
2026-06-05 12:33:20 +02:00
parent fb022802ae
commit ef404e4362
2 changed files with 121 additions and 0 deletions

View File

@@ -11,6 +11,8 @@ import {
createOverride,
updateOverride,
deleteOverride,
listEntries,
listOverrides,
} from "../services/plan.service";
// ---------------------------------------------------------------------------
@@ -21,6 +23,7 @@ import {
const N = "wh_plan_";
let adminUserId: number;
let noPermUserId: number;
beforeAll(async () => {
// Pick the first admin user from the test database as our fixture.
@@ -31,6 +34,12 @@ beforeAll(async () => {
});
if (!admin) throw new Error("Test setup: admin user not found");
adminUserId = admin.id;
// For list-scoping tests: any non-admin user that is NOT the admin we use
// for create tests. Just pick the second user.
const allUsers = await prisma.users.findMany({ take: 2 });
noPermUserId =
allUsers.find((u) => u.id !== adminUserId)?.id ?? allUsers[0].id;
});
beforeEach(async () => {
@@ -490,3 +499,70 @@ describe("plan.service.deleteOverride", () => {
expect(still?.is_deleted).toBe(true);
});
});
// ---------------------------------------------------------------------------
// listEntries / listOverrides (employee scoping)
// ---------------------------------------------------------------------------
describe("plan.service.listEntries (employee scoping)", () => {
it("returns entries for the actor user when scoped", async () => {
await createEntry(
{
user_id: adminUserId,
date_from: "2098-01-01",
date_to: "2098-01-05",
category: "work",
note: `${N}scope test`,
},
adminUserId,
false,
);
const rows = await listEntries(
{ user_id: adminUserId, date_from: "2098-01-01", date_to: "2098-01-31" },
adminUserId,
true, // isAdmin
);
expect(rows.length).toBeGreaterThan(0);
});
it("scopes non-admin to actor user_id when querying for another user", async () => {
await createEntry(
{
user_id: adminUserId,
date_from: "2098-02-01",
date_to: "2098-02-05",
category: "work",
note: `${N}admin entry`,
},
adminUserId,
false,
);
const rows = await listEntries(
{ user_id: adminUserId, date_from: "2098-02-01", date_to: "2098-02-28" },
noPermUserId,
false, // not admin
);
expect(rows).toEqual([]);
});
});
describe("plan.service.listOverrides (employee scoping)", () => {
it("scopes non-admin to actor user_id", async () => {
await createOverride(
{
user_id: adminUserId,
shift_date: "2098-03-01",
category: "leave",
note: `${N}admin override`,
},
adminUserId,
false,
);
const rows = await listOverrides(
{ user_id: adminUserId, date_from: "2098-03-01", date_to: "2098-03-31" },
noPermUserId,
false,
);
expect(rows).toEqual([]);
});
});