feat(api): add multi-school role access test

akdasa · akdasa · commit 0d73c8935d3e · 2025-03-11T11:42:34.000Z
diff --git a/modules/services/api/src/edu/controllers/roles/specs/context.ts b/modules/services/api/src/edu/controllers/roles/specs/context.ts
@@ -14,6 +14,7 @@ export type Context = {
     tokens: {
       admin: string;
       readOnly: string;
+      oneAndTwoAdmin: string;
     };
   };
   two: {
@@ -23,6 +24,7 @@ export type Context = {
     };
     tokens: {
       admin: string;
+      oneAndTwoAdmin: string;
     };
   };
   three: {
@@ -110,6 +112,11 @@ export const createContext = async (
     [{ sid: schoolThree.id, p: ['roles:create', 'roles:read'] }],
   );
 
+  const oneAndTwoAdmin = await authService.generateTokens(faker.string.uuid(), [
+    { sid: schoolOne.id, p: oneAdminRole.permissions },
+    { sid: schoolTwo.id, p: twoAdminRole.permissions },
+  ]);
+
   const emptyTokenNoPermissions = await authService.generateTokens(
     faker.string.uuid(),
     [],
@@ -129,6 +136,7 @@ export const createContext = async (
       tokens: {
         admin: oneTokenAdmin.accessToken,
         readOnly: oneTokenReadonly.accessToken,
+        oneAndTwoAdmin: oneAndTwoAdmin.accessToken,
       },
     },
     two: {
@@ -138,6 +146,7 @@ export const createContext = async (
       },
       tokens: {
         admin: twoTokenAdmin.accessToken,
+        oneAndTwoAdmin: oneAndTwoAdmin.accessToken,
       },
     },
     three: {
diff --git a/modules/services/api/src/edu/controllers/roles/specs/roles.controller.e2e.get.spec.ts b/modules/services/api/src/edu/controllers/roles/specs/roles.controller.e2e.get.spec.ts
@@ -59,6 +59,22 @@ describe('/edu/roles', () => {
       });
   });
 
+  it(`GET /edu/roles returns only permitted roles (multiple schools)`, async () => {
+    return request(app.getHttpServer())
+      .get(Routes().edu.roles.find())
+      .set('Authorization', `Bearer ${ctx.one.tokens.oneAndTwoAdmin}`)
+      .expect(200)
+      .expect({
+        items: instanceToPlain(
+          mapper.mapArray(
+            [ctx.one.roles.admin, ctx.one.roles.readonly, ctx.two.roles],
+            entities.Role,
+            dto.RoleSummary,
+          ),
+        ),
+      });
+  });
+
   /* -------------------------------------------------------------------------- */
   /*                               Negative Cases                               */
   /* -------------------------------------------------------------------------- */
