server/tests/auth.test.ts

import { describe, expect, it } from "vitest";

import { permissions } from "@mrp/shared";

import { requirePermissions } from "../src/lib/rbac.js";

describe("rbac", () => {
  it("allows requests with all required permissions", () => {
    const middleware = requirePermissions([permissions.companyRead]);
    const request = {
      authUser: {
        id: "1",
        email: "admin@example.com",
        firstName: "Admin",
        lastName: "User",
        roles: ["Administrator"],
        permissions: [permissions.companyRead],
      },
    };
    const response = {
      status: () => response,
      json: (body: unknown) => body,
    };
    let nextCalled = false;

    middleware(request as never, response as never, () => {
      nextCalled = true;
    });

    expect(nextCalled).toBe(true);
  });
});
Initial MRP foundation scaffold 2026-03-14 14:44:40 -05:00			`import { describe, expect, it } from "vitest";`

			`import { permissions } from "@mrp/shared";`

			`import { requirePermissions } from "../src/lib/rbac.js";`

			`describe("rbac", () => {`
			`it("allows requests with all required permissions", () => {`
			`const middleware = requirePermissions([permissions.companyRead]);`
			`const request = {`
			`authUser: {`
			`id: "1",`
			`email: "admin@example.com",`
			`firstName: "Admin",`
			`lastName: "User",`
			`roles: ["Administrator"],`
			`permissions: [permissions.companyRead],`
			`},`
			`};`
			`const response = {`
			`status: () => response,`
			`json: (body: unknown) => body,`
			`};`
			`let nextCalled = false;`

			`middleware(request as never, response as never, () => {`
			`nextCalled = true;`
			`});`

			`expect(nextCalled).toBe(true);`
			`});`
			`});`