역할별 403 권한 안내 문구 일관화

2026-03-19 13:34:47 +09:00
parent 07f4c1258c
commit 44231b1c2e
7 changed files with 136 additions and 10 deletions
--- a/devfront/tests/devfront-security.spec.ts
+++ b/devfront/tests/devfront-security.spec.ts
@@ -57,4 +57,60 @@ test.describe("DevFront security and isolation", () => {
    ).toBeVisible();
    await expect(page).toHaveURL(/\/clients$/);
  });
+
+  test("rp_admin receives 403 on clients list and sees ForbiddenMessage", async ({
+    page,
+  }) => {
+    await seedAuth(page, "rp_admin");
+
+    const state = {
+      clients: [] as ReturnType<typeof makeClient>[],
+      consents: [] as Consent[],
+      auditLogsByCursor: undefined,
+    };
+    await installDevApiMock(page, state);
+
+    await page.route("**/api/v1/dev/clients", async (route) => {
+      if (route.request().method() === "GET") {
+        return route.fulfill({
+          status: 403,
+          contentType: "application/json",
+          body: '{"error": "forbidden"}',
+        });
+      }
+      return route.fallback();
+    });
+
+    await page.goto("/clients");
+    await expect(page.getByText(/RP 관리자는|RP administrators can only access/i)).toBeVisible();
+  });
+
+  test("tenant_admin receives 403 on audit logs and sees ForbiddenMessage", async ({
+    page,
+  }) => {
+    await seedAuth(page, "tenant_admin");
+
+    const state = {
+      clients: [] as ReturnType<typeof makeClient>[],
+      consents: [] as Consent[],
+      auditLogsByCursor: undefined,
+    };
+    await installDevApiMock(page, state);
+
+    await page.route("**/api/v1/dev/audit-logs*", async (route) => {
+      if (route.request().method() === "GET") {
+        return route.fulfill({
+          status: 403,
+          contentType: "application/json",
+          body: '{"error": "forbidden"}',
+        });
+      }
+      return route.fallback();
+    });
+
+    await page.goto("/audit-logs");
+    await expect(
+      page.getByText(/테넌트 관리자 권한|Tenant administrator permissions/i),
+    ).toBeVisible();
+  });
 });