feat: improve Worksmobile tenant sync handling

2026-06-02 18:05:36 +09:00
parent d6d39ca300
commit d32ca69eee
58 changed files with 4035 additions and 1400 deletions
--- a/adminfront/src/features/tenants/routes/worksmobileAccess.test.ts
+++ b/adminfront/src/features/tenants/routes/worksmobileAccess.test.ts
@@ -0,0 +1,57 @@
+import { describe, expect, it } from "vitest";
+import {
+  canAccessWorksmobile,
+  HANMAC_FAMILY_TENANT_ID,
+} from "./worksmobileAccess";
+
+describe("worksmobile access", () => {
+  it("allows super admins", () => {
+    expect(canAccessWorksmobile({ role: "super_admin" })).toBe(true);
+  });
+
+  it("allows hanmac-family tenant managers", () => {
+    expect(
+      canAccessWorksmobile({
+        role: "tenant_admin",
+        manageableTenants: [{ id: HANMAC_FAMILY_TENANT_ID }],
+      }),
+    ).toBe(true);
+    expect(
+      canAccessWorksmobile({
+        role: "tenant_admin",
+        manageableTenants: [{ slug: "hanmac-family" }],
+      }),
+    ).toBe(true);
+  });
+
+  it("rejects admins that do not manage hanmac-family", () => {
+    expect(
+      canAccessWorksmobile({
+        role: "tenant_admin",
+        manageableTenants: [{ slug: "other-company" }],
+      }),
+    ).toBe(false);
+    expect(
+      canAccessWorksmobile({
+        role: "user",
+        tenantId: HANMAC_FAMILY_TENANT_ID,
+        tenantSlug: "hanmac-family",
+      }),
+    ).toBe(false);
+    expect(canAccessWorksmobile({ role: "user" })).toBe(false);
+  });
+
+  it("rejects admins that only manage Worksmobile-excluded hanmac-family tenants", () => {
+    expect(
+      canAccessWorksmobile({
+        role: "tenant_admin",
+        manageableTenants: [
+          {
+            slug: "hanmac-family",
+            config: { worksmobileExcluded: true },
+          },
+        ],
+      }),
+    ).toBe(false);
+  });
+});