역할 전환 E2E 및 권한 안내 검증 테스트 추가

2026-03-04 13:09:41 +09:00
parent 9946108313
commit e2d3e389f3
5 changed files with 207 additions and 27 deletions
--- a/devfront/tests/devfront-role-switch-report.spec.ts
+++ b/devfront/tests/devfront-role-switch-report.spec.ts
@@ -0,0 +1,141 @@
+import { expect, test } from "@playwright/test";
+import {
+  type AuditLog,
+  type Consent,
+  installDevApiMock,
+  makeClient,
+  seedAuth,
+} from "./helpers/devfront-fixtures";
+import { captureEvidence } from "./helpers/evidence";
+
+test.describe("DevFront role report", () => {
+  test.beforeEach(async ({ page }) => {
+    page.on("dialog", async (dialog) => {
+      await dialog.accept();
+    });
+  });
+
+  test("user(tenant_member) is blocked with 안내 문구", async ({
+    page,
+  }, testInfo) => {
+    await seedAuth(page, "user");
+    await installDevApiMock(page, {
+      clients: [],
+      consents: [] as Consent[],
+      auditLogs: [] as AuditLog[],
+    });
+
+    await page.goto("/clients");
+    await expect(
+      page.getByText(/관리자 전용 화면|administrator only/i),
+    ).toBeVisible();
+    await captureEvidence(page, testInfo, "role-user-blocked");
+  });
+
+  test("rp_admin sees only assigned Gitea app and its logs", async ({
+    page,
+  }, testInfo) => {
+    await seedAuth(page, "rp_admin");
+    const state = {
+      clients: [makeClient("gitea-client", { name: "Gitea" })],
+      consents: [] as Consent[],
+      auditLogs: [
+        {
+          event_id: "evt-rp-1",
+          timestamp: "2026-03-04T01:00:00.000Z",
+          user_id: "rp-admin-user",
+          event_type: "CLIENT_UPDATE",
+          status: "success" as const,
+          ip_address: "127.0.0.1",
+          user_agent: "playwright",
+          details: JSON.stringify({
+            action: "UPDATE_CLIENT",
+            target_id: "gitea-client",
+            tenant_id: "tenant-a",
+          }),
+        },
+      ] as AuditLog[],
+    };
+    await installDevApiMock(page, state);
+
+    await page.goto("/clients");
+    await expect(page.getByRole("link", { name: /Gitea/ })).toBeVisible();
+    await expect(page.getByText("gitea-client")).toBeVisible();
+    await captureEvidence(page, testInfo, "role-rp-admin-clients");
+
+    await page.goto("/audit-logs");
+    await expect(page.getByText("UPDATE_CLIENT")).toBeVisible();
+    await expect(page.getByText("gitea-client")).toBeVisible();
+    await captureEvidence(page, testInfo, "role-rp-admin-audit");
+  });
+
+  test("tenant_admin can manage tenant apps and see tenant logs", async ({
+    page,
+  }, testInfo) => {
+    await seedAuth(page, "tenant_admin");
+    const state = {
+      clients: [
+        makeClient("tenant-a-app-1", { name: "Tenant A CRM" }),
+        makeClient("tenant-a-app-2", { name: "Tenant A ERP" }),
+      ],
+      consents: [] as Consent[],
+      auditLogs: [] as AuditLog[],
+      auditLogsByCursor: undefined,
+    };
+    await installDevApiMock(page, state);
+
+    await page.goto("/clients");
+    await expect(page.getByText("Tenant A CRM")).toBeVisible();
+    await expect(page.getByText("Tenant A ERP")).toBeVisible();
+    await captureEvidence(page, testInfo, "role-tenant-admin-clients");
+
+    await page.goto("/clients/tenant-a-app-1/settings");
+    await page
+      .getByPlaceholder("My Awesome Application")
+      .fill("Tenant A CRM Updated");
+    await page.getByRole("button", { name: /^저장$|^Save$/i }).click();
+
+    await page.goto("/audit-logs");
+    await expect(page.getByText("UPDATE_CLIENT")).toBeVisible({
+      timeout: 30000,
+    });
+    await expect(page.getByText("tenant-a-app-1")).toBeVisible();
+    await captureEvidence(page, testInfo, "role-tenant-admin-audit");
+  });
+
+  test("super_admin sees all and can generate log entries", async ({
+    page,
+  }, testInfo) => {
+    await seedAuth(page, "super_admin");
+    const state = {
+      clients: [
+        makeClient("tenant-a-app", { name: "Tenant A App" }),
+        makeClient("tenant-b-app", { name: "Tenant B App" }),
+      ],
+      consents: [] as Consent[],
+      auditLogs: [] as AuditLog[],
+      auditLogsByCursor: undefined,
+    };
+    await installDevApiMock(page, state);
+
+    await page.goto("/clients");
+    await expect(page.getByText("Tenant A App")).toBeVisible();
+    await expect(page.getByText("Tenant B App")).toBeVisible();
+    await captureEvidence(page, testInfo, "role-super-admin-clients");
+
+    await page.goto("/clients/new");
+    await page
+      .getByPlaceholder("My Awesome Application")
+      .fill("Super Admin Created App");
+    await page
+      .getByPlaceholder(/https:\/\/app\.example\.com\/callback/i)
+      .fill("https://super-admin.example.com/callback");
+    await page.getByRole("button", { name: /앱 생성|Create/i }).click();
+
+    await page.goto("/audit-logs");
+    await expect(page.getByText("CREATE_CLIENT")).toBeVisible({
+      timeout: 30000,
+    });
+    await captureEvidence(page, testInfo, "role-super-admin-audit");
+  });
+});