forked from baron/baron-sso
142 lines
4.5 KiB
TypeScript
142 lines
4.5 KiB
TypeScript
import { expect, test } from "@playwright/test";
|
|
import {
|
|
type AuditLog,
|
|
type Consent,
|
|
installDevApiMock,
|
|
makeClient,
|
|
seedAuth,
|
|
} from "./helpers/devfront-fixtures";
|
|
import { captureEvidence } from "./helpers/evidence";
|
|
|
|
test.describe("DevFront role report", () => {
|
|
test.beforeEach(async ({ page }) => {
|
|
page.on("dialog", async (dialog) => {
|
|
await dialog.accept();
|
|
});
|
|
});
|
|
|
|
test("user(tenant_member) is blocked with 안내 문구", async ({
|
|
page,
|
|
}, testInfo) => {
|
|
await seedAuth(page, "user");
|
|
await installDevApiMock(page, {
|
|
clients: [],
|
|
consents: [] as Consent[],
|
|
auditLogs: [] as AuditLog[],
|
|
});
|
|
|
|
await page.goto("/clients");
|
|
await expect(
|
|
page.getByText(/관리자 전용 화면|administrator only/i),
|
|
).toBeVisible();
|
|
await captureEvidence(page, testInfo, "role-user-blocked");
|
|
});
|
|
|
|
test("rp_admin sees only assigned Gitea app and its logs", async ({
|
|
page,
|
|
}, testInfo) => {
|
|
await seedAuth(page, "rp_admin");
|
|
const state = {
|
|
clients: [makeClient("gitea-client", { name: "Gitea" })],
|
|
consents: [] as Consent[],
|
|
auditLogs: [
|
|
{
|
|
event_id: "evt-rp-1",
|
|
timestamp: "2026-03-04T01:00:00.000Z",
|
|
user_id: "rp-admin-user",
|
|
event_type: "CLIENT_UPDATE",
|
|
status: "success" as const,
|
|
ip_address: "127.0.0.1",
|
|
user_agent: "playwright",
|
|
details: JSON.stringify({
|
|
action: "UPDATE_CLIENT",
|
|
target_id: "gitea-client",
|
|
tenant_id: "tenant-a",
|
|
}),
|
|
},
|
|
] as AuditLog[],
|
|
};
|
|
await installDevApiMock(page, state);
|
|
|
|
await page.goto("/clients");
|
|
await expect(page.getByRole("link", { name: /Gitea/ })).toBeVisible();
|
|
await expect(page.getByText("gitea-client")).toBeVisible();
|
|
await captureEvidence(page, testInfo, "role-rp-admin-clients");
|
|
|
|
await page.goto("/audit-logs");
|
|
await expect(page.getByText("UPDATE_CLIENT")).toBeVisible();
|
|
await expect(page.getByText("gitea-client")).toBeVisible();
|
|
await captureEvidence(page, testInfo, "role-rp-admin-audit");
|
|
});
|
|
|
|
test("tenant_admin can manage tenant apps and see tenant logs", async ({
|
|
page,
|
|
}, testInfo) => {
|
|
await seedAuth(page, "tenant_admin");
|
|
const state = {
|
|
clients: [
|
|
makeClient("tenant-a-app-1", { name: "Tenant A CRM" }),
|
|
makeClient("tenant-a-app-2", { name: "Tenant A ERP" }),
|
|
],
|
|
consents: [] as Consent[],
|
|
auditLogs: [] as AuditLog[],
|
|
auditLogsByCursor: undefined,
|
|
};
|
|
await installDevApiMock(page, state);
|
|
|
|
await page.goto("/clients");
|
|
await expect(page.getByText("Tenant A CRM")).toBeVisible();
|
|
await expect(page.getByText("Tenant A ERP")).toBeVisible();
|
|
await captureEvidence(page, testInfo, "role-tenant-admin-clients");
|
|
|
|
await page.goto("/clients/tenant-a-app-1/settings");
|
|
await page
|
|
.getByPlaceholder("My Awesome Application")
|
|
.fill("Tenant A CRM Updated");
|
|
await page.getByRole("button", { name: /^저장$|^Save$/i }).click();
|
|
|
|
await page.goto("/audit-logs");
|
|
await expect(page.getByText("UPDATE_CLIENT")).toBeVisible({
|
|
timeout: 30000,
|
|
});
|
|
await expect(page.getByText("tenant-a-app-1")).toBeVisible();
|
|
await captureEvidence(page, testInfo, "role-tenant-admin-audit");
|
|
});
|
|
|
|
test("super_admin sees all and can generate log entries", async ({
|
|
page,
|
|
}, testInfo) => {
|
|
await seedAuth(page, "super_admin");
|
|
const state = {
|
|
clients: [
|
|
makeClient("tenant-a-app", { name: "Tenant A App" }),
|
|
makeClient("tenant-b-app", { name: "Tenant B App" }),
|
|
],
|
|
consents: [] as Consent[],
|
|
auditLogs: [] as AuditLog[],
|
|
auditLogsByCursor: undefined,
|
|
};
|
|
await installDevApiMock(page, state);
|
|
|
|
await page.goto("/clients");
|
|
await expect(page.getByText("Tenant A App")).toBeVisible();
|
|
await expect(page.getByText("Tenant B App")).toBeVisible();
|
|
await captureEvidence(page, testInfo, "role-super-admin-clients");
|
|
|
|
await page.goto("/clients/new");
|
|
await page
|
|
.getByPlaceholder("My Awesome Application")
|
|
.fill("Super Admin Created App");
|
|
await page
|
|
.getByPlaceholder(/https:\/\/app\.example\.com\/callback/i)
|
|
.fill("https://super-admin.example.com/callback");
|
|
await page.getByRole("button", { name: /앱 생성|Create/i }).click();
|
|
|
|
await page.goto("/audit-logs");
|
|
await expect(page.getByText("CREATE_CLIENT")).toBeVisible({
|
|
timeout: 30000,
|
|
});
|
|
await captureEvidence(page, testInfo, "role-super-admin-audit");
|
|
});
|
|
});
|