479fa00ecc96b575cac136dc2236952a3ec7f415
Adds artifacts/api-server/tests/role-permissions-assign.test.mjs covering
the previously-uncovered role permission-assignment endpoints in
artifacts/api-server/src/routes/roles.ts:
- PUT /api/roles/:id/permissions
- Replaces an existing set (verifies returned body and the row set in
role_permissions in the DB).
- System-role guard: returns 400 with code "system_role_permissions"
and leaves the system role's permissions unchanged.
- Unknown permission id: returns 404 and the rejected PUT does NOT
partially apply (DB set unchanged).
- POST /api/roles/:id/permissions
- Adds a single permission, returns 201, and is idempotent on repeat
add (no duplicate row, still 201).
- System-role guard: 400 with code "system_role_permissions",
DB unchanged.
- Unknown permission id: 404, DB unchanged.
- DELETE /api/roles/:id/permissions/:permissionId
- Removes the permission and returns 204; idempotent on second delete.
- Idempotent (204, not 404) for an unknown permission id; the role's
other permissions are not collaterally removed.
- System-role guard: 400 with code "system_role_permissions",
DB permissions for system role unchanged.
Style mirrors tests/roles-crud.test.mjs and role-permission-audit.test.mjs:
test admin user provisioned in `before`, login via /api/auth/login, full
cleanup of created roles/users in `after`. Tests run via the standard
`pnpm --filter @workspace/api-server test` command.
Verified all 8 new tests pass against the running API server. The two
pre-existing failures in app-permissions-unique.test.mjs are unrelated
and already tracked by a separate task.
Replit-Task-Id: 885dca7a-421d-4be1-993b-299bfd0719b4
Description
No description provided
Languages
TypeScript
69.2%
JavaScript
29.2%
CSS
0.6%
Shell
0.6%
Dockerfile
0.2%
Other
0.2%