[TESTING] Add comprehensive unit tests for permission system #7
Description
Description
Current State
The permission system is critical for security but has zero automated tests. The package.json references a test file that doesn't exist:
"test:unit": "npx tsx __tests__/lib/permission-checker.test.ts"The permission system has:
- ~40 permissions with complex evaluation logic
- 5-minute TTL cache that could have stale data bugs
- Context-aware checks (projectId, accountId, departmentId)
- Override permissions (VIEW_ALL_PROJECTS bypasses assignment check)
- Hierarchical permission inheritance
Desired Outcome
Create __tests__/lib/permission-checker.test.ts testing:
describe('checkPermissionHybrid', () => {
it('allows superadmins to bypass all checks', async () => { });
it('allows override permissions without context', async () => { });
it('requires context for base permissions', async () => { });
it('denies when base permission missing', async () => { });
it('uses cached result within TTL', async () => { });
it('refreshes cache after TTL expires', async () => { });
});
describe('isAssignedToProject', () => {
it('returns true for assigned users', async () => { });
it('returns false for unassigned users', async () => { });
it('ignores removed_at assignments', async () => { });
});How to get started
- Read
lib/permission-checker.tsto understand the logic - Set up Vitest:
npm install -D vitest @testing-library/react - Create mock Supabase client for testing
- Test each public function
Bonus
Add integration tests with real Supabase for __tests__/integration/permissions-integration.test.ts
Acceptance Criteria
-
__tests__/lib/permission-checker.test.tsexists with 10+ tests - All public functions have at least one test
- Cache behavior is tested
-
npm run test:unitpasses