bas/solelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): admin-only cross-user work-session views (/api/admin/sessions)

Browse Source
This commit is contained in:
Bas van Rossem
2026-06-17 17:47:17 +02:00
parent f2cc0973c7
commit dc8f550665
3 changed files with 108 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
apps/api/test/admin.test.ts Normal file
View File

@@ -0,0 +1,46 @@
import { describe, it, expect } from 'vitest';
import { createApp } from '../src/app';
import { authToken, bearer, seedActivity } from './helpers';
describe('admin session views', () => {
it('401s without a token', async () => {
const app = createApp();
expect((await app.request('/api/admin/sessions')).status).toBe(401);
expect((await app.request('/api/admin/sessions/active')).status).toBe(401);
});
it('403s for a worker', async () => {
const app = createApp();
const token = await authToken(app, 'admin-view-worker@example.com'); // worker
expect((await app.request('/api/admin/sessions', { headers: bearer(token) })).status).toBe(403);
});
it("returns ALL users' sessions for an admin, with user info", async () => {
const app = createApp();
const adminTok = await authToken(app, 'admin-view-admin@example.com', 'admin');
const workerTok = await authToken(app, 'admin-view-w2@example.com'); // worker
const activityId = await seedActivity('Frezen');
// Worker starts a session.
const started = await (
await app.request('/api/sessions/start', {
method: 'POST',
headers: bearer(workerTok),
body: JSON.stringify({ activity_id: activityId, insole_type: 'Kurk', pair_count: 2 }),
})
).json();
const res = await app.request('/api/admin/sessions', { headers: bearer(adminTok) });
expect(res.status).toBe(200);
const body = await res.json();
const found = body.find((s: { id: number }) => s.id === started.id);
expect(found).toBeTruthy();
expect(found.user_email).toBe('admin-view-w2@example.com');
expect(found.activity_name).toBe('Frezen');
const active = await app.request('/api/admin/sessions/active', { headers: bearer(adminTok) });
expect(active.status).toBe(200);
const activeBody = await active.json();
expect(activeBody.some((s: { id: number }) => s.id === started.id)).toBe(true);
});
});