solelog/apps/api/test/admin.test.ts

import { describe, it, expect } from 'vitest';
import { createApp } from '../src/app';
import { authToken, bearer, seedActivity } from './helpers';

describe('admin session views', () => {
  it('401s without a token', async () => {
    const app = createApp();
    expect((await app.request('/api/admin/sessions')).status).toBe(401);
    expect((await app.request('/api/admin/sessions/active')).status).toBe(401);
  });

  it('403s for a worker', async () => {
    const app = createApp();
    const token = await authToken(app, 'admin-view-worker@example.com'); // worker
    expect((await app.request('/api/admin/sessions', { headers: bearer(token) })).status).toBe(403);
  });

  it("returns ALL users' sessions for an admin, with user info", async () => {
    const app = createApp();
    const adminTok = await authToken(app, 'admin-view-admin@example.com', 'admin');
    const workerTok = await authToken(app, 'admin-view-w2@example.com'); // worker
    const activityId = await seedActivity('Frezen');

    // Worker starts a session.
    const started = await (
      await app.request('/api/sessions/start', {
        method: 'POST',
        headers: bearer(workerTok),
        body: JSON.stringify({ activity_id: activityId, insole_type: 'Kurk', pair_count: 2 }),
      })
    ).json();

    const res = await app.request('/api/admin/sessions', { headers: bearer(adminTok) });
    expect(res.status).toBe(200);
    const body = await res.json();
    const found = body.find((s: { id: number }) => s.id === started.id);
    expect(found).toBeTruthy();
    expect(found.user_email).toBe('admin-view-w2@example.com');
    expect(found.activity_name).toBe('Frezen');

    const active = await app.request('/api/admin/sessions/active', { headers: bearer(adminTok) });
    expect(active.status).toBe(200);
    const activeBody = await active.json();
    expect(activeBody.some((s: { id: number }) => s.id === started.id)).toBe(true);
  });
});