test(#123): add Vitest integration tests for SvelteKit load functions

Adds server-project spec files for the four priority routes: - routes/+page.server (home/search) — happy path, 401 redirect, network error fallback - routes/documents/[id]/+page.server — happy path, comments fetch failure, 401/403/404 - routes/persons/[id]/+page.server — happy path, partial API failure, 403/404 - routes/admin/+page.server — ADMIN permission gate (none/read-only/undefined/no groups) All tests run in Node environment with vi.mock() for createApiClient and $env/dynamic/private. No real network calls; total suite runs in < 1 second. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-28 16:31:49 +01:00
parent 25d6ce4711
commit 3983771e79
4 changed files with 414 additions and 0 deletions
--- a/frontend/src/routes/admin/page.server.spec.ts
+++ b/frontend/src/routes/admin/page.server.spec.ts
@@ -0,0 +1,77 @@
+import { describe, expect, it, vi, beforeEach } from 'vitest';
+import { load } from './+page.server';
+
+vi.mock('$lib/api.server', () => ({ createApiClient: vi.fn() }));
+
+import { createApiClient } from '$lib/api.server';
+
+const adminUser = { groups: [{ permissions: ['ADMIN'] }] };
+const readOnlyUser = { groups: [{ permissions: ['READ_ALL'] }] };
+
+function mockApiReturning(users: unknown[], groups: unknown[], tags: unknown[]) {
+	vi.mocked(createApiClient).mockReturnValue({
+		GET: vi
+			.fn()
+			.mockResolvedValueOnce({ response: { ok: true }, data: users })
+			.mockResolvedValueOnce({ response: { ok: true }, data: groups })
+			.mockResolvedValueOnce({ response: { ok: true }, data: tags })
+	} as ReturnType<typeof createApiClient>);
+}
+
+beforeEach(() => vi.clearAllMocks());
+
+// ─── permission check ─────────────────────────────────────────────────────────
+
+describe('admin load — permission check', () => {
+	it('throws 403 when user has no ADMIN permission', async () => {
+		await expect(
+			load({ fetch: vi.fn() as unknown as typeof fetch, locals: { user: readOnlyUser } })
+		).rejects.toMatchObject({ status: 403 });
+	});
+
+	it('throws 403 when user is undefined', async () => {
+		await expect(
+			load({ fetch: vi.fn() as unknown as typeof fetch, locals: { user: undefined } })
+		).rejects.toMatchObject({ status: 403 });
+	});
+
+	it('throws 403 when user has no groups', async () => {
+		await expect(
+			load({ fetch: vi.fn() as unknown as typeof fetch, locals: { user: { groups: [] } } })
+		).rejects.toMatchObject({ status: 403 });
+	});
+});
+
+// ─── happy path ───────────────────────────────────────────────────────────────
+
+describe('admin load — happy path', () => {
+	it('returns users, groups, and tags for an admin user', async () => {
+		mockApiReturning(
+			[{ id: 'u1', username: 'alice' }],
+			[{ id: 'g1', name: 'Editors' }],
+			[{ id: 't1', name: 'Familie' }]
+		);
+
+		const result = await load({
+			fetch: vi.fn() as unknown as typeof fetch,
+			locals: { user: adminUser }
+		});
+
+		expect(result.users).toHaveLength(1);
+		expect(result.groups).toHaveLength(1);
+		expect(result.tags).toHaveLength(1);
+	});
+
+	it('returns empty arrays when API returns no data', async () => {
+		mockApiReturning([], [], []);
+
+		const result = await load({
+			fetch: vi.fn() as unknown as typeof fetch,
+			locals: { user: adminUser }
+		});
+
+		expect(result.users).toEqual([]);
+		expect(result.groups).toEqual([]);
+		expect(result.tags).toEqual([]);
+	});
+});