fa4bfb8e5c
Block direct URL navigation to /persons/new, /documents/new, /documents/:id/edit for users without WRITE_ALL permission. E2E tests verify admin user retains access to all write routes. Closes #17 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
1.2 KiB
TypeScript
32 lines
1.2 KiB
TypeScript
import { test, expect } from '@playwright/test';
|
|
|
|
test.describe('Write permissions — admin user', () => {
|
|
test('admin user sees Neues Dokument link on home page', async ({ page }) => {
|
|
await page.goto('/');
|
|
await expect(page.getByRole('link', { name: /Neues Dokument/i })).toBeVisible();
|
|
});
|
|
|
|
test('admin user sees Neue Person link on persons page', async ({ page }) => {
|
|
await page.goto('/persons');
|
|
await expect(page.getByRole('link', { name: /Neue Person/i })).toBeVisible();
|
|
});
|
|
|
|
test('admin user can navigate to /persons/new', async ({ page }) => {
|
|
await page.goto('/persons/new');
|
|
await expect(page).toHaveURL('/persons/new');
|
|
await expect(page.getByLabel('Vorname')).toBeVisible();
|
|
});
|
|
|
|
test('admin user can navigate to /documents/new', async ({ page }) => {
|
|
await page.goto('/documents/new');
|
|
await expect(page).toHaveURL('/documents/new');
|
|
});
|
|
|
|
test('admin user sees edit button on person detail page', async ({ page }) => {
|
|
await page.goto('/persons');
|
|
const firstPerson = page.locator('a[href^="/persons/"]:not([href="/persons/new"])').first();
|
|
await firstPerson.click();
|
|
await expect(page.getByRole('button', { name: /Bearbeiten/i })).toBeVisible();
|
|
});
|
|
});
|