test(web): add 403 test for preview POST — manageThemes permission gate (ATB-59)

malpercio.dev / atbb

fork atom

WIP! A BB-style forum, on the ATmosphere! We're still working... we'll be back soon when we have something to show off!

node typescript hono htmx atproto

fork atom

test(web): add 403 test for preview POST — manageThemes permission gate (ATB-59)

malpercio.dev 1 week ago 5cb2549b de509970

+16

1 changed file

expand all

unified split

apps

web

src

routes

__tests__

admin-themes.test.tsx

+16

apps/web/src/routes/__tests__/admin-themes.test.tsx

··· 223 223 expect(res.headers.get("location")).toBe("/login"); 224 224 }); 225 225 226 + it("returns 403 for users without manageThemes permission", async () => { 227 + setupAuthenticatedSession([]); 228 + 229 + const routes = await loadThemeRoutes(); 230 + const body = new URLSearchParams({ "color-bg": "#ff0000" }); 231 + const res = await routes.request("/admin/themes/abc123/preview", { 232 + method: "POST", 233 + headers: { 234 + "content-type": "application/x-www-form-urlencoded", 235 + cookie: "atbb_session=token", 236 + }, 237 + body: body.toString(), 238 + }); 239 + expect(res.status).toBe(403); 240 + }); 241 + 226 242 it("returns an HTML fragment with a scoped style block containing submitted token values", async () => { 227 243 setupAuthenticatedSession([MANAGE_THEMES]); 228 244