diff --git a/tests/routes/validator.test.ts b/tests/routes/validator.test.ts index ed48fb0..8582f39 100644 --- a/tests/routes/validator.test.ts +++ b/tests/routes/validator.test.ts @@ -31,6 +31,7 @@ function makeToken(wallet: string, role: string): string { const VALIDATOR_WALLET = 'GVALIDATOR1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; const PLAYER_WALLET = 'GPLAYER1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; const SCOUT_WALLET = 'GSCOUT1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; +const ADMIN_WALLET = 'GADMIN1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'; beforeEach(() => { mockGetEvents.mockReset(); @@ -73,6 +74,17 @@ describe('POST /api/validators/milestone', () => { expect(res.body.error).toBe('Insufficient permissions'); }); + it('returns 403 when user is an admin', async () => { + const adminToken = makeToken(ADMIN_WALLET, 'admin'); + const res = await request(app) + .post('/api/validators/milestone') + .set('Authorization', `Bearer ${adminToken}`) + .send(validPayload); + expect(res.status).toBe(403); + expect(res.body.success).toBe(false); + expect(res.body.error).toBe('Insufficient permissions'); + }); + it('returns 201 when user is a validator with valid payload', async () => { const validatorToken = makeToken(VALIDATOR_WALLET, 'validator'); const res = await request(app) @@ -123,6 +135,16 @@ describe('GET /api/validators/milestones/pending', () => { expect(res.body.error).toBe('Insufficient permissions'); }); + it('returns 403 when user is an admin', async () => { + const adminToken = makeToken(ADMIN_WALLET, 'admin'); + const res = await request(app) + .get('/api/validators/milestones/pending') + .set('Authorization', `Bearer ${adminToken}`); + expect(res.status).toBe(403); + expect(res.body.success).toBe(false); + expect(res.body.error).toBe('Insufficient permissions'); + }); + it('returns 200 with empty array when validator has no pending milestones', async () => { mockGetEvents.mockReturnValue([]); const validatorToken = makeToken(VALIDATOR_WALLET, 'validator');