chore(trust): enhance permission gating tests and mock localStorage

Marfuen · Marfuen · commit fe3a5c2bbbc3 · 2026-02-26T13:56:10.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -91,4 +91,4 @@ packages/*/dist
 scripts/sync-release-branch.sh
 /.vscode
 
-.claude/projects/-Users-marfuen-code-comp/
+.claude/projects/-Users-marfuen-code-comp/.claude/audit-findings.md
diff --git a/apps/app/src/app/(app)/[orgId]/trust/portal-settings/components/TrustPortalAdditionalDocumentsSection.test.tsx b/apps/app/src/app/(app)/[orgId]/trust/portal-settings/components/TrustPortalAdditionalDocumentsSection.test.tsx
@@ -109,8 +109,13 @@ describe('TrustPortalAdditionalDocumentsSection permission gating', () => {
   it('hides delete buttons for documents when user lacks trust:update permission', () => {
     setMockPermissions(AUDITOR_PERMISSIONS);
     render(<TrustPortalAdditionalDocumentsSection {...defaultProps} />);
-    // No delete buttons should be rendered
-    const buttons = screen.queryAllByRole('button');
-    expect(buttons.length).toBe(0);
+    // The document download rows (role="button") still render, but actual
+    // <Button> delete buttons should not be present. The delete buttons use
+    // the Trash2 icon; without permission, the entire block is not rendered.
+    // There should be no actual <button> elements (only div[role="button"] for download).
+    const realButtons = screen.queryAllByRole('button').filter(
+      (el) => el.tagName === 'BUTTON',
+    );
+    expect(realButtons.length).toBe(0);
   });
 });
diff --git a/apps/app/src/app/(app)/[orgId]/trust/portal-settings/components/TrustPortalDomain.test.tsx b/apps/app/src/app/(app)/[orgId]/trust/portal-settings/components/TrustPortalDomain.test.tsx
@@ -41,6 +41,18 @@ vi.mock('sonner', () => ({
 
 import { TrustPortalDomain } from './TrustPortalDomain';
 
+// Mock localStorage for jsdom
+const localStorageMock = (() => {
+  let store: Record<string, string> = {};
+  return {
+    getItem: vi.fn((key: string) => store[key] ?? null),
+    setItem: vi.fn((key: string, value: string) => { store[key] = value; }),
+    removeItem: vi.fn((key: string) => { delete store[key]; }),
+    clear: vi.fn(() => { store = {}; }),
+  };
+})();
+Object.defineProperty(globalThis, 'localStorage', { value: localStorageMock });
+
 describe('TrustPortalDomain permission gating', () => {
   const defaultProps = {
     domain: 'trust.example.com',
@@ -52,6 +64,7 @@ describe('TrustPortalDomain permission gating', () => {
 
   beforeEach(() => {
     vi.clearAllMocks();
+    localStorageMock.clear();
   });
 
   it('renders title and description regardless of permissions', () => {
diff --git a/apps/app/src/app/(app)/[orgId]/trust/settings/components/TrustSettingsClient.test.tsx b/apps/app/src/app/(app)/[orgId]/trust/settings/components/TrustSettingsClient.test.tsx
@@ -47,6 +47,18 @@ vi.mock('sonner', () => ({
 
 import { TrustSettingsClient } from './TrustSettingsClient';
 
+// Mock localStorage for jsdom (TrustPortalDomain uses it)
+const localStorageMock = (() => {
+  let store: Record<string, string> = {};
+  return {
+    getItem: vi.fn((key: string) => store[key] ?? null),
+    setItem: vi.fn((key: string, value: string) => { store[key] = value; }),
+    removeItem: vi.fn((key: string) => { delete store[key]; }),
+    clear: vi.fn(() => { store = {}; }),
+  };
+})();
+Object.defineProperty(globalThis, 'localStorage', { value: localStorageMock });
+
 describe('TrustSettingsClient permission gating', () => {
   const defaultProps = {
     orgId: 'org-1',
@@ -60,6 +72,7 @@ describe('TrustSettingsClient permission gating', () => {
 
   beforeEach(() => {
     vi.clearAllMocks();
+    localStorageMock.clear();
   });
 
   it('renders section titles regardless of permissions', () => {
diff --git a/apps/app/src/components/forms/organization/transfer-ownership.test.tsx b/apps/app/src/components/forms/organization/transfer-ownership.test.tsx
@@ -41,13 +41,19 @@ const mockMembers = [
   { id: 'member_2', user: { name: null, email: 'bob@test.com' } },
 ];
 
+// Owner permissions include organization:delete; admin does not
+const OWNER_PERMISSIONS = {
+  ...ADMIN_PERMISSIONS,
+  organization: ['read', 'update', 'delete'],
+};
+
 describe('TransferOwnership permission gating', () => {
   beforeEach(() => {
     vi.clearAllMocks();
   });
 
   it('renders nothing when user is not the owner', () => {
-    setMockPermissions(ADMIN_PERMISSIONS);
+    setMockPermissions(OWNER_PERMISSIONS);
 
     const { container } = render(
       <TransferOwnership members={mockMembers} isOwner={false} />,
@@ -56,7 +62,17 @@ describe('TransferOwnership permission gating', () => {
     expect(container.innerHTML).toBe('');
   });
 
-  it('renders nothing when user lacks organization:delete permission', () => {
+  it('renders nothing when user lacks organization:delete permission (admin role)', () => {
+    setMockPermissions(ADMIN_PERMISSIONS);
+
+    const { container } = render(
+      <TransferOwnership members={mockMembers} isOwner={true} />,
+    );
+
+    expect(container.innerHTML).toBe('');
+  });
+
+  it('renders nothing when user lacks organization:delete permission (auditor role)', () => {
     setMockPermissions(AUDITOR_PERMISSIONS);
 
     const { container } = render(
@@ -77,15 +93,16 @@ describe('TransferOwnership permission gating', () => {
   });
 
   it('renders the transfer ownership card when user is owner with organization:delete permission', () => {
-    setMockPermissions(ADMIN_PERMISSIONS);
+    setMockPermissions(OWNER_PERMISSIONS);
 
     render(<TransferOwnership members={mockMembers} isOwner={true} />);
 
-    expect(screen.getByText('Transfer ownership')).toBeInTheDocument();
+    const elements = screen.getAllByText('Transfer ownership');
+    expect(elements.length).toBeGreaterThanOrEqual(1);
   });
 
   it('shows the "no members" message when members array is empty and user has permission', () => {
-    setMockPermissions(ADMIN_PERMISSIONS);
+    setMockPermissions(OWNER_PERMISSIONS);
 
     render(<TransferOwnership members={[]} isOwner={true} />);
 
@@ -95,7 +112,7 @@ describe('TransferOwnership permission gating', () => {
   });
 
   it('renders the card content when owner has permission and members exist', () => {
-    setMockPermissions(ADMIN_PERMISSIONS);
+    setMockPermissions(OWNER_PERMISSIONS);
 
     render(<TransferOwnership members={mockMembers} isOwner={true} />);
 
