package api import ( "testing" "wucher/internal/domain/auth" ) // TestDefaultPermissionsHaveRegisteredModule guards that every seeded permission // maps to a module declared in auth.ModuleRegistry. Adding a permission with a // new prefix without registering its module will fail this test. func TestDefaultPermissionsHaveRegisteredModule(t *testing.T) { for _, p := range DefaultPermissions() { module := auth.ModuleForKey(p.Key) if !auth.IsRegisteredModule(module) { t.Errorf("permission %q maps to module %q which is not in auth.ModuleRegistry", p.Key, module) } } } // TestDefaultPermissionsHaveUniqueKeys guards against accidental duplicate keys // in the catalog (the upsert is keyed on "key"). func TestDefaultPermissionsHaveUniqueKeys(t *testing.T) { seen := make(map[string]bool) for _, p := range DefaultPermissions() { if p.Key == "" { t.Errorf("permission %q has an empty key", p.Name) } if seen[p.Key] { t.Errorf("duplicate permission key %q in DefaultPermissions", p.Key) } seen[p.Key] = true } }