import { describe, expect, it } from 'vitest' import { canAccessAdminMetrics } from './AdminSessionContext' describe('canAccessAdminMetrics', () => { it('allows finance and higher roles after admin 2FA enrollment', () => { expect(canAccessAdminMetrics({ role: 'FINANCE', totpEnabled: true })).toBe(true) expect(canAccessAdminMetrics({ role: 'SUPPORT', totpEnabled: true })).toBe(true) expect(canAccessAdminMetrics({ role: 'ADMIN', totpEnabled: true })).toBe(true) expect(canAccessAdminMetrics({ role: 'SUPER_ADMIN', totpEnabled: true })).toBe(true) }) it('denies viewer role and admins who still need 2FA enrollment', () => { expect(canAccessAdminMetrics({ role: 'VIEWER', totpEnabled: true })).toBe(false) expect(canAccessAdminMetrics({ role: 'ADMIN', totpEnabled: false })).toBe(false) expect(canAccessAdminMetrics(null)).toBe(false) }) })