From 96bb6db985d1c37971fab473ceed770e0c07819b Mon Sep 17 00:00:00 2001
From: JohnDoe6345789 <john.doe6345789@gmail.com>
Date: Fri, 26 Dec 2025 00:34:35 +0000
Subject: [PATCH] code: resolve,nextjs,frontends (1 files)

---
 .../lib/auth/resolve-access-decision.test.ts  | 60 +++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 frontends/nextjs/src/lib/auth/resolve-access-decision.test.ts

diff --git a/frontends/nextjs/src/lib/auth/resolve-access-decision.test.ts b/frontends/nextjs/src/lib/auth/resolve-access-decision.test.ts
new file mode 100644
index 000000000..127db777d
--- /dev/null
+++ b/frontends/nextjs/src/lib/auth/resolve-access-decision.test.ts
@@ -0,0 +1,60 @@
+import { describe, it, expect } from 'vitest'
+import { resolveAccessDecision } from './resolve-access-decision'
+
+describe('resolveAccessDecision', () => {
+  it('returns loading when auth is loading', () => {
+    const decision = resolveAccessDecision({
+      isAuthenticated: false,
+      isLoading: true,
+      requiresAuth: true,
+    })
+
+    expect(decision).toEqual({ allowed: false, reason: 'loading' })
+  })
+
+  it('blocks unauthenticated access when auth is required', () => {
+    const decision = resolveAccessDecision({
+      isAuthenticated: false,
+      isLoading: false,
+      requiresAuth: true,
+    })
+
+    expect(decision).toEqual({ allowed: false, reason: 'unauthenticated' })
+  })
+
+  it('blocks users below the required level', () => {
+    const decision = resolveAccessDecision({
+      isAuthenticated: true,
+      isLoading: false,
+      requiresAuth: true,
+      requiredLevel: 3,
+      userRole: 'user',
+    })
+
+    expect(decision).toEqual({ allowed: false, reason: 'insufficient_level' })
+  })
+
+  it('allows access when the required level is met', () => {
+    const decision = resolveAccessDecision({
+      isAuthenticated: true,
+      isLoading: false,
+      requiresAuth: true,
+      requiredLevel: 2,
+      userRole: 'user',
+    })
+
+    expect(decision).toEqual({ allowed: true })
+  })
+
+  it('uses userLevel when provided', () => {
+    const decision = resolveAccessDecision({
+      isAuthenticated: true,
+      isLoading: false,
+      requiresAuth: true,
+      requiredLevel: 4,
+      userLevel: 4,
+    })
+
+    expect(decision).toEqual({ allowed: true })
+  })
+})