Adolfo Delorenzo 9515c5374a test(04-rbac-03): add failing integration tests for RBAC enforcement and invite flow ...

RED phase — tests are written, will pass when connected to live DB.
Tests cover:
- Full RBAC matrix: platform_admin/customer_admin/operator on all endpoints
- Operator can POST /test but not POST /agents (create)
- Missing headers return 422
- Impersonation creates AuditEvent row
- Full invite flow: create -> accept -> login with correct role
- Expired invite rejection
- Resend generates new token and extends expiry
- Double-accept prevention

2026-03-24 17:16:13 -06:00

17 KiB

Raw Blame History

View Raw