chore: Add permissions to auth data (#9695)

This API change sets the foundation for an upcoming frontend update, transitioning from a role-based model to a permission-based model. This new approach will determine eligibility for various actions and UI elements based on specific permissions rather than roles, enhancing flexibility and security in user access management.
2024-06-28 12:52:48 -07:00
parent 2c94c89077
commit 46621b0983
4 changed files with 28 additions and 0 deletions
--- a/spec/controllers/devise/session_controller_spec.rb
+++ b/spec/controllers/devise/session_controller_spec.rb
@@ -41,6 +41,17 @@ RSpec.describe 'Session', type: :request do
        expect(response).to have_http_status(:success)
        expect(response.body).to include(user_with_new_pwd.email)
      end
+
+      it 'returns the permission of the user' do
+        params = { email: user.email, password: 'Password1!' }
+
+        post new_user_session_url,
+             params: params,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(response.parsed_body['data']['permissions']).to eq(['agent'])
+      end
    end

    context 'when it is invalid sso auth token' do