goodgo-platform/e2e/api/listings-moderate.spec.ts

import { test, expect, registerUser, createListing } from '../fixtures';

test.describe('PATCH /listings/:id/moderate — Listing moderation (admin only)', () => {
  let accessToken: string;
  let listingId: string;

  test.beforeAll(async ({ request }) => {
    const { accessToken: token } = await registerUser(request);
    accessToken = token;

    const { listing } = await createListing(request, token);
    listingId = listing.id;
  });

  test('rejects unauthenticated moderation', async ({ request }) => {
    const res = await request.patch(`listings/${listingId}/moderate`, {
      data: {
        action: 'approve',
        moderationScore: 95,
        notes: 'Looks good',
      },
    });

    expect(res.status()).toBe(401);
  });

  test('rejects moderation from non-admin user', async ({ request }) => {
    const res = await request.patch(`listings/${listingId}/moderate`, {
      data: {
        action: 'approve',
        moderationScore: 95,
        notes: 'Attempted non-admin moderation',
      },
      headers: { Authorization: `Bearer ${accessToken}` },
    });

    expect(res.ok()).toBeFalsy();
    expect([401, 403]).toContain(res.status());
  });

  test('rejects moderation with invalid action', async ({ request }) => {
    const res = await request.patch(`listings/${listingId}/moderate`, {
      data: {
        action: 'INVALID_ACTION',
        notes: 'Invalid action test',
      },
      headers: { Authorization: `Bearer ${accessToken}` },
    });

    expect(res.ok()).toBeFalsy();
    expect([400, 401, 403]).toContain(res.status());
  });

  test('rejects moderation for non-existent listing', async ({ request }) => {
    const res = await request.patch('listings/non-existent-id/moderate', {
      data: {
        action: 'reject',
        notes: 'Non-existent listing',
      },
      headers: { Authorization: `Bearer ${accessToken}` },
    });

    expect(res.ok()).toBeFalsy();
    expect([400, 401, 403, 404]).toContain(res.status());
  });
});