test(cleanup): verwijder POST /api/todos import en describe-block uit security.test.ts [cmotto5jn000px317kjqlba89]

- Import 'POST as postTodo' uit verwijderde todos-route verwijderd - describe('POST /api/todos') sectie (3 tests) verwijderd - 73 testfiles / 561 tests groen Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-06 11:20:15 +02:00 · 2026-05-06 11:20:15 +02:00 · edb3fc3595
commit edb3fc3595
parent 180513b2e5
1 changed files with 0 additions and 44 deletions
--- a/tests/api/security.test.ts
+++ b/tests/api/security.test.ts
@ -41,7 +41,6 @@ import { GET as getSprintTasks } from '@/app/api/sprints/[id]/tasks/route'
 import { PATCH as patchReorder } from '@/app/api/stories/[id]/tasks/reorder/route'
 import { POST as postStoryLog } from '@/app/api/stories/[id]/log/route'
 import { PATCH as patchTask } from '@/app/api/tasks/[id]/route'
-import { POST as postTodo } from '@/app/api/todos/route'

 const mockPrisma = prisma as unknown as {
  product: { findMany: ReturnType<typeof vi.fn>; findFirst: ReturnType<typeof vi.fn> }
@ -419,46 +418,3 @@ describe('PATCH /api/tasks/:id', () => {
    expect(res.status).toBe(200)
  })
 })
-
-// ─── POST /api/todos ──────────────────────────────────────────────────────────
-
-describe('POST /api/todos', () => {
-  // product_id is required by the Zod schema (z.string().min(1))
-  const VALID_BODY = { title: 'Test todo', product_id: 'prod-1' }
-
-  // TC-TD-01
-  it('returns 401 when no valid token provided', async () => {
-    mockAuth.mockResolvedValue(UNAUTHORIZED)
-    const res = await postTodo(makePost('http://localhost/api/todos', VALID_BODY))
-    expect(res.status).toBe(401)
-  })
-
-  // TC-TD-03
-  it('returns 403 for demo users', async () => {
-    mockAuth.mockResolvedValue(DEMO_AUTH)
-    const res = await postTodo(makePost('http://localhost/api/todos', VALID_BODY))
-    expect(res.status).toBe(403)
-    const data = await res.json()
-    expect(data.error).toBe('Niet beschikbaar in demo-modus')
-  })
-
-  // TC-TD-08
-  it('returns 404 when product_id belongs to another user', async () => {
-    mockAuth.mockResolvedValue(USER_2_AUTH)
-    mockPrisma.product.findFirst.mockResolvedValue(null)
-
-    const res = await postTodo(
-      makePost('http://localhost/api/todos', { title: 'Todo', product_id: 'prod-owned-by-user-1' })
-    )
-    expect(res.status).toBe(404)
-    // Verify it queries by user_id, not productAccessFilter
-    expect(mockPrisma.product.findFirst).toHaveBeenCalledWith(
-      expect.objectContaining({
-        where: expect.objectContaining({
-          id: 'prod-owned-by-user-1',
-          user_id: 'user-2',
-        }),
-      })
-    )
-  })
-})