fix: admin-navigatie zichtbaar voor ADMIN-rol gebruikers

- requireAdmin() checkt nu de database i.p.v. session.isAdmin (was altijd undefined) - loginAction stelt session.isAdmin in op basis van UserRole in de DB - registerAction stelt session.isAdmin = false expliciet in - NavBar toont 'Admin'-link conditioneel als roles.includes('ADMIN') - UserMenu ROLE_LABELS uitgebreid met ADMIN → 'Admin' - Tests aangepast: prismaUserRole.findFirst mock toegevoegd Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-05 20:26:54 +02:00 · 2026-05-05 20:26:54 +02:00 · fbf58d4e44
commit fbf58d4e44
parent c3f10cccce
6 changed files with 26 additions and 2 deletions
--- a/tests/actions/auth.test.ts
+++ b/tests/actions/auth.test.ts
@ -7,6 +7,7 @@ const {
  sessionSaveMock,
  requireSessionMock,
  prismaUserUpdateMock,
+  prismaUserRoleFindFirstMock,
 } = vi.hoisted(() => ({
  redirectMock: vi.fn((path: string) => { throw new Error(`REDIRECT:${path}`) }),
  verifyUserMock: vi.fn(),
@ -14,6 +15,7 @@ const {
  sessionSaveMock: vi.fn(),
  requireSessionMock: vi.fn(),
  prismaUserUpdateMock: vi.fn(),
+  prismaUserRoleFindFirstMock: vi.fn().mockResolvedValue(null),
 }))

 vi.mock('next/navigation', () => ({ redirect: redirectMock }))
@ -36,7 +38,10 @@ vi.mock('@/lib/auth', () => ({
 }))
 vi.mock('@/lib/auth-guard', () => ({ requireSession: requireSessionMock }))
 vi.mock('@/lib/prisma', () => ({
-  prisma: { user: { update: prismaUserUpdateMock } },
+  prisma: {
+    user: { update: prismaUserUpdateMock },
+    userRole: { findFirst: prismaUserRoleFindFirstMock },
+  },
 }))
 vi.mock('@/lib/rate-limit', () => ({ checkRateLimit: vi.fn().mockReturnValue(true) }))

@ -60,6 +65,7 @@ beforeEach(() => {
  sessionSaveMock.mockReset()
  requireSessionMock.mockReset()
  prismaUserUpdateMock.mockReset()
+  prismaUserRoleFindFirstMock.mockResolvedValue(null)
 })

 describe('loginAction UA-redirect', () => {