MOPC-App/tests/unit/award-governance.test.ts

/**
 * U-010: Award Governance — Unauthorized AWARD_MASTER
 *
 * Tests that non-AWARD_MASTER users cannot call finalizeWinners.
 */

import { describe, it, expect, beforeAll, afterAll } from 'vitest'
import { prisma, createTestContext } from '../setup'
import {
  createTestUser,
  createTestProgram,
  createTestPipeline,
  createTestTrack,
  createTestStage,
  createTestProject,
  cleanupTestData,
} from '../helpers'
import { awardRouter } from '@/server/routers/award'

let programId: string
let userIds: string[] = []

beforeAll(async () => {
  const program = await createTestProgram({ name: 'Award Gov Test' })
  programId = program.id
})

afterAll(async () => {
  await cleanupTestData(programId, userIds)
})

describe('U-010: Award Governance — Unauthorized AWARD_MASTER', () => {
  it('rejects finalizeWinners when called by a JURY_MEMBER', async () => {
    const jury = await createTestUser('JURY_MEMBER', { name: 'Unauthorized Jury' })
    userIds.push(jury.id)

    // Create award track infrastructure using admin
    const admin = await createTestUser('SUPER_ADMIN')
    userIds.push(admin.id)

    const pipeline = await createTestPipeline(programId)
    const track = await prisma.track.create({
      data: {
        pipelineId: pipeline.id,
        name: 'Award Track',
        slug: `award-${Date.now()}`,
        kind: 'AWARD',
        sortOrder: 1,
        decisionMode: 'AWARD_MASTER_DECISION',
      },
    })

    const stage = await createTestStage(track.id, {
      name: 'Award Stage',
      stageType: 'EVALUATION',
      status: 'STAGE_ACTIVE',
    })

    // Create a SpecialAward linked to the track
    const award = await prisma.specialAward.create({
      data: {
        programId,
        name: 'Best Innovation',
        trackId: track.id,
        status: 'VOTING_OPEN',
        scoringMode: 'PICK_WINNER',
        sortOrder: 0,
      },
    })

    // Create an eligible project
    const project = await createTestProject(programId, { title: 'Award Project' })
    await prisma.awardEligibility.create({
      data: {
        awardId: award.id,
        projectId: project.id,
        eligible: true,
        method: 'MANUAL',
      },
    })

    // Attempt to call finalizeWinners as JURY_MEMBER — should be rejected
    const juryCtx = createTestContext(jury)
    const juryCaller = awardRouter.createCaller(juryCtx)

    await expect(
      juryCaller.finalizeWinners({
        trackId: track.id,
        winnerProjectId: project.id,
      })
    ).rejects.toThrow() // Should throw FORBIDDEN or UNAUTHORIZED

    // Verify the award still has no winner
    const unchangedAward = await prisma.specialAward.findUnique({
      where: { id: award.id },
    })
    expect(unchangedAward!.winnerProjectId).toBeNull()
  })

  it('allows SUPER_ADMIN to finalize winners (awardMasterProcedure permits)', async () => {
    const admin = await createTestUser('SUPER_ADMIN', { name: 'Admin Award Master' })
    userIds.push(admin.id)

    const pipeline = await createTestPipeline(programId)
    const track = await prisma.track.create({
      data: {
        pipelineId: pipeline.id,
        name: 'Admin Award Track',
        slug: `admin-award-${Date.now()}`,
        kind: 'AWARD',
        sortOrder: 2,
        decisionMode: 'AWARD_MASTER_DECISION',
      },
    })

    await createTestStage(track.id, {
      name: 'Admin Award Stage',
      stageType: 'EVALUATION',
      status: 'STAGE_ACTIVE',
    })

    const award = await prisma.specialAward.create({
      data: {
        programId,
        name: 'Admin Award',
        trackId: track.id,
        status: 'VOTING_OPEN',
        scoringMode: 'PICK_WINNER',
        sortOrder: 0,
      },
    })

    const project = await createTestProject(programId, { title: 'Winning Project' })
    await prisma.awardEligibility.create({
      data: {
        awardId: award.id,
        projectId: project.id,
        eligible: true,
        method: 'MANUAL',
      },
    })

    const adminCtx = createTestContext(admin)
    const adminCaller = awardRouter.createCaller(adminCtx)

    const result = await adminCaller.finalizeWinners({
      trackId: track.id,
      winnerProjectId: project.id,
    })

    expect(result.winnerProjectId).toBe(project.id)
    expect(result.status).toBe('CLOSED')
  })
})
Round system redesign: Phases 1-7 complete Full pipeline/track/stage architecture replacing the legacy round system. Schema: 11 new models (Pipeline, Track, Stage, StageTransition, ProjectStageState, RoutingRule, Cohort, CohortProject, LiveProgressCursor, OverrideAction, AudienceVoter) + 8 new enums. Backend: 9 new routers (pipeline, stage, routing, stageFiltering, stageAssignment, cohort, live, decision, award) + 6 new services (stage-engine, routing-engine, stage-filtering, stage-assignment, stage-notifications, live-control). Frontend: Pipeline wizard (17 components), jury stage pages (7), applicant pipeline pages (3), public stage pages (2), admin pipeline pages (5), shared stage components (3), SSE route, live hook. Phase 6 refit: 23 routers/services migrated from roundId to stageId, all frontend components refitted. Deleted round.ts (985 lines), roundTemplate.ts, round-helpers.ts, round-settings.ts, round-type-settings.tsx, 10 legacy admin pages, 7 legacy jury pages, 3 legacy dialogs. Phase 7 validation: 36 tests (10 unit + 8 integration files) all passing, TypeScript 0 errors, Next.js build succeeds, 13 integrity checks, legacy symbol sweep clean, auto-seed on first Docker startup. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-13 13:57:09 +01:00			`/**`
			`* U-010: Award Governance — Unauthorized AWARD_MASTER`
			`*`
			`* Tests that non-AWARD_MASTER users cannot call finalizeWinners.`
			`*/`

			`import { describe, it, expect, beforeAll, afterAll } from 'vitest'`
			`import { prisma, createTestContext } from '../setup'`
			`import {`
			`createTestUser,`
			`createTestProgram,`
			`createTestPipeline,`
			`createTestTrack,`
			`createTestStage,`
			`createTestProject,`
			`cleanupTestData,`
			`} from '../helpers'`
			`import { awardRouter } from '@/server/routers/award'`

			`let programId: string`
			`let userIds: string[] = []`

			`beforeAll(async () => {`
			`const program = await createTestProgram({ name: 'Award Gov Test' })`
			`programId = program.id`
			`})`

			`afterAll(async () => {`
			`await cleanupTestData(programId, userIds)`
			`})`

			`describe('U-010: Award Governance — Unauthorized AWARD_MASTER', () => {`
			`it('rejects finalizeWinners when called by a JURY_MEMBER', async () => {`
			`const jury = await createTestUser('JURY_MEMBER', { name: 'Unauthorized Jury' })`
			`userIds.push(jury.id)`

			`// Create award track infrastructure using admin`
			`const admin = await createTestUser('SUPER_ADMIN')`
			`userIds.push(admin.id)`

			`const pipeline = await createTestPipeline(programId)`
			`const track = await prisma.track.create({`
			`data: {`
			`pipelineId: pipeline.id,`
			`name: 'Award Track',`
			slug: `award-${Date.now()}`,
			`kind: 'AWARD',`
			`sortOrder: 1,`
			`decisionMode: 'AWARD_MASTER_DECISION',`
			`},`
			`})`

			`const stage = await createTestStage(track.id, {`
			`name: 'Award Stage',`
			`stageType: 'EVALUATION',`
			`status: 'STAGE_ACTIVE',`
			`})`

			`// Create a SpecialAward linked to the track`
			`const award = await prisma.specialAward.create({`
			`data: {`
			`programId,`
			`name: 'Best Innovation',`
			`trackId: track.id,`
			`status: 'VOTING_OPEN',`
			`scoringMode: 'PICK_WINNER',`
			`sortOrder: 0,`
			`},`
			`})`

			`// Create an eligible project`
			`const project = await createTestProject(programId, { title: 'Award Project' })`
			`await prisma.awardEligibility.create({`
			`data: {`
			`awardId: award.id,`
			`projectId: project.id,`
			`eligible: true,`
			`method: 'MANUAL',`
			`},`
			`})`

			`// Attempt to call finalizeWinners as JURY_MEMBER — should be rejected`
			`const juryCtx = createTestContext(jury)`
			`const juryCaller = awardRouter.createCaller(juryCtx)`

			`await expect(`
			`juryCaller.finalizeWinners({`
			`trackId: track.id,`
			`winnerProjectId: project.id,`
			`})`
			`).rejects.toThrow() // Should throw FORBIDDEN or UNAUTHORIZED`

			`// Verify the award still has no winner`
			`const unchangedAward = await prisma.specialAward.findUnique({`
			`where: { id: award.id },`
			`})`
			`expect(unchangedAward!.winnerProjectId).toBeNull()`
			`})`

			`it('allows SUPER_ADMIN to finalize winners (awardMasterProcedure permits)', async () => {`
			`const admin = await createTestUser('SUPER_ADMIN', { name: 'Admin Award Master' })`
			`userIds.push(admin.id)`

			`const pipeline = await createTestPipeline(programId)`
			`const track = await prisma.track.create({`
			`data: {`
			`pipelineId: pipeline.id,`
			`name: 'Admin Award Track',`
			slug: `admin-award-${Date.now()}`,
			`kind: 'AWARD',`
			`sortOrder: 2,`
			`decisionMode: 'AWARD_MASTER_DECISION',`
			`},`
			`})`

			`await createTestStage(track.id, {`
			`name: 'Admin Award Stage',`
			`stageType: 'EVALUATION',`
			`status: 'STAGE_ACTIVE',`
			`})`

			`const award = await prisma.specialAward.create({`
			`data: {`
			`programId,`
			`name: 'Admin Award',`
			`trackId: track.id,`
			`status: 'VOTING_OPEN',`
			`scoringMode: 'PICK_WINNER',`
			`sortOrder: 0,`
			`},`
			`})`

			`const project = await createTestProject(programId, { title: 'Winning Project' })`
			`await prisma.awardEligibility.create({`
			`data: {`
			`awardId: award.id,`
			`projectId: project.id,`
			`eligible: true,`
			`method: 'MANUAL',`
			`},`
			`})`

			`const adminCtx = createTestContext(admin)`
			`const adminCaller = awardRouter.createCaller(adminCtx)`

			`const result = await adminCaller.finalizeWinners({`
			`trackId: track.id,`
			`winnerProjectId: project.id,`
			`})`

			`expect(result.winnerProjectId).toBe(project.id)`
			`expect(result.status).toBe('CLOSED')`
			`})`
			`})`