/**
 * Security regression: only an existing super-admin caller can mint a
 * super-admin CRM invitation. A port `director` (or any caller without
 * `invitedBy.isSuperAdmin === true`) must be rejected at the service layer
 * even if the route handler somehow lets the body flag through.
 */

import { describe, it, expect } from 'vitest';

import { createCrmInvite } from '@/lib/services/crm-invite.service';
import { ValidationError } from '@/lib/errors';

describe('createCrmInvite — super-admin gate', () => {
  it('rejects super-admin invites when caller is not a super-admin', async () => {
    await expect(
      createCrmInvite({
        email: `attacker-${Date.now()}@example.test`,
        isSuperAdmin: true,
        invitedBy: { userId: 'director-id', isSuperAdmin: false },
      }),
    ).rejects.toThrow(ValidationError);
  });

  it('rejects super-admin invites when invitedBy is omitted entirely', async () => {
    await expect(
      createCrmInvite({
        email: `attacker-${Date.now()}-noctx@example.test`,
        isSuperAdmin: true,
      }),
    ).rejects.toThrow(ValidationError);
  });
});