1 files changed, 49 insertions, 0 deletions

diff --git a/test/silmataivas_web/plugs/admin_only_test.exs b/test/silmataivas_web/plugs/admin_only_test.exs
new file mode 100644
index 0000000..cf939a2
--- /dev/null
+++ b/test/silmataivas_web/plugs/admin_only_test.exs
@@ -0,0 +1,49 @@
+defmodule SilmataivasWeb.AdminOnlyTest do
+  use SilmataivasWeb.ConnCase
+
+  import Silmataivas.UsersFixtures
+
+  alias SilmataivasWeb.Plugs.AdminOnly
+
+  describe "admin_only plug" do
+    test "allows admin users to access protected routes", %{conn: conn} do
+      # Create an admin user
+      admin = user_fixture(%{role: "admin"})
+
+      # Set up the connection with the admin user
+      conn =
+        conn
+        |> assign(:current_user, admin)
+        |> AdminOnly.call(%{})
+
+      # Verify the connection is allowed to continue
+      refute conn.halted
+    end
+
+    test "rejects non-admin users from accessing protected routes", %{conn: conn} do
+      # Create a regular user
+      regular_user = user_fixture(%{role: "user"})
+
+      # Set up the connection with the regular user
+      conn =
+        conn
+        |> assign(:current_user, regular_user)
+        |> AdminOnly.call(%{})
+
+      # Verify the connection is halted
+      assert conn.halted
+      assert conn.status == 403
+      assert conn.resp_body == "Forbidden"
+    end
+
+    test "rejects unauthenticated requests from accessing protected routes", %{conn: conn} do
+      # Set up the connection with no user
+      conn = AdminOnly.call(conn, %{})
+
+      # Verify the connection is halted
+      assert conn.halted
+      assert conn.status == 403
+      assert conn.resp_body == "Forbidden"
+    end
+  end
+end