From d11df8e13ea14fe70e39432b93fa93469400706d Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Wed, 1 Apr 2026 03:21:32 +0100
Subject: [PATCH] test: merge approval auth helper cases

---
 src/plugin-sdk/approval-auth-helpers.test.ts | 83 +++++++++++---------
 1 file changed, 46 insertions(+), 37 deletions(-)

diff --git a/src/plugin-sdk/approval-auth-helpers.test.ts b/src/plugin-sdk/approval-auth-helpers.test.ts
index d257ee284a1..cc00b88666e 100644
--- a/src/plugin-sdk/approval-auth-helpers.test.ts
+++ b/src/plugin-sdk/approval-auth-helpers.test.ts
@@ -2,48 +2,57 @@ import { describe, expect, it } from "vitest";
 import { createResolvedApproverActionAuthAdapter } from "./approval-auth-helpers.js";
 
 describe("createResolvedApproverActionAuthAdapter", () => {
-  it("falls back to generic same-chat auth when no approvers resolve", () => {
-    const auth = createResolvedApproverActionAuthAdapter({
+  it.each([
+    {
+      name: "falls back to generic same-chat auth when no approvers resolve",
       channelLabel: "Slack",
       resolveApprovers: () => [],
-    });
-
-    expect(
-      auth.authorizeActorAction({
-        cfg: {},
-        senderId: "U_OWNER",
-        action: "approve",
-        approvalKind: "exec",
-      }),
-    ).toEqual({ authorized: true });
-  });
-
-  it("allows matching normalized approvers and rejects others", () => {
-    const auth = createResolvedApproverActionAuthAdapter({
+      normalizeSenderId: undefined,
+      cases: [
+        {
+          senderId: "U_OWNER",
+          approvalKind: "exec" as const,
+          expected: { authorized: true },
+        },
+      ],
+    },
+    {
+      name: "allows matching normalized approvers and rejects others",
       channelLabel: "Signal",
       resolveApprovers: () => ["uuid:owner"],
-      normalizeSenderId: (value) => value.trim().toLowerCase(),
+      normalizeSenderId: (value: string) => value.trim().toLowerCase(),
+      cases: [
+        {
+          senderId: " UUID:OWNER ",
+          approvalKind: "plugin" as const,
+          expected: { authorized: true },
+        },
+        {
+          senderId: "uuid:attacker",
+          approvalKind: "plugin" as const,
+          expected: {
+            authorized: false,
+            reason: "❌ You are not authorized to approve plugin requests on Signal.",
+          },
+        },
+      ],
+    },
+  ])("$name", ({ channelLabel, resolveApprovers, normalizeSenderId, cases }) => {
+    const auth = createResolvedApproverActionAuthAdapter({
+      channelLabel,
+      resolveApprovers,
+      normalizeSenderId,
     });
 
-    expect(
-      auth.authorizeActorAction({
-        cfg: {},
-        senderId: " UUID:OWNER ",
-        action: "approve",
-        approvalKind: "plugin",
-      }),
-    ).toEqual({ authorized: true });
-
-    expect(
-      auth.authorizeActorAction({
-        cfg: {},
-        senderId: "uuid:attacker",
-        action: "approve",
-        approvalKind: "plugin",
-      }),
-    ).toEqual({
-      authorized: false,
-      reason: "❌ You are not authorized to approve plugin requests on Signal.",
-    });
+    for (const testCase of cases) {
+      expect(
+        auth.authorizeActorAction({
+          cfg: {},
+          senderId: testCase.senderId,
+          action: "approve",
+          approvalKind: testCase.approvalKind,
+        }),
+      ).toEqual(testCase.expected);
+    }
   });
 });