test(e2e): sprint 5 acceptance — US-26 / US-27 / US-28 + adaptations dropdown sprint 2-4

- us26: add AC-26.4 isinstance guard (technique_ids string→400) + AC-26.7 cascade test (DELETE template does not affect instantiated sim) - us27: add NIT-1 dropdown Escape/click-outside close, NIT-2 empty-engagement dropdown visibility - 49 sprint 5 tests passing, 206/207 full suite passing (us1 pre-existing isolation issue) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 07:23:33 +02:00
parent 2e59743af5
commit 54959c7d5b
2 changed files with 107 additions and 0 deletions
--- a/e2e/tests/us26-templates-crud.spec.ts
+++ b/e2e/tests/us26-templates-crud.spec.ts
@@ -153,6 +153,15 @@ test.describe('US-26 — templates CRUD', () => {
    expect(r.data.error).toMatch(/unknown tactic id.*TA9999/i);
  });

+  test('AC-26.4 — POST technique_ids as string (not list) → 400 (isinstance guard)', async () => {
+    const r = await makeClient(redteamToken).post('/templates', {
+      name: 'US26 bad technique_ids type',
+      technique_ids: 'T1059',
+    });
+    expect(r.status).toBe(400);
+    expect(r.data.error).toMatch(/technique_ids must be a list/i);
+  });
+
  test('AC-26.4 — SOC POST → 403', async () => {
    const r = await makeClient(socToken).post('/templates', { name: 'soc template attempt' });
    expect(r.status).toBe(403);
@@ -239,6 +248,47 @@ test.describe('US-26 — templates CRUD', () => {
    await deleteTemplate(redteamToken, t.id);
  });

+  test('AC-26.7 — DELETE template does NOT cascade to instantiated simulations', async () => {
+    const tok = await adminToken();
+    // Create engagement
+    const engR = await makeClient(tok).post('/engagements', {
+      name: 'US26 cascade eng',
+      start_date: '2026-01-01',
+    });
+    expect(engR.status).toBe(201);
+    const engId = engR.data.id as number;
+
+    // Create template with distinct RT fields
+    const tmpl = await createTemplate(redteamToken, {
+      name: 'US26 cascade template',
+      description: 'cascade test desc',
+      commands: 'cascade cmd',
+      tactic_ids: ['TA0007'],
+    });
+
+    // Instantiate simulation from template
+    const simR = await makeClient(redteamToken).post(`/engagements/${engId}/simulations`, {
+      template_id: tmpl.id,
+    });
+    expect(simR.status).toBe(201);
+    const simId = simR.data.id as number;
+
+    // Delete the template
+    const del = await makeClient(redteamToken).delete(`/templates/${tmpl.id}`);
+    expect(del.status).toBe(204);
+
+    // Simulation must still exist with RT fields copied at instantiation time
+    const simCheck = await makeClient(redteamToken).get(`/simulations/${simId}`);
+    expect(simCheck.status).toBe(200);
+    expect(simCheck.data.name).toBe('US26 cascade template');
+    expect(simCheck.data.description).toBe('cascade test desc');
+    expect(simCheck.data.commands).toBe('cascade cmd');
+
+    // Cleanup
+    await makeClient(tok).delete(`/simulations/${simId}`);
+    await makeClient(tok).delete(`/engagements/${engId}`);
+  });
+
  // AC-26.8 — UI /admin/templates page
  test('AC-26.8 — /admin/templates page is accessible to redteam, shows table + New button', async ({
    page,