chore(test): Fix locator in dev auth smoke tests

[Tobbe]

.toBeTruthy() on a Locator always passes

page.locator(...) returns a Locator object, which is always a non-null JavaScript object and is therefore always truthy. Checking toBeTruthy() will never fail regardless of whether the error text that we're looking for is actually visible on the page, making the anonymous-user guard completely untested. The same pattern appears in both authChecks.spec.ts and rbacChecks.spec.ts on the non-admin delete test.

[netlify]

✅ Deploy Preview for cedarjs canceled.

Name	Link
🔨 Latest commit	fdd335d
🔍 Latest deploy log	https://app.netlify.com/projects/cedarjs/deploys/6a33db507156ca0008b8dfaf

[greptile-apps]

Greptile Summary

This PR fixes two smoke tests where expect(page.locator(...)).toBeTruthy() was used instead of await expect(page.locator(...)).toBeVisible(). Because page.locator() always returns a non-null Locator object, the old assertions always passed — the permission-denied guards were completely untested.

• authChecks.spec.ts: adds await and switches to toBeVisible() on the anonymous-user "You don't have permission to do that" error check.
• rbacChecks.spec.ts: same await/toBeVisible() fix, plus corrects the expected error text to \"You don't have access to do that\" to match the string the app actually renders.

Confidence Score: 5/5

Safe to merge — the change only fixes previously inert test assertions so the smoke tests now actually validate what they claim to check.

Both changed files are test-only. The fixes are minimal and correct: adding await makes the Playwright assertion asynchronous as required, and swapping toBeTruthy() for toBeVisible() turns a no-op check into a real visibility assertion. The text-string correction in rbacChecks aligns the test with the actual UI message. No production code is touched.

No files require special attention.

Important Files Changed

Filename	Overview
tasks/smoke-tests/dev/tests/authChecks.spec.ts	Fixes the anonymous-user guard assertion: adds await and replaces toBeTruthy() with toBeVisible() so the locator check actually validates element presence on the page.
tasks/smoke-tests/dev/tests/rbacChecks.spec.ts	Same await/toBeVisible() fix as authChecks; also corrects the expected error text from "permission" to "access" to match what the app actually renders.

_{Reviews (2): Last reviewed commit: "Fix expected text" | Re-trigger Greptile}

[nx-cloud]

🤖 Nx Cloud AI Fix

Ensure the fix-ci command is configured to always run in your CI pipeline to get automatic fixes in future runs. For more information, please see https://nx.dev/ci/features/self-healing-ci

---

View your CI Pipeline Execution ↗ for commit fdd335d

Command	Status	Duration	Result
nx run-many -t build:pack --exclude create-ceda...	✅ Succeeded	1s	View ↗
nx run-many -t build	✅ Succeeded	5s	View ↗
nx run-many -t test --minWorkers=1 --maxWorkers=4	✅ Succeeded	7s	View ↗
nx run-many -t test:types	✅ Succeeded	10s	View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗

---

☁️ Nx Cloud last updated this comment at 2026-06-18 12:00:36 UTC

[github-actions]

The changes in this PR are now available on npm.

Try them out by running yarn cedar upgrade -t 5.0.0-canary.2497

Or try it in a new app with yarn dlx create-cedar-app@5.0.0-canary.2497