package financewithdrawal import "testing" func TestCanAuditWithdrawalUsesDedicatedPermission(t *testing.T) { if !canAuditWithdrawal([]string{"finance-withdrawal:audit"}) { t.Fatal("dedicated withdrawal audit permission must allow auditing") } if canAuditWithdrawal([]string{"finance-application:audit"}) { t.Fatal("removed finance application permission must not authorize withdrawal auditing") } }