if (endpoint.allowed.includes(role)) expect(statusCode).toBe(200); else expect(statusCode).toBe(403); // Forbidden
"Rollspecifika test" is about more than just checking boxes on a compliance sheet. It is about verifying the integrity of your system's boundaries.
roles.forEach(role => endpoints.forEach(endpoint => test(`$role accessing $endpoint.url`, () => loginAs(role); visit(endpoint.url);
English 
