first commit
This commit is contained in:
155
app/accounts/handlers/admin_users_test.go
Normal file
155
app/accounts/handlers/admin_users_test.go
Normal file
@@ -0,0 +1,155 @@
|
||||
package handlers
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"ginimageApi/app/accounts/models"
|
||||
"ginimageApi/app/middleware"
|
||||
"ginimageApi/configs"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func TestAdminUserProfileGetAndUpdate(t *testing.T) {
|
||||
gin.SetMode(gin.TestMode)
|
||||
t.Setenv("JWT_SECRET", "test-secret")
|
||||
setupHandlersTestDB(t)
|
||||
|
||||
adminFlag := true
|
||||
active := true
|
||||
verified := true
|
||||
adminUser := models.User{
|
||||
UserName: "admin",
|
||||
Email: "admin-profile@example.com",
|
||||
Password: "x",
|
||||
IsAdmin: &adminFlag,
|
||||
IsActive: &active,
|
||||
EmailVerified: &verified,
|
||||
}
|
||||
if err := configs.DB.Create(&adminUser).Error; err != nil {
|
||||
t.Fatalf("create admin failed: %v", err)
|
||||
}
|
||||
|
||||
targetFlag := false
|
||||
target := models.User{
|
||||
UserName: "target",
|
||||
Email: "target-profile@example.com",
|
||||
Password: "x",
|
||||
IsAdmin: &targetFlag,
|
||||
IsActive: &active,
|
||||
EmailVerified: &verified,
|
||||
}
|
||||
if err := configs.DB.Create(&target).Error; err != nil {
|
||||
t.Fatalf("create target failed: %v", err)
|
||||
}
|
||||
oldAvatarURL, oldAvatarPath := createOldAvatarFixture(t, "old_admin_target_avatar.png")
|
||||
seedProfile := models.Profile{UserID: uint64(target.ID), AvatarURL: oldAvatarURL}
|
||||
if err := configs.DB.Create(&seedProfile).Error; err != nil {
|
||||
t.Fatalf("seed profile failed: %v", err)
|
||||
}
|
||||
|
||||
token, err := middleware.BuildAccessTokenForUser(adminUser)
|
||||
if err != nil {
|
||||
t.Fatalf("token create failed: %v", err)
|
||||
}
|
||||
|
||||
r := gin.New()
|
||||
r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile)
|
||||
r.PUT("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), UpdateAdminUserProfile)
|
||||
|
||||
// Profile kaydi yoksa GET ile otomatik olusmali.
|
||||
wGet := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{
|
||||
"Authorization": "Bearer " + token,
|
||||
})
|
||||
if wGet.Code != http.StatusOK {
|
||||
t.Fatalf("get admin profile expected 200, got %d body=%s", wGet.Code, wGet.Body.String())
|
||||
}
|
||||
|
||||
var getResp map[string]any
|
||||
if err := json.Unmarshal(wGet.Body.Bytes(), &getResp); err != nil {
|
||||
t.Fatalf("parse get response failed: %v", err)
|
||||
}
|
||||
if int(getResp["user_id"].(float64)) != int(target.ID) {
|
||||
t.Fatalf("user_id mismatch in get response")
|
||||
}
|
||||
|
||||
wPut := performMultipart(
|
||||
r,
|
||||
http.MethodPut,
|
||||
"/admin/users/"+toString(target.ID)+"/profile",
|
||||
map[string]string{"first_name": "Admin", "last_name": "Updated"},
|
||||
"avatar",
|
||||
"admin.png",
|
||||
tinyPNGFixture(t),
|
||||
map[string]string{"Authorization": "Bearer " + token},
|
||||
)
|
||||
if wPut.Code != http.StatusOK {
|
||||
t.Fatalf("update admin profile expected 200, got %d body=%s", wPut.Code, wPut.Body.String())
|
||||
}
|
||||
|
||||
var profile models.Profile
|
||||
if err := configs.DB.Where("user_id = ?", target.ID).First(&profile).Error; err != nil {
|
||||
t.Fatalf("profile should exist after update: %v", err)
|
||||
}
|
||||
if profile.FirstName != "Admin" || profile.LastName != "Updated" {
|
||||
t.Fatalf("profile name mismatch: %+v", profile)
|
||||
}
|
||||
if !strings.HasPrefix(profile.AvatarURL, "/uploads/avatars/") {
|
||||
t.Fatalf("avatar path mismatch: %s", profile.AvatarURL)
|
||||
}
|
||||
if _, err := os.Stat(oldAvatarPath); !os.IsNotExist(err) {
|
||||
t.Fatalf("old avatar should be deleted, err=%v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAdminUserProfileRequiresAdminRole(t *testing.T) {
|
||||
gin.SetMode(gin.TestMode)
|
||||
t.Setenv("JWT_SECRET", "test-secret")
|
||||
setupHandlersTestDB(t)
|
||||
|
||||
active := true
|
||||
verified := true
|
||||
nonAdminFlag := false
|
||||
nonAdmin := models.User{
|
||||
UserName: "nonadmin",
|
||||
Email: "nonadmin-profile@example.com",
|
||||
Password: "x",
|
||||
IsAdmin: &nonAdminFlag,
|
||||
IsActive: &active,
|
||||
EmailVerified: &verified,
|
||||
}
|
||||
if err := configs.DB.Create(&nonAdmin).Error; err != nil {
|
||||
t.Fatalf("create non-admin failed: %v", err)
|
||||
}
|
||||
|
||||
target := models.User{
|
||||
UserName: "target2",
|
||||
Email: "target2-profile@example.com",
|
||||
Password: "x",
|
||||
IsAdmin: &nonAdminFlag,
|
||||
IsActive: &active,
|
||||
EmailVerified: &verified,
|
||||
}
|
||||
if err := configs.DB.Create(&target).Error; err != nil {
|
||||
t.Fatalf("create target failed: %v", err)
|
||||
}
|
||||
|
||||
token, err := middleware.BuildAccessTokenForUser(nonAdmin)
|
||||
if err != nil {
|
||||
t.Fatalf("token create failed: %v", err)
|
||||
}
|
||||
|
||||
r := gin.New()
|
||||
r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile)
|
||||
|
||||
w := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{
|
||||
"Authorization": "Bearer " + token,
|
||||
})
|
||||
if w.Code != http.StatusForbidden {
|
||||
t.Fatalf("expected 403 for non-admin, got %d body=%s", w.Code, w.Body.String())
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user