package handlers import ( "encoding/json" "net/http" "os" "strings" "testing" "ginimageApi/app/accounts/models" "ginimageApi/app/middleware" "ginimageApi/configs" "github.com/gin-gonic/gin" ) func TestAdminUserProfileGetAndUpdate(t *testing.T) { gin.SetMode(gin.TestMode) t.Setenv("JWT_SECRET", "test-secret") setupHandlersTestDB(t) adminFlag := true active := true verified := true adminUser := models.User{ UserName: "admin", Email: "admin-profile@example.com", Password: "x", IsAdmin: &adminFlag, IsActive: &active, EmailVerified: &verified, } if err := configs.DB.Create(&adminUser).Error; err != nil { t.Fatalf("create admin failed: %v", err) } targetFlag := false target := models.User{ UserName: "target", Email: "target-profile@example.com", Password: "x", IsAdmin: &targetFlag, IsActive: &active, EmailVerified: &verified, } if err := configs.DB.Create(&target).Error; err != nil { t.Fatalf("create target failed: %v", err) } oldAvatarURL, oldAvatarPath := createOldAvatarFixture(t, "old_admin_target_avatar.png") seedProfile := models.Profile{UserID: uint64(target.ID), AvatarURL: oldAvatarURL} if err := configs.DB.Create(&seedProfile).Error; err != nil { t.Fatalf("seed profile failed: %v", err) } token, err := middleware.BuildAccessTokenForUser(adminUser) if err != nil { t.Fatalf("token create failed: %v", err) } r := gin.New() r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile) r.PUT("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), UpdateAdminUserProfile) // Profile kaydi yoksa GET ile otomatik olusmali. wGet := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{ "Authorization": "Bearer " + token, }) if wGet.Code != http.StatusOK { t.Fatalf("get admin profile expected 200, got %d body=%s", wGet.Code, wGet.Body.String()) } var getResp map[string]any if err := json.Unmarshal(wGet.Body.Bytes(), &getResp); err != nil { t.Fatalf("parse get response failed: %v", err) } if int(getResp["user_id"].(float64)) != int(target.ID) { t.Fatalf("user_id mismatch in get response") } wPut := performMultipart( r, http.MethodPut, "/admin/users/"+toString(target.ID)+"/profile", map[string]string{"first_name": "Admin", "last_name": "Updated"}, "avatar", "admin.png", tinyPNGFixture(t), map[string]string{"Authorization": "Bearer " + token}, ) if wPut.Code != http.StatusOK { t.Fatalf("update admin profile expected 200, got %d body=%s", wPut.Code, wPut.Body.String()) } var profile models.Profile if err := configs.DB.Where("user_id = ?", target.ID).First(&profile).Error; err != nil { t.Fatalf("profile should exist after update: %v", err) } if profile.FirstName != "Admin" || profile.LastName != "Updated" { t.Fatalf("profile name mismatch: %+v", profile) } if !strings.HasPrefix(profile.AvatarURL, "/uploads/avatars/") { t.Fatalf("avatar path mismatch: %s", profile.AvatarURL) } if _, err := os.Stat(oldAvatarPath); !os.IsNotExist(err) { t.Fatalf("old avatar should be deleted, err=%v", err) } } func TestAdminUserProfileRequiresAdminRole(t *testing.T) { gin.SetMode(gin.TestMode) t.Setenv("JWT_SECRET", "test-secret") setupHandlersTestDB(t) active := true verified := true nonAdminFlag := false nonAdmin := models.User{ UserName: "nonadmin", Email: "nonadmin-profile@example.com", Password: "x", IsAdmin: &nonAdminFlag, IsActive: &active, EmailVerified: &verified, } if err := configs.DB.Create(&nonAdmin).Error; err != nil { t.Fatalf("create non-admin failed: %v", err) } target := models.User{ UserName: "target2", Email: "target2-profile@example.com", Password: "x", IsAdmin: &nonAdminFlag, IsActive: &active, EmailVerified: &verified, } if err := configs.DB.Create(&target).Error; err != nil { t.Fatalf("create target failed: %v", err) } token, err := middleware.BuildAccessTokenForUser(nonAdmin) if err != nil { t.Fatalf("token create failed: %v", err) } r := gin.New() r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile) w := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{ "Authorization": "Bearer " + token, }) if w.Code != http.StatusForbidden { t.Fatalf("expected 403 for non-admin, got %d body=%s", w.Code, w.Body.String()) } }