156 lines
4.5 KiB
Go
156 lines
4.5 KiB
Go
package handlers
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"os"
|
|
"strings"
|
|
"testing"
|
|
|
|
"ginimageApi/app/accounts/models"
|
|
"ginimageApi/app/middleware"
|
|
"ginimageApi/configs"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func TestAdminUserProfileGetAndUpdate(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
t.Setenv("JWT_SECRET", "test-secret")
|
|
setupHandlersTestDB(t)
|
|
|
|
adminFlag := true
|
|
active := true
|
|
verified := true
|
|
adminUser := models.User{
|
|
UserName: "admin",
|
|
Email: "admin-profile@example.com",
|
|
Password: "x",
|
|
IsAdmin: &adminFlag,
|
|
IsActive: &active,
|
|
EmailVerified: &verified,
|
|
}
|
|
if err := configs.DB.Create(&adminUser).Error; err != nil {
|
|
t.Fatalf("create admin failed: %v", err)
|
|
}
|
|
|
|
targetFlag := false
|
|
target := models.User{
|
|
UserName: "target",
|
|
Email: "target-profile@example.com",
|
|
Password: "x",
|
|
IsAdmin: &targetFlag,
|
|
IsActive: &active,
|
|
EmailVerified: &verified,
|
|
}
|
|
if err := configs.DB.Create(&target).Error; err != nil {
|
|
t.Fatalf("create target failed: %v", err)
|
|
}
|
|
oldAvatarURL, oldAvatarPath := createOldAvatarFixture(t, "old_admin_target_avatar.png")
|
|
seedProfile := models.Profile{UserID: uint64(target.ID), AvatarURL: oldAvatarURL}
|
|
if err := configs.DB.Create(&seedProfile).Error; err != nil {
|
|
t.Fatalf("seed profile failed: %v", err)
|
|
}
|
|
|
|
token, err := middleware.BuildAccessTokenForUser(adminUser)
|
|
if err != nil {
|
|
t.Fatalf("token create failed: %v", err)
|
|
}
|
|
|
|
r := gin.New()
|
|
r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile)
|
|
r.PUT("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), UpdateAdminUserProfile)
|
|
|
|
// Profile kaydi yoksa GET ile otomatik olusmali.
|
|
wGet := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{
|
|
"Authorization": "Bearer " + token,
|
|
})
|
|
if wGet.Code != http.StatusOK {
|
|
t.Fatalf("get admin profile expected 200, got %d body=%s", wGet.Code, wGet.Body.String())
|
|
}
|
|
|
|
var getResp map[string]any
|
|
if err := json.Unmarshal(wGet.Body.Bytes(), &getResp); err != nil {
|
|
t.Fatalf("parse get response failed: %v", err)
|
|
}
|
|
if int(getResp["user_id"].(float64)) != int(target.ID) {
|
|
t.Fatalf("user_id mismatch in get response")
|
|
}
|
|
|
|
wPut := performMultipart(
|
|
r,
|
|
http.MethodPut,
|
|
"/admin/users/"+toString(target.ID)+"/profile",
|
|
map[string]string{"first_name": "Admin", "last_name": "Updated"},
|
|
"avatar",
|
|
"admin.png",
|
|
tinyPNGFixture(t),
|
|
map[string]string{"Authorization": "Bearer " + token},
|
|
)
|
|
if wPut.Code != http.StatusOK {
|
|
t.Fatalf("update admin profile expected 200, got %d body=%s", wPut.Code, wPut.Body.String())
|
|
}
|
|
|
|
var profile models.Profile
|
|
if err := configs.DB.Where("user_id = ?", target.ID).First(&profile).Error; err != nil {
|
|
t.Fatalf("profile should exist after update: %v", err)
|
|
}
|
|
if profile.FirstName != "Admin" || profile.LastName != "Updated" {
|
|
t.Fatalf("profile name mismatch: %+v", profile)
|
|
}
|
|
if !strings.HasPrefix(profile.AvatarURL, "/uploads/avatars/") {
|
|
t.Fatalf("avatar path mismatch: %s", profile.AvatarURL)
|
|
}
|
|
if _, err := os.Stat(oldAvatarPath); !os.IsNotExist(err) {
|
|
t.Fatalf("old avatar should be deleted, err=%v", err)
|
|
}
|
|
}
|
|
|
|
func TestAdminUserProfileRequiresAdminRole(t *testing.T) {
|
|
gin.SetMode(gin.TestMode)
|
|
t.Setenv("JWT_SECRET", "test-secret")
|
|
setupHandlersTestDB(t)
|
|
|
|
active := true
|
|
verified := true
|
|
nonAdminFlag := false
|
|
nonAdmin := models.User{
|
|
UserName: "nonadmin",
|
|
Email: "nonadmin-profile@example.com",
|
|
Password: "x",
|
|
IsAdmin: &nonAdminFlag,
|
|
IsActive: &active,
|
|
EmailVerified: &verified,
|
|
}
|
|
if err := configs.DB.Create(&nonAdmin).Error; err != nil {
|
|
t.Fatalf("create non-admin failed: %v", err)
|
|
}
|
|
|
|
target := models.User{
|
|
UserName: "target2",
|
|
Email: "target2-profile@example.com",
|
|
Password: "x",
|
|
IsAdmin: &nonAdminFlag,
|
|
IsActive: &active,
|
|
EmailVerified: &verified,
|
|
}
|
|
if err := configs.DB.Create(&target).Error; err != nil {
|
|
t.Fatalf("create target failed: %v", err)
|
|
}
|
|
|
|
token, err := middleware.BuildAccessTokenForUser(nonAdmin)
|
|
if err != nil {
|
|
t.Fatalf("token create failed: %v", err)
|
|
}
|
|
|
|
r := gin.New()
|
|
r.GET("/admin/users/:id/profile", middleware.AuthRequired(), middleware.AdminRequired(), GetAdminUserProfile)
|
|
|
|
w := performJSON(r, http.MethodGet, "/admin/users/"+toString(target.ID)+"/profile", nil, map[string]string{
|
|
"Authorization": "Bearer " + token,
|
|
})
|
|
if w.Code != http.StatusForbidden {
|
|
t.Fatalf("expected 403 for non-admin, got %d body=%s", w.Code, w.Body.String())
|
|
}
|
|
}
|