# tests/integration/api/v1/test_admin_endpoints.py import pytest @pytest.mark.integration @pytest.mark.api @pytest.mark.admin class TestAdminAPI: def test_get_all_users_admin(self, client, admin_headers, test_user): """Test admin getting all users""" response = client.get("/api/v1/admin/users", headers=admin_headers) assert response.status_code == 200 data = response.json() assert len(data) >= 2 # test_user + admin user # Check that test_user is in the response user_ids = [user["id"] for user in data if "id" in user] assert test_user.id in user_ids def test_get_all_users_non_admin(self, client, auth_headers): """Test non-admin trying to access admin endpoint""" response = client.get("/api/v1/admin/users", headers=auth_headers) assert response.status_code == 403 data = response.json() assert data["error_code"] == "ADMIN_REQUIRED" assert "Admin privileges required" in data["message"] def test_toggle_user_status_admin(self, client, admin_headers, test_user): """Test admin toggling user status""" response = client.put( f"/api/v1/admin/users/{test_user.id}/status", headers=admin_headers ) assert response.status_code == 200 message = response.json()["message"] assert "deactivated" in message or "activated" in message # Verify the username is in the message assert test_user.username in message def test_toggle_user_status_user_not_found(self, client, admin_headers): """Test admin toggling status for non-existent user""" response = client.put("/api/v1/admin/users/99999/status", headers=admin_headers) assert response.status_code == 404 data = response.json() assert data["error_code"] == "USER_NOT_FOUND" assert "User with ID '99999' not found" in data["message"] def test_toggle_user_status_cannot_modify_self( self, client, admin_headers, test_admin ): """Test that admin cannot modify their own account""" response = client.put( f"/api/v1/admin/users/{test_admin.id}/status", headers=admin_headers ) assert response.status_code == 400 # Business logic error data = response.json() assert data["error_code"] == "CANNOT_MODIFY_SELF" assert ( "Cannot perform 'deactivate account' on your own account" in data["message"] ) def test_toggle_user_status_cannot_modify_admin( self, client, admin_headers, test_admin, another_admin ): """Test that admin cannot modify another admin""" response = client.put( f"/api/v1/admin/users/{another_admin.id}/status", headers=admin_headers ) assert response.status_code == 400 # Business logic error data = response.json() assert data["error_code"] == "USER_STATUS_CHANGE_FAILED" assert "Cannot modify another admin user" in data["message"] def test_get_all_vendors_admin(self, client, admin_headers, test_vendor): """Test admin getting all vendors""" response = client.get("/api/v1/admin/vendors", headers=admin_headers) assert response.status_code == 200 data = response.json() assert data["total"] >= 1 assert len(data["vendors"]) >= 1 # Check that test_vendor is in the response vendor_codes = [ vendor["vendor_code"] for vendor in data["vendors"] if "vendor_code" in vendor ] assert test_vendor.vendor_code in vendor_codes def test_get_all_vendors_non_admin(self, client, auth_headers): """Test non-admin trying to access admin vendor endpoint""" response = client.get("/api/v1/admin/vendors", headers=auth_headers) assert response.status_code == 403 data = response.json() assert data["error_code"] == "ADMIN_REQUIRED" def test_verify_vendor_admin(self, client, admin_headers, test_vendor): """Test admin verifying/unverifying vendor""" response = client.put( f"/api/v1/admin/vendors/{test_vendor.id}/verify", headers=admin_headers ) assert response.status_code == 200 message = response.json()["message"] assert "verified" in message or "unverified" in message assert test_vendor.vendor_code in message def test_verify_vendor_not_found(self, client, admin_headers): """Test admin verifying non-existent vendor""" response = client.put( "/api/v1/admin/vendors/99999/verify", headers=admin_headers ) assert response.status_code == 404 data = response.json() assert data["error_code"] == "VENDOR_NOT_FOUND" assert "Vendor with ID '99999' not found" in data["message"] def test_toggle_vendor_status_admin(self, client, admin_headers, test_vendor): """Test admin toggling vendor status""" response = client.put( f"/api/v1/admin/vendors/{test_vendor.id}/status", headers=admin_headers ) assert response.status_code == 200 message = response.json()["message"] assert "activated" in message or "deactivated" in message assert test_vendor.vendor_code in message def test_toggle_vendor_status_not_found(self, client, admin_headers): """Test admin toggling status for non-existent vendor""" response = client.put( "/api/v1/admin/vendors/99999/status", headers=admin_headers ) assert response.status_code == 404 data = response.json() assert data["error_code"] == "VENDOR_NOT_FOUND" def test_get_marketplace_import_jobs_admin( self, client, admin_headers, test_marketplace_import_job ): """Test admin getting marketplace import jobs""" response = client.get( "/api/v1/admin/marketplace-import-jobs", headers=admin_headers ) assert response.status_code == 200 data = response.json() assert len(data) >= 1 # Check that test_marketplace_import_job is in the response job_ids = [job["job_id"] for job in data if "job_id" in job] assert test_marketplace_import_job.id in job_ids def test_get_marketplace_import_jobs_with_filters( self, client, admin_headers, test_marketplace_import_job ): """Test admin getting marketplace import jobs with filters""" response = client.get( "/api/v1/admin/marketplace-import-jobs", params={"marketplace": test_marketplace_import_job.marketplace}, headers=admin_headers, ) assert response.status_code == 200 data = response.json() assert len(data) >= 1 assert all( job["marketplace"] == test_marketplace_import_job.marketplace for job in data ) def test_get_marketplace_import_jobs_non_admin(self, client, auth_headers): """Test non-admin trying to access marketplace import jobs""" response = client.get( "/api/v1/admin/marketplace-import-jobs", headers=auth_headers ) assert response.status_code == 403 data = response.json() assert data["error_code"] == "ADMIN_REQUIRED" def test_get_user_statistics(self, client, admin_headers): """Test admin getting user statistics""" response = client.get("/api/v1/admin/stats/users", headers=admin_headers) assert response.status_code == 200 data = response.json() assert "total_users" in data assert "active_users" in data assert "inactive_users" in data assert "activation_rate" in data assert isinstance(data["total_users"], int) def test_get_vendor_statistics(self, client, admin_headers): """Test admin getting vendor statistics""" response = client.get("/api/v1/admin/stats/vendors", headers=admin_headers) assert response.status_code == 200 data = response.json() assert "total_vendors" in data assert "active_vendors" in data assert "verified_vendors" in data assert "verification_rate" in data assert isinstance(data["total_vendors"], int) def test_admin_pagination_users(self, client, admin_headers, test_user, test_admin): """Test user pagination works correctly""" # Test first page response = client.get( "/api/v1/admin/users?skip=0&limit=1", headers=admin_headers ) assert response.status_code == 200 data = response.json() assert len(data) == 1 # Test second page response = client.get( "/api/v1/admin/users?skip=1&limit=1", headers=admin_headers ) assert response.status_code == 200 data = response.json() assert len(data) >= 0 # Could be 1 or 0 depending on total users def test_admin_pagination_vendors(self, client, admin_headers, test_vendor): """Test vendor pagination works correctly""" response = client.get( "/api/v1/admin/vendors?skip=0&limit=1", headers=admin_headers ) assert response.status_code == 200 data = response.json() assert data["total"] >= 1 assert len(data["vendors"]) >= 0 assert "skip" in data assert "limit" in data