orion/tests/integration/api/v1/admin/test_users.py

# tests/integration/api/v1/admin/test_users.py
"""Integration tests for admin user management endpoints.

Tests the /api/v1/admin/users/* endpoints.
"""

import pytest


@pytest.mark.integration
@pytest.mark.api
@pytest.mark.admin
class TestAdminUsersAPI:
    """Test admin user management endpoints at /api/v1/admin/users/*."""

    def test_get_all_users_admin(self, client, admin_headers, test_user):
        """Test admin getting all users."""
        response = client.get("/api/v1/admin/users", headers=admin_headers)

        assert response.status_code == 200
        data = response.json()
        # Response is paginated with items, total, page, per_page, pages
        assert "items" in data
        assert "total" in data
        assert "page" in data
        assert "per_page" in data
        assert "pages" in data
        assert data["total"] >= 2  # test_user + admin user

        # Check that test_user is in the response
        user_ids = [user["id"] for user in data["items"] if "id" in user]
        assert test_user.id in user_ids

    def test_get_all_users_non_admin(self, client, auth_headers):
        """Test non-admin trying to access admin endpoint."""
        response = client.get("/api/v1/admin/users", headers=auth_headers)

        assert response.status_code == 403
        data = response.json()
        assert data["error_code"] == "ADMIN_REQUIRED"
        assert "Admin privileges required" in data["message"]

    def test_toggle_user_status_admin(self, client, admin_headers, test_user):
        """Test admin toggling user status."""
        response = client.put(
            f"/api/v1/admin/users/{test_user.id}/status", headers=admin_headers
        )

        assert response.status_code == 200
        message = response.json()["message"]
        assert "deactivated" in message or "activated" in message
        assert test_user.username in message

    def test_toggle_user_status_user_not_found(self, client, admin_headers):
        """Test admin toggling status for non-existent user."""
        response = client.put("/api/v1/admin/users/99999/status", headers=admin_headers)

        assert response.status_code == 404
        data = response.json()
        assert data["error_code"] == "USER_NOT_FOUND"
        assert "User with ID '99999' not found" in data["message"]

    def test_toggle_user_status_cannot_modify_self(
        self, client, admin_headers, test_admin
    ):
        """Test that admin cannot modify their own account."""
        response = client.put(
            f"/api/v1/admin/users/{test_admin.id}/status", headers=admin_headers
        )

        assert response.status_code == 400
        data = response.json()
        assert data["error_code"] == "CANNOT_MODIFY_SELF"
        assert (
            "Cannot perform 'deactivate account' on your own account" in data["message"]
        )

    def test_toggle_user_status_cannot_modify_admin(
        self, client, admin_headers, test_admin, another_admin
    ):
        """Test that admin cannot modify another admin."""
        response = client.put(
            f"/api/v1/admin/users/{another_admin.id}/status", headers=admin_headers
        )

        assert response.status_code == 400
        data = response.json()
        assert data["error_code"] == "USER_STATUS_CHANGE_FAILED"
        assert "Cannot modify another admin user" in data["message"]

    def test_get_user_statistics(self, client, admin_headers):
        """Test admin getting user statistics."""
        response = client.get("/api/v1/admin/users/stats", headers=admin_headers)

        assert response.status_code == 200
        data = response.json()
        assert "total_users" in data
        assert "active_users" in data
        assert "inactive_users" in data
        assert "activation_rate" in data
        assert isinstance(data["total_users"], int)

    def test_admin_pagination_users(self, client, admin_headers, test_user, test_admin):
        """Test user pagination works correctly."""
        response = client.get(
            "/api/v1/admin/users?page=1&per_page=1", headers=admin_headers
        )
        assert response.status_code == 200
        data = response.json()
        assert "items" in data
        assert len(data["items"]) == 1
        assert data["per_page"] == 1

        # Test second page
        response = client.get(
            "/api/v1/admin/users?page=2&per_page=1", headers=admin_headers
        )
        assert response.status_code == 200
        data = response.json()
        assert "items" in data
        assert len(data["items"]) >= 0