package handler import ( "baron-sso-backend/internal/domain" "baron-sso-backend/internal/testsupport" "encoding/json" "net/http" "net/http/httptest" "testing" "github.com/gofiber/fiber/v2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" ) func TestTenantHandler_GetTenant_SuperAdmin(t *testing.T) { if !testsupport.DockerAvailable() { t.Skip("Docker provider is unavailable in this environment") } db := newTenantHandlerSeedDeleteDB(t) if err := db.AutoMigrate(&domain.TenantDomain{}); err != nil { t.Fatalf("failed to migrate tenant domains: %v", err) } // Create a test tenant in DB with a valid UUID tenant := domain.Tenant{ ID: "00000000-0000-0000-0000-000000000010", Name: "Super Admin Test Tenant", Slug: "super-admin-test-tenant", Type: domain.TenantTypeCompany, Status: domain.TenantStatusActive, } if err := db.Create(&tenant).Error; err != nil { t.Fatalf("failed to create tenant: %v", err) } app := fiber.New() mockSvc := new(MockTenantService) mockKeto := new(devMockKetoService) h := &TenantHandler{ DB: db, Service: mockSvc, Keto: mockKeto, } // We'll simulate middleware setting "user_profile" for a Super Admin app.Get("/tenants/:id", func(c *fiber.Ctx) error { profile := &domain.UserProfileResponse{ ID: "user-super-admin-id", Role: domain.RoleSuperAdmin, } c.Locals("user_profile", profile) return h.GetTenant(c) }) req := httptest.NewRequest("GET", "/tenants/00000000-0000-0000-0000-000000000010", nil) resp, err := app.Test(req) if err != nil { t.Fatalf("request failed: %v", err) } assert.Equal(t, http.StatusOK, resp.StatusCode) var got tenantSummary err = json.NewDecoder(resp.Body).Decode(&got) if err != nil { t.Fatalf("failed to decode response: %v", err) } assert.Equal(t, "00000000-0000-0000-0000-000000000010", got.ID) assert.Equal(t, "Super Admin Test Tenant", got.Name) assert.NotNil(t, got.UserPermissions) assert.True(t, got.UserPermissions.View) assert.True(t, got.UserPermissions.Manage) assert.True(t, got.UserPermissions.ManageAdmins) } func TestTenantHandler_GetTenant_NormalUser(t *testing.T) { if !testsupport.DockerAvailable() { t.Skip("Docker provider is unavailable in this environment") } db := newTenantHandlerSeedDeleteDB(t) if err := db.AutoMigrate(&domain.TenantDomain{}); err != nil { t.Fatalf("failed to migrate tenant domains: %v", err) } // Create a test tenant in DB with a valid UUID tenant := domain.Tenant{ ID: "00000000-0000-0000-0000-000000000020", Name: "Normal User Test Tenant", Slug: "normal-user-test-tenant", Type: domain.TenantTypeCompany, Status: domain.TenantStatusActive, } if err := db.Create(&tenant).Error; err != nil { t.Fatalf("failed to create tenant: %v", err) } app := fiber.New() mockSvc := new(MockTenantService) mockKeto := new(devMockKetoService) h := &TenantHandler{ DB: db, Service: mockSvc, Keto: mockKeto, } // Mock Keto response: allowed view/manage but not manage_admins subject := "User:user-normal-id" mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", "view").Return(true, nil) mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", "manage").Return(true, nil) mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", "manage_admins").Return(false, nil) mockKeto.On("CheckPermission", mock.Anything, subject, "Tenant", "00000000-0000-0000-0000-000000000020", mock.Anything).Return(false, nil).Maybe() // We'll simulate middleware setting "user_profile" for a regular admin/user app.Get("/tenants/:id", func(c *fiber.Ctx) error { profile := &domain.UserProfileResponse{ ID: "user-normal-id", Role: domain.RoleUser, } c.Locals("user_profile", profile) return h.GetTenant(c) }) req := httptest.NewRequest("GET", "/tenants/00000000-0000-0000-0000-000000000020", nil) resp, err := app.Test(req) if err != nil { t.Fatalf("request failed: %v", err) } assert.Equal(t, http.StatusOK, resp.StatusCode) var got tenantSummary err = json.NewDecoder(resp.Body).Decode(&got) if err != nil { t.Fatalf("failed to decode response: %v", err) } assert.Equal(t, "00000000-0000-0000-0000-000000000020", got.ID) assert.Equal(t, "Normal User Test Tenant", got.Name) assert.NotNil(t, got.UserPermissions) assert.True(t, got.UserPermissions.View) assert.True(t, got.UserPermissions.Manage) assert.False(t, got.UserPermissions.ManageAdmins) mockKeto.AssertExpectations(t) }