diff --git a/tests/AppIntegrationTest.php b/tests/AppIntegrationTest.php index 2e57564..50719f3 100644 --- a/tests/AppIntegrationTest.php +++ b/tests/AppIntegrationTest.php @@ -776,6 +776,53 @@ class AppIntegrationTest extends WebTestCase $this->assertSame('Stück', $data['unit']); } + // ── Admin ───────────────────────────────────────────────────────────────── + + public function testAdminUsersUnauthenticated(): void + { + $this->json($this->client, 'GET', '/api/admin/users'); + $this->assertSame(401, $this->client->getResponse()->getStatusCode()); + } + + public function testAdminUsersNonAdminForbidden(): void + { + $user = $this->createUser('adminblocked'); + $client = $this->authClient($user); + $data = $this->json($client, 'GET', '/api/admin/users'); + + $this->assertArrayHasKey('error', $data); + $this->assertSame(403, $client->getResponse()->getStatusCode()); + } + + public function testAdminUsersReturnsAllUsers(): void + { + $adminEmail = $_ENV['ADMIN_EMAIL'] ?? ''; + if (!$adminEmail) { + $this->markTestSkipped('ADMIN_EMAIL not configured'); + } + + $admin = $this->em->getRepository(User::class)->findOneBy(['email' => $adminEmail]); + if (!$admin) { + $this->markTestSkipped("Admin user $adminEmail not found in DB"); + } + + $this->createUser('adminlistother'); + + $client = $this->authClient($admin); + $data = $this->json($client, 'GET', '/api/admin/users'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + $this->assertIsArray($data); + $emails = array_column($data, 'email'); + $this->assertContains($adminEmail, $emails); + $this->assertContains('adminlistother@test.dudi', $emails); + foreach ($data as $row) { + $this->assertArrayHasKey('email', $row); + $this->assertArrayHasKey('username', $row); + $this->assertArrayHasKey('registered', $row); + } + } + public function testGoalDeleteReturnsOkForNonExistentGoal(): void { $user = $this->createUser('goaldelmissing');