Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 1

test/unit/admin_handler_report_by_id_tests.erl

@@ -0,0 +1,145 @@
+-module(admin_handler_report_by_id_tests).
+-include_lib("eunit/include/eunit.hrl").
+-include("records.hrl").
+
+setup() ->
+  ok = meck:new(cowboy_req, [non_strict]),
+  ok = meck:new(handler_auth, [non_strict]),
+  ok = meck:new(core_user, [non_strict]),
+  ok = meck:new(core_report, [non_strict]),
+  ok = meck:expect(cowboy_req, reply,
+    fun(Code, Headers, Body, Req) ->
+      put(test_reply, {Code, Headers, Body, Req})
+    end),
+  ok.
+
+cleanup(_) ->
+  meck:unload(core_report),
+  meck:unload(core_user),
+  meck:unload(handler_auth),
+  meck:unload(cowboy_req).
+
+admin_report_by_id_test_() ->
+  {setup, fun setup/0, fun cleanup/1, [
+    {"GET /admin/reports/:id – success",             fun test_get_report/0},
+    {"GET /admin/reports/:id – not found",           fun test_get_report_not_found/0},
+    {"GET /admin/reports/:id – forbidden",           fun test_get_report_forbidden/0},
+    {"PUT /admin/reports/:id – success",             fun test_update_report/0},
+    {"PUT /admin/reports/:id – not found",           fun test_update_report_not_found/0},
+    {"PUT /admin/reports/:id – bad JSON",            fun test_update_report_bad_json/0},
+    {"DELETE /admin/reports/:id – method not allowed", fun test_wrong_method/0}
+  ]}.
+
+%% GET – успех
+test_get_report() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r1">> end),
+  Report = #report{
+    id = <<"r1">>,
+    reporter_id = <<"u1">>,
+    target_type = <<"event">>,
+    target_id = <<"e1">>,
+    reason = <<"spam">>,
+    status = <<"new">>,
+    created_at = {{2026,4,26},{12,0,0}},
+    resolved_at = undefined
+  },
+  ok = meck:expect(core_report, get_by_id,
+    fun(<<"r1">>) -> {ok, Report} end),
+  {ok, _, _} = admin_handler_report_by_id:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"id">> := <<"r1">>, <<"status">> := <<"new">>} = jsx:decode(RespBody, [return_maps]).
+
+%% GET – не найдено
+test_get_report_not_found() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r99">> end),
+  ok = meck:expect(core_report, get_by_id,
+    fun(_) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_report_by_id:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(404, Status).
+
+%% GET – запрещён
+test_get_report_forbidden() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {error, 403, <<"Admin access required">>, Req} end),
+  {ok, _, _} = admin_handler_report_by_id:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(403, Status).
+
+%% PUT – успех
+test_update_report() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r1">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"reviewed">>}), Req} end),
+  Updated = #report{id = <<"r1">>, status = <<"reviewed">>},
+  ok = meck:expect(core_report, update_status,
+    fun(<<"r1">>, <<"reviewed">>) -> {ok, Updated} end),
+  {ok, _, _} = admin_handler_report_by_id:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"status">> := <<"reviewed">>} = jsx:decode(RespBody, [return_maps]).
+
+%% PUT – не найдено
+test_update_report_not_found() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r99">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"reviewed">>}), Req} end),
+  ok = meck:expect(core_report, update_status,
+    fun(_, _) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_report_by_id:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(404, Status).
+
+%% PUT – невалидный JSON
+test_update_report_bad_json() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"r1">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, <<"bad json">>, Req} end),
+  {ok, _, _} = admin_handler_report_by_id:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(400, Status).
+
+%% Неверный метод
+test_wrong_method() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"DELETE">> end),
+  {ok, _, _} = admin_handler_report_by_id:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(405, Status),
+  #{<<"error">> := <<"Method not allowed">>} = jsx:decode(RespBody, [return_maps]).