Перенести все админские эндпоинты на порт 8445 и добавить отдельную авторизацию для админов. Часть 1

test/unit/admin_handler_reviews_tests.erl

@@ -0,0 +1,146 @@
+-module(admin_handler_reviews_tests).
+-include_lib("eunit/include/eunit.hrl").
+-include("records.hrl").
+
+setup() ->
+  ok = meck:new(cowboy_req, [non_strict]),
+  ok = meck:new(handler_auth, [non_strict]),
+  ok = meck:new(core_user, [non_strict]),
+  ok = meck:new(core_review, [non_strict]),
+  ok = meck:expect(cowboy_req, reply,
+    fun(Code, Headers, Body, Req) ->
+      put(test_reply, {Code, Headers, Body, Req})
+    end),
+  ok.
+
+cleanup(_) ->
+  meck:unload(core_review),
+  meck:unload(core_user),
+  meck:unload(handler_auth),
+  meck:unload(cowboy_req).
+
+admin_reviews_test_() ->
+  {setup, fun setup/0, fun cleanup/1, [
+    {"GET /admin/reviews/:id – success",           fun test_get_review/0},
+    {"GET /admin/reviews/:id – not found",         fun test_get_review_not_found/0},
+    {"GET /admin/reviews/:id – forbidden",         fun test_get_review_forbidden/0},
+    {"PUT /admin/reviews/:id – success",           fun test_update_review/0},
+    {"PUT /admin/reviews/:id – not found",         fun test_update_review_not_found/0},
+    {"PUT /admin/reviews/:id – bad JSON",          fun test_update_review_bad_json/0},
+    {"DELETE /admin/reviews/:id – method not allowed", fun test_wrong_method/0}
+  ]}.
+
+%% GET – успех
+test_get_review() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"rv1">> end),
+  Review = #review{
+    id = <<"rv1">>,
+    user_id = <<"u1">>,
+    target_type = <<"event">>,
+    target_id = <<"e1">>,
+    rating = 5,
+    comment = <<"Great!">>,
+    status = <<"active">>,
+    created_at = {{2026,4,26},{12,0,0}},
+    updated_at = {{2026,4,26},{12,0,0}}
+  },
+  ok = meck:expect(core_review, get_by_id,
+    fun(<<"rv1">>) -> {ok, Review} end),
+  {ok, _, _} = admin_handler_reviews:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"id">> := <<"rv1">>, <<"comment">> := <<"Great!">>, <<"rating">> := 5} = jsx:decode(RespBody, [return_maps]).
+
+%% GET – не найдено
+test_get_review_not_found() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"rv99">> end),
+  ok = meck:expect(core_review, get_by_id,
+    fun(_) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_reviews:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(404, Status).
+
+%% GET – запрещён
+test_get_review_forbidden() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {error, 403, <<"Admin access required">>, Req} end),
+  {ok, _, _} = admin_handler_reviews:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(403, Status).
+
+%% PUT – успех
+test_update_review() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"rv1">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"hidden">>}), Req} end),
+  Updated = #review{id = <<"rv1">>, status = <<"hidden">>},
+  ok = meck:expect(core_review, update_status,
+    fun(<<"rv1">>, <<"hidden">>) -> {ok, Updated} end),
+  {ok, _, _} = admin_handler_reviews:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(200, Status),
+  #{<<"status">> := <<"hidden">>} = jsx:decode(RespBody, [return_maps]).
+
+%% PUT – не найдено
+test_update_review_not_found() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"rv99">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"hidden">>}), Req} end),
+  ok = meck:expect(core_review, update_status,
+    fun(_, _) -> {error, not_found} end),
+  {ok, _, _} = admin_handler_reviews:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(404, Status).
+
+%% PUT – невалидный JSON
+test_update_review_bad_json() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
+  ok = meck:expect(handler_auth, authenticate,
+    fun(Req) -> {ok, <<"adm1">>, Req} end),
+  AdminUser = #user{id = <<"adm1">>, role = admin},
+  ok = meck:expect(core_user, get_by_id,
+    fun(<<"adm1">>) -> {ok, AdminUser} end),
+  ok = meck:expect(cowboy_req, binding,
+    fun(id, _) -> <<"rv1">> end),
+  ok = meck:expect(cowboy_req, read_body,
+    fun(Req) -> {ok, <<"bad json">>, Req} end),
+  {ok, _, _} = admin_handler_reviews:init(req, []),
+  {Status, _, _, _} = erase(test_reply),
+  ?assertEqual(400, Status).
+
+%% Неверный метод
+test_wrong_method() ->
+  ok = meck:expect(cowboy_req, method, fun(_) -> <<"DELETE">> end),
+  {ok, _, _} = admin_handler_reviews:init(req, []),
+  {Status, _, RespBody, _} = erase(test_reply),
+  ?assertEqual(405, Status),
+  #{<<"error">> := <<"Method not allowed">>} = jsx:decode(RespBody, [return_maps]).