EventHubBack/test/unit/admin_handler_reviews_tests.erl

-module(admin_handler_reviews_tests).
-include_lib("eunit/include/eunit.hrl").
-include("records.hrl").

setup() ->
  ok = meck:new(cowboy_req, [non_strict]),
  ok = meck:new(handler_auth, [non_strict]),
  ok = meck:new(core_user, [non_strict]),
  ok = meck:new(core_review, [non_strict]),
  ok = meck:expect(cowboy_req, reply,
    fun(Code, Headers, Body, Req) ->
      put(test_reply, {Code, Headers, Body, Req})
    end),
  ok.

cleanup(_) ->
  meck:unload(core_review),
  meck:unload(core_user),
  meck:unload(handler_auth),
  meck:unload(cowboy_req).

admin_reviews_test_() ->
  {setup, fun setup/0, fun cleanup/1, [
    {"GET /admin/reviews/:id – success",           fun test_get_review/0},
    {"GET /admin/reviews/:id – not found",         fun test_get_review_not_found/0},
    {"GET /admin/reviews/:id – forbidden",         fun test_get_review_forbidden/0},
    {"PUT /admin/reviews/:id – success",           fun test_update_review/0},
    {"PUT /admin/reviews/:id – not found",         fun test_update_review_not_found/0},
    {"PUT /admin/reviews/:id – bad JSON",          fun test_update_review_bad_json/0},
    {"DELETE /admin/reviews/:id – method not allowed", fun test_wrong_method/0}
  ]}.

%% GET – успех
test_get_review() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {ok, <<"adm1">>, Req} end),
  AdminUser = #user{id = <<"adm1">>, role = admin},
  ok = meck:expect(core_user, get_by_id,
    fun(<<"adm1">>) -> {ok, AdminUser} end),
  ok = meck:expect(cowboy_req, binding,
    fun(id, _) -> <<"rv1">> end),
  Review = #review{
    id = <<"rv1">>,
    user_id = <<"u1">>,
    target_type = <<"event">>,
    target_id = <<"e1">>,
    rating = 5,
    comment = <<"Great!">>,
    status = <<"active">>,
    created_at = {{2026,4,26},{12,0,0}},
    updated_at = {{2026,4,26},{12,0,0}}
  },
  ok = meck:expect(core_review, get_by_id,
    fun(<<"rv1">>) -> {ok, Review} end),
  {ok, _, _} = admin_handler_reviews:init(req, []),
  {Status, _, RespBody, _} = erase(test_reply),
  ?assertEqual(200, Status),
  #{<<"id">> := <<"rv1">>, <<"comment">> := <<"Great!">>, <<"rating">> := 5} = jsx:decode(RespBody, [return_maps]).

%% GET – не найдено
test_get_review_not_found() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {ok, <<"adm1">>, Req} end),
  AdminUser = #user{id = <<"adm1">>, role = admin},
  ok = meck:expect(core_user, get_by_id,
    fun(<<"adm1">>) -> {ok, AdminUser} end),
  ok = meck:expect(cowboy_req, binding,
    fun(id, _) -> <<"rv99">> end),
  ok = meck:expect(core_review, get_by_id,
    fun(_) -> {error, not_found} end),
  {ok, _, _} = admin_handler_reviews:init(req, []),
  {Status, _, _, _} = erase(test_reply),
  ?assertEqual(404, Status).

%% GET – запрещён
test_get_review_forbidden() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"GET">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {error, 403, <<"Admin access required">>, Req} end),
  {ok, _, _} = admin_handler_reviews:init(req, []),
  {Status, _, _, _} = erase(test_reply),
  ?assertEqual(403, Status).

%% PUT – успех
test_update_review() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {ok, <<"adm1">>, Req} end),
  AdminUser = #user{id = <<"adm1">>, role = admin},
  ok = meck:expect(core_user, get_by_id,
    fun(<<"adm1">>) -> {ok, AdminUser} end),
  ok = meck:expect(cowboy_req, binding,
    fun(id, _) -> <<"rv1">> end),
  ok = meck:expect(cowboy_req, read_body,
    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"hidden">>}), Req} end),
  Updated = #review{id = <<"rv1">>, status = <<"hidden">>},
  ok = meck:expect(core_review, update_status,
    fun(<<"rv1">>, <<"hidden">>) -> {ok, Updated} end),
  {ok, _, _} = admin_handler_reviews:init(req, []),
  {Status, _, RespBody, _} = erase(test_reply),
  ?assertEqual(200, Status),
  #{<<"status">> := <<"hidden">>} = jsx:decode(RespBody, [return_maps]).

%% PUT – не найдено
test_update_review_not_found() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {ok, <<"adm1">>, Req} end),
  AdminUser = #user{id = <<"adm1">>, role = admin},
  ok = meck:expect(core_user, get_by_id,
    fun(<<"adm1">>) -> {ok, AdminUser} end),
  ok = meck:expect(cowboy_req, binding,
    fun(id, _) -> <<"rv99">> end),
  ok = meck:expect(cowboy_req, read_body,
    fun(Req) -> {ok, jsx:encode(#{<<"status">> => <<"hidden">>}), Req} end),
  ok = meck:expect(core_review, update_status,
    fun(_, _) -> {error, not_found} end),
  {ok, _, _} = admin_handler_reviews:init(req, []),
  {Status, _, _, _} = erase(test_reply),
  ?assertEqual(404, Status).

%% PUT – невалидный JSON
test_update_review_bad_json() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"PUT">> end),
  ok = meck:expect(handler_auth, authenticate,
    fun(Req) -> {ok, <<"adm1">>, Req} end),
  AdminUser = #user{id = <<"adm1">>, role = admin},
  ok = meck:expect(core_user, get_by_id,
    fun(<<"adm1">>) -> {ok, AdminUser} end),
  ok = meck:expect(cowboy_req, binding,
    fun(id, _) -> <<"rv1">> end),
  ok = meck:expect(cowboy_req, read_body,
    fun(Req) -> {ok, <<"bad json">>, Req} end),
  {ok, _, _} = admin_handler_reviews:init(req, []),
  {Status, _, _, _} = erase(test_reply),
  ?assertEqual(400, Status).

%% Неверный метод
test_wrong_method() ->
  ok = meck:expect(cowboy_req, method, fun(_) -> <<"DELETE">> end),
  {ok, _, _} = admin_handler_reviews:init(req, []),
  {Status, _, RespBody, _} = erase(test_reply),
  ?assertEqual(405, Status),
  #{<<"error">> := <<"Method not allowed">>} = jsx:decode(RespBody, [return_maps]).