MasterMito/work-club-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

feat: Add global administrator role support with integration tests for admin-only club endpoints.

Browse Source
This commit is contained in:
WorkClub Automation
2026-03-18 15:11:42 +01:00
parent d295c9123e
commit 04641319ce
6 changed files with 77 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/WorkClub.Tests.Integration/Clubs/AdminClubEndpointsTests.cs
+57
View File
@@ -0,0 +1,57 @@
using System.Net;
using System.Net.Http.Json;
using System.Security.Claims;
using System.Text.Json;
using WorkClub.Domain.Enums;
using WorkClub.Application.Clubs.DTOs;
using WorkClub.Tests.Integration.Infrastructure;
using Xunit;
namespace WorkClub.Tests.Integration.Clubs;
public class AdminClubEndpointsTests : IntegrationTestBase
{
public AdminClubEndpointsTests(CustomWebApplicationFactory<Program> factory) : base(factory)
{
}
[Fact]
public async Task CreateClub_WithAdminRole_ReturnsCreated()
{
AuthenticateAsAdmin();
var request = new CreateClubRequest("New Admin Club", SportType.Tennis, "Desc");
var response = await Client.PostAsJsonAsync("/api/admin/clubs", request);
Assert.Equal(HttpStatusCode.Created, response.StatusCode);
}
[Fact]
public async Task CreateClub_WithoutAdminRole_ReturnsForbidden()
{
AuthenticateAsNonAdmin();
var request = new CreateClubRequest("New Club", SportType.Tennis, "Desc");
var response = await Client.PostAsJsonAsync("/api/admin/clubs", request);
Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
}
private void AuthenticateAsAdmin()
{
Client.DefaultRequestHeaders.Remove("X-Test-Email");
Client.DefaultRequestHeaders.Add("X-Test-Email", "admin@workclub.com");
Client.DefaultRequestHeaders.Remove("X-Test-Realm-Access");
Client.DefaultRequestHeaders.Add("X-Test-Realm-Access", "{\"roles\":[\"admin\"]}");
}
private void AuthenticateAsNonAdmin()
{
Client.DefaultRequestHeaders.Remove("X-Test-Email");
Client.DefaultRequestHeaders.Add("X-Test-Email", "user@workclub.com");
Client.DefaultRequestHeaders.Remove("X-Test-Realm-Access");
Client.DefaultRequestHeaders.Add("X-Test-Realm-Access", "{\"roles\":[\"user\"]}");
}
}
backend/WorkClub.Tests.Integration/Infrastructure/CustomWebApplicationFactory.cs
+2
View File
@@ -67,6 +67,8 @@ public class CustomWebApplicationFactory<TProgram> : WebApplicationFactory<TProg
GRANT CONNECT ON DATABASE workclub_test TO rls_test_user;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO rls_test_user;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO rls_test_user;
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'app_admin') THEN
CREATE ROLE app_admin;
END IF;
END $$;
";
backend/WorkClub.Tests.Integration/Infrastructure/TestAuthHandler.cs
+7 -1
View File
@@ -30,9 +30,10 @@ public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions
var emailClaim = Context.Request.Headers["X-Test-Email"].ToString();
var userIdClaim = Context.Request.Headers["X-Test-UserId"].ToString();
var clubRolesJson = Context.Request.Headers["X-Test-ClubRoles"].ToString();
var realmAccessClaim = Context.Request.Headers["X-Test-Realm-Access"].ToString();
// If no test auth headers are present, return NoResult (unauthenticated)
if (string.IsNullOrEmpty(emailClaim) && string.IsNullOrEmpty(userIdClaim) && string.IsNullOrEmpty(clubsClaim))
if (string.IsNullOrEmpty(emailClaim) && string.IsNullOrEmpty(userIdClaim) && string.IsNullOrEmpty(clubsClaim) && string.IsNullOrEmpty(realmAccessClaim))
{
return Task.FromResult(AuthenticateResult.NoResult());
}
@@ -46,6 +47,11 @@ public class TestAuthHandler : AuthenticationHandler<AuthenticationSchemeOptions
new Claim(ClaimTypes.Email, resolvedEmail),
new Claim("preferred_username", resolvedEmail),
};
if (!string.IsNullOrEmpty(realmAccessClaim))
{
claims.Add(new Claim("realm_access", realmAccessClaim, ClaimValueTypes.String));
}
if (!string.IsNullOrEmpty(clubsClaim))
{