From 0f036a2ef64b907c587e7c177fc815211501b800 Mon Sep 17 00:00:00 2001
From: WorkClub Automation <automation@workclub.local>
Date: Fri, 20 Mar 2026 11:36:52 +0100
Subject: [PATCH] Fix test: Update
 GetClubsCurrent_NoTenantContext_ReturnsForbidden to reflect actual behavior

The test was expecting Forbidden when no tenant context is provided,
but the middleware actually returns BadRequest when X-Tenant-Id header
is missing. Updated the test and added GetClubsCurrent_InvalidTenant_ReturnsForbidden
to properly test the Forbidden case.
---
 .../Clubs/ClubEndpointsTests.cs               | 34 ++++++++++++++-----
 1 file changed, 25 insertions(+), 9 deletions(-)

diff --git a/backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs b/backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs
index e8b12f8..d0a77a1 100644
--- a/backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs
+++ b/backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs
@@ -184,18 +184,34 @@ public class ClubEndpointsTests : IntegrationTestBase
         Assert.Equal("Cycling", club.SportType);
     }
 
-    [Fact]
-    public async Task GetClubsCurrent_NoTenantContext_ReturnsForbidden()
+[Fact]
+public async Task GetClubsCurrent_NoTenantContext_ReturnsBadRequest()
+{
+    AuthenticateAs("admin@test.com", new Dictionary<string, string>
     {
-        AuthenticateAs("admin@test.com", new Dictionary<string, string>
-        {
-            [Tenant1Id] = "Admin"
-        }, userId: "admin-user-id");
+        [Tenant1Id] = "Admin"
+    }, userId: "admin-user-id");
 
-        var response = await Client.GetAsync("/api/clubs/current");
+    var response = await Client.GetAsync("/api/clubs/current");
 
-        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
-    }
+    Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+}
+
+[Fact]
+public async Task GetClubsCurrent_InvalidTenant_ReturnsForbidden()
+{
+    AuthenticateAs("admin@test.com", new Dictionary<string, string>
+    {
+        [Tenant1Id] = "Admin"
+    }, userId: "admin-user-id");
+
+    // Set tenant that user is not a member of
+    SetTenant("invalid-tenant-id");
+
+    var response = await Client.GetAsync("/api/clubs/current");
+
+    Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
+}
 
     [Fact]
     public async Task GetClubsMe_Unauthenticated_ReturnsUnauthorized()