2026-03-20 11:42:05 +01:00
1 changed files with 25 additions and 9 deletions
@@ -184,18 +184,34 @@ public class ClubEndpointsTests : IntegrationTestBase
        Assert.Equal("Cycling", club.SportType);
    }

-    [Fact]
-    public async Task GetClubsCurrent_NoTenantContext_ReturnsForbidden()
+[Fact]
+public async Task GetClubsCurrent_NoTenantContext_ReturnsBadRequest()
+{
+    AuthenticateAs("admin@test.com", new Dictionary<string, string>
    {
-        AuthenticateAs("admin@test.com", new Dictionary<string, string>
-        {
-            [Tenant1Id] = "Admin"
-        }, userId: "admin-user-id");
+        [Tenant1Id] = "Admin"
+    }, userId: "admin-user-id");

-        var response = await Client.GetAsync("/api/clubs/current");
+    var response = await Client.GetAsync("/api/clubs/current");

-        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
-    }
+    Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+}
+
+[Fact]
+public async Task GetClubsCurrent_InvalidTenant_ReturnsForbidden()
+{
+    AuthenticateAs("admin@test.com", new Dictionary<string, string>
+    {
+        [Tenant1Id] = "Admin"
+    }, userId: "admin-user-id");
+
+    // Set tenant that user is not a member of
+    SetTenant("invalid-tenant-id");
+
+    var response = await Client.GetAsync("/api/clubs/current");
+
+    Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
+}

    [Fact]
    public async Task GetClubsMe_Unauthenticated_ReturnsUnauthorized()