backend/WorkClub.Tests.Integration/Clubs/ClubEndpointsTests.cs

@@ -184,18 +184,34 @@ public class ClubEndpointsTests : IntegrationTestBase
         Assert.Equal("Cycling", club.SportType);
     }
 
-    [Fact]
+[Fact]
-    public async Task GetClubsCurrent_NoTenantContext_ReturnsForbidden()
+public async Task GetClubsCurrent_NoTenantContext_ReturnsBadRequest()
+{
+    AuthenticateAs("admin@test.com", new Dictionary<string, string>
     {
-        AuthenticateAs("admin@test.com", new Dictionary<string, string>
+        [Tenant1Id] = "Admin"
-        {
+    }, userId: "admin-user-id");
-            [Tenant1Id] = "Admin"
-        }, userId: "admin-user-id");
 
-        var response = await Client.GetAsync("/api/clubs/current");
+    var response = await Client.GetAsync("/api/clubs/current");
 
-        Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
+    Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
-    }
+}
+
+[Fact]
+public async Task GetClubsCurrent_InvalidTenant_ReturnsForbidden()
+{
+    AuthenticateAs("admin@test.com", new Dictionary<string, string>
+    {
+        [Tenant1Id] = "Admin"
+    }, userId: "admin-user-id");
+
+    // Set tenant that user is not a member of
+    SetTenant("invalid-tenant-id");
+
+    var response = await Client.GetAsync("/api/clubs/current");
+
+    Assert.Equal(HttpStatusCode.Forbidden, response.StatusCode);
+}
 
     [Fact]
     public async Task GetClubsMe_Unauthenticated_ReturnsUnauthorized()