package graphql_test import ( "context" "errors" "fmt" "os" "testing" "tercul/internal/adapters/graphql" "tercul/internal/app/auth" "tercul/internal/domain" platform_auth "tercul/internal/platform/auth" "tercul/internal/testutil" "github.com/stretchr/testify/suite" ) type UserMutationTestSuite struct { testutil.IntegrationTestSuite resolver graphql.MutationResolver } func TestUserMutations(t *testing.T) { suite.Run(t, new(UserMutationTestSuite)) } func (s *UserMutationTestSuite) SetupSuite() { s.IntegrationTestSuite.SetupSuite(&testutil.TestConfig{ DBPath: "user_mutations_test.db", }) } func (s *UserMutationTestSuite) TearDownSuite() { s.IntegrationTestSuite.TearDownSuite() os.Remove("user_mutations_test.db") } func (s *UserMutationTestSuite) SetupTest() { s.IntegrationTestSuite.SetupTest() s.resolver = (&graphql.Resolver{App: s.App}).Mutation() } func (s *UserMutationTestSuite) TestDeleteUser() { // Helper to create a user for tests createUser := func(username, email, password string, role domain.UserRole) *domain.User { resp, err := s.App.Auth.Commands.Register(context.Background(), auth.RegisterInput{ Username: username, Email: email, Password: password, }) s.Require().NoError(err) user, err := s.App.User.Queries.User(context.Background(), resp.User.ID) s.Require().NoError(err) if role != user.Role { user.Role = role err = s.DB.Save(user).Error s.Require().NoError(err) } return user } // Helper to create a context with JWT claims contextWithClaims := func(user *domain.User) context.Context { return testutil.ContextWithClaims(context.Background(), &platform_auth.Claims{ UserID: user.ID, Role: string(user.Role), }) } s.Run("Success as admin", func() { // Arrange adminUser := createUser("admin_deleter", "admin_deleter@test.com", "password123", domain.UserRoleAdmin) userToDelete := createUser("user_to_delete", "user_to_delete@test.com", "password123", domain.UserRoleReader) ctx := contextWithClaims(adminUser) userIDToDeleteStr := fmt.Sprintf("%d", userToDelete.ID) // Act deleted, err := s.resolver.DeleteUser(ctx, userIDToDeleteStr) // Assert s.Require().NoError(err) s.True(deleted) // Verify user is deleted from DB _, err = s.App.User.Queries.User(context.Background(), userToDelete.ID) s.Error(err) s.True(errors.Is(err, domain.ErrEntityNotFound), "Expected user to be not found after deletion") }) s.Run("Success as self", func() { // Arrange userToDelete := createUser("user_to_delete_self", "user_to_delete_self@test.com", "password123", domain.UserRoleReader) ctx := contextWithClaims(userToDelete) userIDToDeleteStr := fmt.Sprintf("%d", userToDelete.ID) // Act deleted, err := s.resolver.DeleteUser(ctx, userIDToDeleteStr) // Assert s.Require().NoError(err) s.True(deleted) // Verify user is deleted from DB _, err = s.App.User.Queries.User(context.Background(), userToDelete.ID) s.Error(err) s.True(errors.Is(err, domain.ErrEntityNotFound), "Expected user to be not found after deletion") }) s.Run("Forbidden as other user", func() { // Arrange otherUser := createUser("other_user_deleter", "other_user_deleter@test.com", "password123", domain.UserRoleReader) userToDelete := createUser("user_to_be_kept", "user_to_be_kept@test.com", "password123", domain.UserRoleReader) ctx := contextWithClaims(otherUser) userIDToDeleteStr := fmt.Sprintf("%d", userToDelete.ID) // Act deleted, err := s.resolver.DeleteUser(ctx, userIDToDeleteStr) // Assert s.Require().Error(err) s.False(deleted) s.True(errors.Is(err, domain.ErrForbidden)) }) s.Run("Invalid user ID", func() { // Arrange adminUser := createUser("admin_deleter_2", "admin_deleter_2@test.com", "password123", domain.UserRoleAdmin) ctx := contextWithClaims(adminUser) // Act deleted, err := s.resolver.DeleteUser(ctx, "invalid-id") // Assert s.Require().Error(err) s.False(deleted) s.True(errors.Is(err, domain.ErrValidation)) }) s.Run("User not found", func() { // Arrange adminUser := createUser("admin_deleter_3", "admin_deleter_3@test.com", "password123", domain.UserRoleAdmin) ctx := contextWithClaims(adminUser) nonExistentID := "999999" // Act deleted, err := s.resolver.DeleteUser(ctx, nonExistentID) // Assert s.Require().Error(err) s.False(deleted) s.True(errors.Is(err, domain.ErrEntityNotFound), "Expected ErrEntityNotFound for non-existent user") }) }