tercul-backend/internal/adapters/graphql/user_mutations_test.go

package graphql_test

import (
	"context"
	"errors"
	"fmt"
	"os"
	"tercul/internal/adapters/graphql"
	"tercul/internal/adapters/graphql/model"
	"tercul/internal/app/auth"
	"tercul/internal/domain"
	platform_auth "tercul/internal/platform/auth"
	"tercul/internal/testutil"
	"testing"

	"github.com/stretchr/testify/suite"
)

type UserMutationTestSuite struct {
	testutil.IntegrationTestSuite
	resolver graphql.MutationResolver
}

func TestUserMutations(t *testing.T) {
	suite.Run(t, new(UserMutationTestSuite))
}

func (s *UserMutationTestSuite) SetupSuite() {
	s.IntegrationTestSuite.SetupSuite(&testutil.TestConfig{
		DBPath: "user_mutations_test.db",
	})
}

func (s *UserMutationTestSuite) TearDownSuite() {
	s.IntegrationTestSuite.TearDownSuite()
	_ = os.Remove("user_mutations_test.db")
}

func (s *UserMutationTestSuite) SetupTest() {
	s.IntegrationTestSuite.SetupTest()
	s.resolver = (&graphql.Resolver{App: s.App}).Mutation()
}

// Helper to create a user for tests
func (s *UserMutationTestSuite) createUser(username, email, password string, role domain.UserRole) *domain.User {
	resp, err := s.App.Auth.Commands.Register(context.Background(), auth.RegisterInput{
		Username: username,
		Email:    email,
		Password: password,
	})
	s.Require().NoError(err)

	user, err := s.App.User.Queries.User(context.Background(), resp.User.ID)
	s.Require().NoError(err)

	if role != user.Role {
		user.Role = role
		err = s.DB.Save(user).Error
		s.Require().NoError(err)
	}
	return user
}

// Helper to create a context with JWT claims
func (s *UserMutationTestSuite) contextWithClaims(user *domain.User) context.Context {
	return testutil.ContextWithClaims(context.Background(), &platform_auth.Claims{
		UserID: user.ID,
		Role:   string(user.Role),
	})
}

func (s *UserMutationTestSuite) TestDeleteUser() {
	s.Run("Success as admin", func() {
		// Arrange
		adminUser := s.createUser("admin_deleter", "admin_deleter@test.com", "password123", domain.UserRoleAdmin)
		userToDelete := s.createUser("user_to_delete", "user_to_delete@test.com", "password123", domain.UserRoleReader)
		ctx := s.contextWithClaims(adminUser)
		userIDToDeleteStr := fmt.Sprintf("%d", userToDelete.ID)

		// Act
		deleted, err := s.resolver.DeleteUser(ctx, userIDToDeleteStr)

		// Assert
		s.Require().NoError(err)
		s.True(deleted)

		// Verify user is deleted from DB
		_, err = s.App.User.Queries.User(context.Background(), userToDelete.ID)
		s.Require().Error(err)
		s.Contains(err.Error(), "entity not found", "Expected user to be not found after deletion")
	})

	s.Run("Success as self", func() {
		// Arrange
		userToDelete := s.createUser("user_to_delete_self", "user_to_delete_self@test.com", "password123", domain.UserRoleReader)
		ctx := s.contextWithClaims(userToDelete)
		userIDToDeleteStr := fmt.Sprintf("%d", userToDelete.ID)

		// Act
		deleted, err := s.resolver.DeleteUser(ctx, userIDToDeleteStr)

		// Assert
		s.Require().NoError(err)
		s.True(deleted)

		// Verify user is deleted from DB
		_, err = s.App.User.Queries.User(context.Background(), userToDelete.ID)
		s.Require().Error(err)
		s.Contains(err.Error(), "entity not found", "Expected user to be not found after deletion")
	})

	s.Run("Forbidden as other user", func() {
		// Arrange
		otherUser := s.createUser("other_user_deleter", "other_user_deleter@test.com", "password123", domain.UserRoleReader)
		userToDelete := s.createUser("user_to_be_kept", "user_to_be_kept@test.com", "password123", domain.UserRoleReader)
		ctx := s.contextWithClaims(otherUser)
		userIDToDeleteStr := fmt.Sprintf("%d", userToDelete.ID)

		// Act
		deleted, err := s.resolver.DeleteUser(ctx, userIDToDeleteStr)

		// Assert
		s.Require().Error(err)
		s.False(deleted)
		s.True(errors.Is(err, domain.ErrForbidden))
	})

	s.Run("Invalid user ID", func() {
		// Arrange
		adminUser := s.createUser("admin_deleter_2", "admin_deleter_2@test.com", "password123", domain.UserRoleAdmin)
		ctx := s.contextWithClaims(adminUser)

		// Act
		deleted, err := s.resolver.DeleteUser(ctx, "invalid-id")

		// Assert
		s.Require().Error(err)
		s.False(deleted)
		s.True(errors.Is(err, domain.ErrValidation))
	})

	s.Run("User not found", func() {
		// Arrange
		adminUser := s.createUser("admin_deleter_3", "admin_deleter_3@test.com", "password123", domain.UserRoleAdmin)
		ctx := s.contextWithClaims(adminUser)
		nonExistentID := "999999"

		// Act
		deleted, err := s.resolver.DeleteUser(ctx, nonExistentID)

		// Assert
		s.Require().Error(err)
		s.False(deleted)
		s.Contains(err.Error(), "entity not found", "Expected entity not found error for non-existent user")
	})
}

func (s *UserMutationTestSuite) TestUpdateProfile() {
	s.Run("Success", func() {
		// Arrange
		user := s.createUser("profile_user", "profile.user@test.com", "password123", domain.UserRoleReader)
		ctx := s.contextWithClaims(user)

		newFirstName := "John"
		newLastName := "Doe"
		newBio := "This is my new bio."
		input := model.UserInput{
			FirstName: &newFirstName,
			LastName:  &newLastName,
			Bio:       &newBio,
		}

		// Act
		updatedUser, err := s.resolver.UpdateProfile(ctx, input)

		// Assert
		s.Require().NoError(err)
		s.Require().NotNil(updatedUser)
		s.Equal(newFirstName, *updatedUser.FirstName)
		s.Equal(newLastName, *updatedUser.LastName)
		s.Equal(newBio, *updatedUser.Bio)

		// Verify in DB
		dbUser, err := s.App.User.Queries.User(context.Background(), user.ID)
		s.Require().NoError(err)
		s.Equal(newFirstName, dbUser.FirstName)
		s.Equal(newLastName, dbUser.LastName)
		s.Equal(newBio, dbUser.Bio)
	})

	s.Run("Unauthenticated user", func() {
		// Arrange
		newFirstName := "Jane"
		input := model.UserInput{FirstName: &newFirstName}

		// Act
		_, err := s.resolver.UpdateProfile(context.Background(), input)

		// Assert
		s.Require().Error(err)
		s.ErrorIs(err, domain.ErrUnauthorized)
	})

	s.Run("Invalid country ID", func() {
		// Arrange
		user := s.createUser("profile_user_invalid", "profile.user.invalid@test.com", "password123", domain.UserRoleReader)
		ctx := s.contextWithClaims(user)
		invalidCountryID := "not-a-number"
		input := model.UserInput{CountryID: &invalidCountryID}

		// Act
		_, err := s.resolver.UpdateProfile(ctx, input)

		// Assert
		s.Require().Error(err)
		s.Contains(err.Error(), "invalid country ID")
	})
}