Merge task t-1neWyaO: Admin dashboard tests

1 files changed, 80 insertions, 0 deletions

diff --git a/Biz/PodcastItLater/Web.py b/Biz/PodcastItLater/Web.py
index 0bd3552..4d03f6a 100644
--- a/Biz/PodcastItLater/Web.py
+++ b/Biz/PodcastItLater/Web.py
@@ -3338,6 +3338,85 @@ class TestAccountPage(BaseWebTest):
         self.assertEqual(response.status_code, 307)
 
 
+class TestAdminUsers(BaseWebTest):
+    """Test admin user management functionality."""
+
+    def setUp(self) -> None:
+        """Set up test client with logged-in admin user."""
+        super().setUp()
+
+        # Create and login admin user
+        self.user_id, _ = Core.Database.create_user(
+            "ben@bensima.com",
+        )
+        Core.Database.update_user_status(
+            self.user_id,
+            "active",
+        )
+        self.client.post("/login", data={"email": "ben@bensima.com"})
+
+        # Create another regular user
+        self.other_user_id, _ = Core.Database.create_user("user@example.com")
+        Core.Database.update_user_status(self.other_user_id, "active")
+
+    def test_admin_users_page_access(self) -> None:
+        """Admin can access users page."""
+        response = self.client.get("/admin/users")
+        self.assertEqual(response.status_code, 200)
+        self.assertIn("User Management", response.text)
+        self.assertIn("user@example.com", response.text)
+
+    def test_non_admin_users_page_access(self) -> None:
+        """Non-admin cannot access users page."""
+        # Login as regular user
+        self.client.get("/logout")
+        self.client.post("/login", data={"email": "user@example.com"})
+
+        response = self.client.get("/admin/users")
+        self.assertEqual(response.status_code, 302)
+        self.assertIn("error=forbidden", response.headers["Location"])
+
+    def test_admin_can_update_user_status(self) -> None:
+        """Admin can update user status."""
+        response = self.client.post(
+            f"/admin/users/{self.other_user_id}/status",
+            data={"status": "disabled"},
+        )
+        self.assertEqual(response.status_code, 200)
+
+        user = Core.Database.get_user_by_id(self.other_user_id)
+        assert user is not None  # noqa: S101
+        self.assertEqual(user["status"], "disabled")
+
+    def test_non_admin_cannot_update_user_status(self) -> None:
+        """Non-admin cannot update user status."""
+        # Login as regular user
+        self.client.get("/logout")
+        self.client.post("/login", data={"email": "user@example.com"})
+
+        response = self.client.post(
+            f"/admin/users/{self.other_user_id}/status",
+            data={"status": "disabled"},
+        )
+        self.assertEqual(response.status_code, 403)
+
+        user = Core.Database.get_user_by_id(self.other_user_id)
+        assert user is not None  # noqa: S101
+        self.assertEqual(user["status"], "active")
+
+    def test_update_user_status_invalid_status(self) -> None:
+        """Invalid status validation."""
+        response = self.client.post(
+            f"/admin/users/{self.other_user_id}/status",
+            data={"status": "invalid_status"},
+        )
+        self.assertEqual(response.status_code, 400)
+
+        user = Core.Database.get_user_by_id(self.other_user_id)
+        assert user is not None  # noqa: S101
+        self.assertEqual(user["status"], "active")
+
+
 def test() -> None:
     """Run all tests for the web module."""
     Test.run(
@@ -3355,6 +3434,7 @@ def test() -> None:
             TestMetricsTracking,
             TestUsageLimits,
             TestAccountPage,
+            TestAdminUsers,
         ],
     )