service-finder/backend/app/tests/e2e/test_admin_security.py

"""
E2E teszt az admin végpontok biztonsági ellenőrzéséhez.
Ellenőrzi, hogy normál felhasználó nem fér hozzá admin végponthoz.
"""
import pytest
from fastapi.testclient import TestClient
from app.main import app
from app.models.identity import User, UserRole
from app.api.deps import get_current_user


def test_normal_user_cannot_access_admin_ping():
    """
    Normál felhasználó nem fér hozzá a GET /api/v1/admin/ping végponthoz.
    Elvárt: 403 Forbidden.
    """
    # Mock a normal user (non-admin)
    mock_user = User(
        id=999,
        email="normal@example.com",
        role=UserRole.user,
        is_active=True,
        is_deleted=False,
        subscription_plan="FREE",
        preferred_language="hu",
        region_code="HU",
        preferred_currency="HUF",
        scope_level="individual",
        custom_permissions={}
    )
    
    # Override get_current_user to return normal user
    async def mock_get_current_user():
        return mock_user
    
    app.dependency_overrides[get_current_user] = mock_get_current_user
    
    client = TestClient(app)
    response = client.get("/api/v1/admin/ping")
    
    # Clean up
    app.dependency_overrides.clear()
    
    # Assert
    assert response.status_code == 403
    assert "detail" in response.json()
    print(f"Response detail: {response.json()['detail']}")


def test_admin_user_can_access_admin_ping():
    """
    Admin felhasználóval a ping végpont 200-at ad vissza.
    """
    mock_admin = User(
        id=1000,
        email="admin@example.com",
        role=UserRole.admin,
        is_active=True,
        is_deleted=False,
        subscription_plan="PREMIUM",
        preferred_language="en",
        region_code="HU",
        preferred_currency="EUR",
        scope_level="global",
        custom_permissions={}
    )
    
    async def mock_get_current_user():
        return mock_admin
    
    app.dependency_overrides[get_current_user] = mock_get_current_user
    
    client = TestClient(app)
    response = client.get("/api/v1/admin/ping")
    
    app.dependency_overrides.clear()
    
    assert response.status_code == 200
    data = response.json()
    assert data["message"] == "Admin felület aktív"
    assert data["role"] == "admin"


if __name__ == "__main__":
    pytest.main([__file__, "-v"])