package main import ( "net/http" "net/http/httptest" "testing" ) func TestGetSettings(t *testing.T) { app := testApp(t) admin := testAdminUser(t, app) token := testToken(t, app, admin) mux := testMux(app) req := testAuthRequest("GET", "/api/settings", nil, token) w := httptest.NewRecorder() mux.ServeHTTP(w, req) if w.Code != http.StatusOK { t.Fatalf("status = %d", w.Code) } result := parseJSON(t, w) if result["smtp_host"] == nil { t.Error("missing smtp_host key") } } func TestUpdateSettings(t *testing.T) { app := testApp(t) admin := testAdminUser(t, app) token := testToken(t, app, admin) mux := testMux(app) req := testAuthRequest("PUT", "/api/settings", map[string]any{ "smtp_host": "smtp.example.com", "smtp_port": 587, "smtp_password": "secret", "base_url": "https://turnpike.example.com", }, token) w := httptest.NewRecorder() mux.ServeHTTP(w, req) if w.Code != http.StatusOK { t.Fatalf("status = %d\nbody: %s", w.Code, w.Body.String()) } result := parseJSON(t, w) if result["smtp_host"] != "smtp.example.com" { t.Errorf("smtp_host = %v", result["smtp_host"]) } if result["smtp_password"] != "***" { t.Errorf("smtp_password = %v, want '***'", result["smtp_password"]) } if result["base_url"] != "https://turnpike.example.com" { t.Errorf("base_url = %v", result["base_url"]) } } func TestResetAttendees(t *testing.T) { app := testApp(t) admin := testAdminUser(t, app) token := testToken(t, app, admin) mux := testMux(app) app.createAttendee(Attendee{Name: "Titania", Email: "titania@example.com"}) app.createAttendee(Attendee{Name: "Oberon", Email: "oberon@example.com"}) w := httptest.NewRecorder() mux.ServeHTTP(w, testAuthRequest("POST", "/api/settings/reset-attendees", nil, token)) if w.Code != 200 { t.Fatalf("status = %d: %s", w.Code, w.Body.String()) } result := parseJSON(t, w) if result["deleted"] != float64(2) { t.Fatalf("deleted = %v, want 2", result["deleted"]) } attendees, _ := app.listAttendees("", "", "") if len(attendees) != 0 { t.Fatalf("attendees remaining = %d, want 0", len(attendees)) } } func TestResetAttendeesRequiresAdmin(t *testing.T) { app := testApp(t) gate := testUserWithRole(t, app, "gate1", "gate", []int{}) token := testToken(t, app, gate) mux := testMux(app) w := httptest.NewRecorder() mux.ServeHTTP(w, testAuthRequest("POST", "/api/settings/reset-attendees", nil, token)) if w.Code != 403 { t.Fatalf("status = %d, want 403", w.Code) } } func TestResetDepartmentsCascadesShifts(t *testing.T) { app := testApp(t) admin := testAdminUser(t, app) token := testToken(t, app, admin) mux := testMux(app) dept, _ := app.createDepartment(Department{Name: "Rangers"}) app.createShift(Shift{DepartmentID: dept.ID, Day: "2026-03-01", StartTime: "09:00", EndTime: "12:00", Capacity: 5}) shifts, _ := app.listShifts(nil, "", "") if len(shifts) != 1 { t.Fatalf("shifts before reset = %d, want 1", len(shifts)) } w := httptest.NewRecorder() mux.ServeHTTP(w, testAuthRequest("POST", "/api/settings/reset-departments", nil, token)) if w.Code != 200 { t.Fatalf("status = %d: %s", w.Code, w.Body.String()) } depts, _ := app.listDepartments("") if len(depts) != 0 { t.Fatalf("departments remaining = %d, want 0", len(depts)) } shifts, _ = app.listShifts(nil, "", "") if len(shifts) != 0 { t.Fatalf("shifts should cascade-delete, remaining = %d", len(shifts)) } } func TestSettingsNonAdminRejected(t *testing.T) { app := testApp(t) gate := testUserWithRole(t, app, "gateuser", "gate", []int{}) token := testToken(t, app, gate) mux := testMux(app) req := testAuthRequest("GET", "/api/settings", nil, token) w := httptest.NewRecorder() mux.ServeHTTP(w, req) if w.Code != http.StatusForbidden { t.Errorf("status = %d, want 403", w.Code) } }