user-system/internal/api/handler/settings_handler_test.go

package handler_test

import (
	"net/http"
	"testing"

	"github.com/stretchr/testify/assert"
)

// =============================================================================
// SettingsHandler Tests - System Settings
// =============================================================================

// TestSettingsHandler_GetSettings_Success 验证获取系统设置
func TestSettingsHandler_GetSettings_Success(t *testing.T) {
	server, cleanup := setupHandlerTestServer(t)
	defer cleanup()

	token := bootstrapAdminToken(server.URL, "admin", "admin@test.com", "AdminPass123!")
	if token == "" {
		t.Fatal("bootstrap admin token should succeed")
	}

	resp, body := doGet(server.URL+"/api/v1/admin/settings", token)
	defer resp.Body.Close()

	assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusNotFound || resp.StatusCode == http.StatusInternalServerError,
		"should get settings, got %d: %s", resp.StatusCode, body)
}

// TestSettingsHandler_GetSettings_NonAdmin 验证非管理员访问
func TestSettingsHandler_GetSettings_NonAdmin(t *testing.T) {
	server, cleanup := setupHandlerTestServer(t)
	defer cleanup()

	registerUser(server.URL, "regular", "regular@test.com", "Pass123!")
	token := getToken(server.URL, "regular", "Pass123!")
	assert.NotEmpty(t, token)

	resp, _ := doGet(server.URL+"/api/v1/admin/settings", token)
	defer resp.Body.Close()

	assert.True(t, resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusOK,
		"should handle non-admin access, got %d", resp.StatusCode)
}

// TestSettingsHandler_GetSettings_Unauthorized 验证未认证访问
func TestSettingsHandler_GetSettings_Unauthorized(t *testing.T) {
	server, cleanup := setupHandlerTestServer(t)
	defer cleanup()

	resp, _ := doGet(server.URL+"/api/v1/admin/settings", "")
	defer resp.Body.Close()

	assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusForbidden,
		"should require auth, got %d", resp.StatusCode)
}