OneAuth/tests/org_load_middleware_test.go

package tests

import (
	"testing"
)

func TestOrgLoadMiddleware(t *testing.T) {
	ensureUsers(t)

	var orgID string

	// 1. User1 Creates Org (Owner)
	t.Run("User1 Creates Org", func(t *testing.T) {
		resp := doRequest(t, "POST", "/api/orgs", map[string]string{
			"code":        "test_org_load_mw",
			"name":        "Test Org Load Middleware",
			"description": "Created by User1 for Middleware Test",
		}, User1Token)

		assertStatus(t, resp, 200)

		var data struct {
			ID string `json:"id"`
		}
		decodeResponse(t, resp, &data)
		orgID = data.ID
	})

	if orgID == "" {
		t.Fatal("Failed to create org, skipping remaining tests")
	}

	// 2. User1 Get Org Details (Success)
	t.Run("User1 Get Org Details", func(t *testing.T) {
		resp := doRequest(t, "GET", "/api/orgs/"+orgID, nil, User1Token)
		assertStatus(t, resp, 200)

		var data OrgResp
		decodeResponse(t, resp, &data)
		if data.Name != "Test Org Load Middleware" {
			t.Errorf("Expected name 'Test Org Load Middleware', got '%s'", data.Name)
		}
	})

	// 3. User1 Update Org (Success)
	t.Run("User1 Update Org", func(t *testing.T) {
		resp := doRequest(t, "PATCH", "/api/orgs/"+orgID, map[string]string{
			"name": "Updated Org Middleware",
		}, User1Token)
		assertStatus(t, resp, 200)
	})

	// 4. User2 Get Org Details (Fail - 403 Forbidden)
	t.Run("User2 Get Org Details (Fail)", func(t *testing.T) {
		resp := doRequest(t, "GET", "/api/orgs/"+orgID, nil, User2Token)

		// Expect 403 or 404 depending on implementation of LoadOrg
		// Usually 403 if authenticated but not authorized
		if resp.Code == 200 {
			t.Errorf("Expected error code (403/404), got 200")
		} else {
			// Optional: check specific error code in body
			var errResp BaseResp
			decodeResponse(t, resp, &errResp)
			// e.g. 40300 or similar
			if errResp.Code < 40000 {
				t.Logf("Got error code: %d, msg: %s", errResp.Code, errResp.Msg)
			}
		}
	})

	// 5. User1 adds User2 as Member
	t.Run("User1 adds User2 as Member", func(t *testing.T) {
		resp := doRequest(t, "POST", "/api/orgs/"+orgID+"/members", map[string]string{
			"user_id": User2ID,
			"role":    "member",
		}, User1Token)
		assertStatus(t, resp, 200)
	})

	// 6. User2 Get Org Details (Success - Now Member)
	t.Run("User2 Get Org Details (Success)", func(t *testing.T) {
		resp := doRequest(t, "GET", "/api/orgs/"+orgID, nil, User2Token)
		assertStatus(t, resp, 200)

		var data OrgResp
		decodeResponse(t, resp, &data)
		if data.Name != "Updated Org Middleware" {
			t.Errorf("Expected name 'Updated Org Middleware', got '%s'", data.Name)
		}
	})
}
refactor(test): restructure integration tests for auth and permissions - Move and split 'auth/auth_test.go' into the 'tests/' directory - Add 'tests/main_test.go' for global test suite setup - Add 'tests/helpers_test.go' for shared test utilities - Create separate test files for different auth scenarios ('auth_test.go', 'none_auth_test.go') - Add focused tests for org permissions and middleware ('org_permission_test.go', 'resource_perm_test.go', 'org_load_middleware_test.go') 1 week ago			`package tests`

			`import (`
			`"testing"`
			`)`

			`func TestOrgLoadMiddleware(t *testing.T) {`
			`ensureUsers(t)`

			`var orgID string`

			`// 1. User1 Creates Org (Owner)`
			`t.Run("User1 Creates Org", func(t *testing.T) {`
			`resp := doRequest(t, "POST", "/api/orgs", map[string]string{`
			`"code": "test_org_load_mw",`
			`"name": "Test Org Load Middleware",`
			`"description": "Created by User1 for Middleware Test",`
			`}, User1Token)`

			`assertStatus(t, resp, 200)`

			`var data struct {`
			ID string `json:"id"`
			`}`
			`decodeResponse(t, resp, &data)`
			`orgID = data.ID`
			`})`

			`if orgID == "" {`
			`t.Fatal("Failed to create org, skipping remaining tests")`
			`}`

			`// 2. User1 Get Org Details (Success)`
			`t.Run("User1 Get Org Details", func(t *testing.T) {`
			`resp := doRequest(t, "GET", "/api/orgs/"+orgID, nil, User1Token)`
			`assertStatus(t, resp, 200)`

			`var data OrgResp`
			`decodeResponse(t, resp, &data)`
			`if data.Name != "Test Org Load Middleware" {`
			`t.Errorf("Expected name 'Test Org Load Middleware', got '%s'", data.Name)`
			`}`
			`})`

			`// 3. User1 Update Org (Success)`
			`t.Run("User1 Update Org", func(t *testing.T) {`
			`resp := doRequest(t, "PATCH", "/api/orgs/"+orgID, map[string]string{`
			`"name": "Updated Org Middleware",`
			`}, User1Token)`
			`assertStatus(t, resp, 200)`
			`})`

			`// 4. User2 Get Org Details (Fail - 403 Forbidden)`
			`t.Run("User2 Get Org Details (Fail)", func(t *testing.T) {`
			`resp := doRequest(t, "GET", "/api/orgs/"+orgID, nil, User2Token)`

			`// Expect 403 or 404 depending on implementation of LoadOrg`
			`// Usually 403 if authenticated but not authorized`
			`if resp.Code == 200 {`
			`t.Errorf("Expected error code (403/404), got 200")`
			`} else {`
			`// Optional: check specific error code in body`
			`var errResp BaseResp`
			`decodeResponse(t, resp, &errResp)`
			`// e.g. 40300 or similar`
			`if errResp.Code < 40000 {`
			`t.Logf("Got error code: %d, msg: %s", errResp.Code, errResp.Msg)`
			`}`
			`}`
			`})`

			`// 5. User1 adds User2 as Member`
			`t.Run("User1 adds User2 as Member", func(t *testing.T) {`
			`resp := doRequest(t, "POST", "/api/orgs/"+orgID+"/members", map[string]string{`
			`"user_id": User2ID,`
			`"role": "member",`
			`}, User1Token)`
			`assertStatus(t, resp, 200)`
			`})`

			`// 6. User2 Get Org Details (Success - Now Member)`
			`t.Run("User2 Get Org Details (Success)", func(t *testing.T) {`
			`resp := doRequest(t, "GET", "/api/orgs/"+orgID, nil, User2Token)`
			`assertStatus(t, resp, 200)`

			`var data OrgResp`
			`decodeResponse(t, resp, &data)`
			`if data.Name != "Updated Org Middleware" {`
			`t.Errorf("Expected name 'Updated Org Middleware', got '%s'", data.Name)`
			`}`
			`})`
			`}`