controles/tests/test_admin_routes.py

import pytest
from flask import url_for
from functions.database import Usuario, get_db_connection
from werkzeug.security import generate_password_hash
import json

@pytest.fixture
def admin_user(client):
    """Fixture que cria um usuário admin para testes"""
    db = get_db_connection()
    try:
        admin = Usuario(
            username='admin_test',
            email='admin@test.com',
            password_hash=generate_password_hash('admin123'),
            is_admin=True,
            is_active=True
        )
        db.add(admin)
        db.commit()
        return admin
    finally:
        db.close()

@pytest.fixture
def auth_admin_client(client, admin_user):
    """Fixture que retorna um cliente autenticado como admin"""
    client.post('/login', data={
        'email': 'admin@test.com',
        'password': 'admin123'
    })
    return client

def test_dashboard_access_sem_login(client):
    """Testa acesso ao dashboard sem login"""
    response = client.get('/admin/')
    assert response.status_code == 302
    assert '/login' in response.headers['Location']

def test_dashboard_access_com_login(auth_admin_client):
    """Testa acesso ao dashboard com login de admin"""
    response = auth_admin_client.get('/admin/')
    assert response.status_code == 200
    assert b'Dashboard Administrativo' in response.data

def test_lista_usuarios(auth_admin_client):
    """Testa listagem de usuários"""
    response = auth_admin_client.get('/admin/users')
    assert response.status_code == 200
    assert b'Lista de' in response.data
    assert b'admin_test' in response.data

def test_reset_otp(auth_admin_client, admin_user):
    """Testa reset de OTP"""
    response = auth_admin_client.post(f'/admin/users/{admin_user.id}/reset-otp')
    assert response.status_code == 302
    assert 'success' in response.headers['Location']

def test_reset_password(auth_admin_client, admin_user):
    """Testa reset de senha"""
    response = auth_admin_client.post(f'/admin/users/{admin_user.id}/reset-password')
    assert response.status_code == 302
    assert 'success' in response.headers['Location']

def test_toggle_status(auth_admin_client, admin_user):
    """Testa alteração de status do usuário"""
    response = auth_admin_client.post(
        f'/admin/users/{admin_user.id}/toggle-status',
        headers={'Content-Type': 'application/json'}
    )
    data = json.loads(response.data)
    assert response.status_code == 200
    assert data['success'] is True

def test_acesso_nao_admin(client):
    """Testa acesso de usuário não admin"""
    db = get_db_connection()
    try:
        # Criar usuário normal
        user = Usuario(
            username='normal_user',
            email='user@test.com',
            password_hash=generate_password_hash('user123'),
            is_admin=False,
            is_active=True
        )
        db.add(user)
        db.commit()

        # Login
        client.post('/login', data={
            'email': 'user@test.com',
            'password': 'user123'
        })

        # Tentar acessar área admin
        response = client.get('/admin/')
        assert response.status_code == 403
    finally:
        db.close()