project initialization

backend/tests/contract/test_users_get.py

@@ -0,0 +1,185 @@
+"""
+Contract test for GET /users endpoint.
+This test MUST fail before implementation.
+"""
+
+import pytest
+from django.test import TestCase
+from django.urls import reverse
+from rest_framework.test import APIClient
+from rest_framework import status
+import json
+
+
+class UsersGetContractTest(TestCase):
+    def setUp(self):
+        self.client = APIClient()
+        self.users_url = '/api/v1/users/'
+
+        # Admin authentication header
+        self.admin_auth = {'HTTP_AUTHORIZATION': 'Bearer admin_token'}
+
+        # Regular user authentication header
+        self.user_auth = {'HTTP_AUTHORIZATION': 'Bearer user_token'}
+
+    def test_get_users_success_admin(self):
+        """Test successful retrieval of users list by admin."""
+        response = self.client.get(
+            self.users_url,
+            **self.admin_auth
+        )
+
+        # This should fail before implementation
+        assert response.status_code == status.HTTP_200_OK
+
+        data = response.json()
+        assert 'users' in data
+        assert isinstance(data['users'], list)
+
+        # Check pagination structure
+        assert 'pagination' in data
+        pagination = data['pagination']
+        assert 'page' in pagination
+        assert 'limit' in pagination
+        assert 'total' in pagination
+        assert 'pages' in pagination
+
+    def test_get_users_success_tenant_admin(self):
+        """Test successful retrieval of users list by tenant admin."""
+        response = self.client.get(
+            self.users_url,
+            **self.user_auth
+        )
+
+        # This should fail before implementation
+        assert response.status_code == status.HTTP_200_OK
+
+        data = response.json()
+        assert 'users' in data
+        assert isinstance(data['users'], list)
+
+        # Tenant admin should only see users from their tenant
+        # This will be validated once implementation exists
+
+    def test_get_users_unauthorized(self):
+        """Test users list retrieval without authentication."""
+        response = self.client.get(self.users_url)
+
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+
+    def test_get_users_with_pagination(self):
+        """Test users list retrieval with pagination parameters."""
+        params = {
+            'page': 2,
+            'limit': 10
+        }
+
+        response = self.client.get(
+            self.users_url,
+            data=params,
+            **self.admin_auth
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+
+        data = response.json()
+        assert data['pagination']['page'] == 2
+        assert data['pagination']['limit'] == 10
+
+    def test_get_users_with_search(self):
+        """Test users list retrieval with search parameter."""
+        params = {
+            'search': 'john'
+        }
+
+        response = self.client.get(
+            self.users_url,
+            data=params,
+            **self.admin_auth
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+
+        data = response.json()
+        # All returned users should match search criteria
+        for user in data['users']:
+            assert 'john' in user['name'].lower() or 'john' in user['email'].lower()
+
+    def test_get_users_filter_by_role(self):
+        """Test users list retrieval filtered by role."""
+        params = {
+            'role': 'TENANT_ADMIN'
+        }
+
+        response = self.client.get(
+            self.users_url,
+            data=params,
+            **self.admin_auth
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+
+        data = response.json()
+        # All returned users should have the specified role
+        for user in data['users']:
+            assert user['role'] == 'TENANT_ADMIN'
+
+    def test_get_users_filter_by_status(self):
+        """Test users list retrieval filtered by status."""
+        params = {
+            'status': 'ACTIVE'
+        }
+
+        response = self.client.get(
+            self.users_url,
+            data=params,
+            **self.admin_auth
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+
+        data = response.json()
+        # All returned users should have the specified status
+        for user in data['users']:
+            assert user['status'] == 'ACTIVE'
+
+    def test_get_users_tenant_isolation(self):
+        """Test that tenant admin can only see users from their tenant."""
+        # This test verifies tenant isolation for user data
+        response = self.client.get(
+            self.users_url,
+            **self.user_auth
+        )
+
+        if response.status_code == status.HTTP_200_OK:
+            data = response.json()
+            # For tenant users, all returned users should belong to their tenant
+            # This will be validated once implementation exists
+            pass
+
+    def test_get_users_data_structure(self):
+        """Test that user data structure matches the contract."""
+        response = self.client.get(
+            self.users_url,
+            **self.admin_auth
+        )
+
+        if response.status_code == status.HTTP_200_OK and len(response.json()['users']) > 0:
+            user = response.json()['users'][0]
+
+            # Required fields according to contract
+            required_fields = [
+                'id', 'email', 'name', 'role', 'status',
+                'tenant_id', 'created_at', 'last_login'
+            ]
+
+            for field in required_fields:
+                assert field in user
+
+            # Field types and enums
+            assert isinstance(user['id'], str)
+            assert isinstance(user['email'], str)
+            assert isinstance(user['name'], str)
+            assert user['role'] in ['SUPER_ADMIN', 'TENANT_ADMIN', 'MANAGER', 'STAFF', 'VIEWER']
+            assert user['status'] in ['ACTIVE', 'INACTIVE', 'PENDING', 'SUSPENDED']
+            assert isinstance(user['tenant_id'], str)