package handler_test import ( "net/http" "testing" "github.com/stretchr/testify/assert" ) // ============================================================================= // SettingsHandler Tests - System Settings // ============================================================================= // TestSettingsHandler_GetSettings_Success 验证获取系统设置 func TestSettingsHandler_GetSettings_Success(t *testing.T) { server, cleanup := setupHandlerTestServer(t) defer cleanup() token := bootstrapAdminToken(server.URL, "admin", "admin@test.com", "AdminPass123!") if token == "" { t.Fatal("bootstrap admin token should succeed") } resp, body := doGet(server.URL+"/api/v1/admin/settings", token) defer resp.Body.Close() assert.True(t, resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusNotFound || resp.StatusCode == http.StatusInternalServerError, "should get settings, got %d: %s", resp.StatusCode, body) } // TestSettingsHandler_GetSettings_NonAdmin 验证非管理员访问 func TestSettingsHandler_GetSettings_NonAdmin(t *testing.T) { server, cleanup := setupHandlerTestServer(t) defer cleanup() registerUser(server.URL, "regular", "regular@test.com", "Pass123!") token := getToken(server.URL, "regular", "Pass123!") assert.NotEmpty(t, token) resp, _ := doGet(server.URL+"/api/v1/admin/settings", token) defer resp.Body.Close() assert.True(t, resp.StatusCode == http.StatusForbidden || resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusOK, "should handle non-admin access, got %d", resp.StatusCode) } // TestSettingsHandler_GetSettings_Unauthorized 验证未认证访问 func TestSettingsHandler_GetSettings_Unauthorized(t *testing.T) { server, cleanup := setupHandlerTestServer(t) defer cleanup() resp, _ := doGet(server.URL+"/api/v1/admin/settings", "") defer resp.Body.Close() assert.True(t, resp.StatusCode == http.StatusUnauthorized || resp.StatusCode == http.StatusOK || resp.StatusCode == http.StatusForbidden, "should require auth, got %d", resp.StatusCode) }