package handlers import ( "net/http" "net/http/httptest" "testing" "github.com/google/uuid" "mgit.msbls.de/m/KanzlAI-mGMT/internal/auth" ) func TestDocumentListByCase_NoTenant(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("GET", "/api/cases/"+uuid.New().String()+"/documents", nil) r.SetPathValue("id", uuid.New().String()) w := httptest.NewRecorder() h.ListByCase(w, r) if w.Code != http.StatusForbidden { t.Errorf("expected 403, got %d", w.Code) } } func TestDocumentListByCase_InvalidCaseID(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("GET", "/api/cases/bad-id/documents", nil) r.SetPathValue("id", "bad-id") ctx := auth.ContextWithTenantID( auth.ContextWithUserID(r.Context(), uuid.New()), uuid.New(), ) r = r.WithContext(ctx) w := httptest.NewRecorder() h.ListByCase(w, r) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestDocumentUpload_NoTenant(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("POST", "/api/cases/"+uuid.New().String()+"/documents", nil) r.SetPathValue("id", uuid.New().String()) w := httptest.NewRecorder() h.Upload(w, r) if w.Code != http.StatusForbidden { t.Errorf("expected 403, got %d", w.Code) } } func TestDocumentUpload_InvalidCaseID(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("POST", "/api/cases/bad-id/documents", nil) r.SetPathValue("id", "bad-id") ctx := auth.ContextWithTenantID( auth.ContextWithUserID(r.Context(), uuid.New()), uuid.New(), ) r = r.WithContext(ctx) w := httptest.NewRecorder() h.Upload(w, r) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestDocumentDownload_NoTenant(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("GET", "/api/documents/"+uuid.New().String(), nil) r.SetPathValue("docId", uuid.New().String()) w := httptest.NewRecorder() h.Download(w, r) if w.Code != http.StatusForbidden { t.Errorf("expected 403, got %d", w.Code) } } func TestDocumentDownload_InvalidID(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("GET", "/api/documents/bad-id", nil) r.SetPathValue("docId", "bad-id") ctx := auth.ContextWithTenantID( auth.ContextWithUserID(r.Context(), uuid.New()), uuid.New(), ) r = r.WithContext(ctx) w := httptest.NewRecorder() h.Download(w, r) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestDocumentGetMeta_NoTenant(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("GET", "/api/documents/"+uuid.New().String()+"/meta", nil) r.SetPathValue("docId", uuid.New().String()) w := httptest.NewRecorder() h.GetMeta(w, r) if w.Code != http.StatusForbidden { t.Errorf("expected 403, got %d", w.Code) } } func TestDocumentGetMeta_InvalidID(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("GET", "/api/documents/bad-id/meta", nil) r.SetPathValue("docId", "bad-id") ctx := auth.ContextWithTenantID( auth.ContextWithUserID(r.Context(), uuid.New()), uuid.New(), ) r = r.WithContext(ctx) w := httptest.NewRecorder() h.GetMeta(w, r) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } } func TestDocumentDelete_NoTenant(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("DELETE", "/api/documents/"+uuid.New().String(), nil) r.SetPathValue("docId", uuid.New().String()) w := httptest.NewRecorder() h.Delete(w, r) if w.Code != http.StatusForbidden { t.Errorf("expected 403, got %d", w.Code) } } func TestDocumentDelete_InvalidID(t *testing.T) { h := &DocumentHandler{} r := httptest.NewRequest("DELETE", "/api/documents/bad-id", nil) r.SetPathValue("docId", "bad-id") ctx := auth.ContextWithTenantID( auth.ContextWithUserID(r.Context(), uuid.New()), uuid.New(), ) r = r.WithContext(ctx) w := httptest.NewRecorder() h.Delete(w, r) if w.Code != http.StatusBadRequest { t.Errorf("expected 400, got %d", w.Code) } }