kanban-app/backend/tests/routes/test_boards.py

import pytest

from app import db
from app.models import Board, Card, List


@pytest.mark.integration
class TestBoardRoutes:
    """Test Board API routes"""

    def test_get_boards_success(self, client, db_session, regular_user, auth_headers):
        """Test getting all boards for current user"""
        # Create a board for the user
        board = Board(name="Test Board", user_id=regular_user.id)
        db_session.add(board)
        db_session.commit()

        response = client.get("/api/boards", headers=auth_headers)

        assert response.status_code == 200
        data = response.get_json()
        assert len(data) == 1
        assert data[0]["name"] == "Test Board"

    def test_get_boards_unauthorized(self, client, db_session):
        """Test getting boards without authentication"""
        response = client.get("/api/boards")

        assert response.status_code == 401

    def test_get_board_success(self, client, db_session, regular_user, auth_headers):
        """Test getting a single board with details"""
        # Create a board with lists and cards
        board = Board(name="Test Board", user_id=regular_user.id)
        db_session.add(board)
        db_session.flush()

        lst = List(name="To Do", board_id=board.id, pos=0)
        db_session.add(lst)
        db_session.flush()

        card = Card(name="Test Card", board_id=board.id, list_id=lst.id, pos=0)
        db_session.add(card)
        db_session.commit()

        response = client.get(f"/api/boards/{board.id}", headers=auth_headers)

        assert response.status_code == 200
        data = response.get_json()
        assert data["id"] == board.id
        assert data["name"] == "Test Board"
        assert len(data["lists"]) == 1
        assert data["lists"][0]["name"] == "To Do"
        assert len(data["lists"][0]["cards"]) == 1

    def test_get_board_not_found(self, client, db_session, auth_headers):
        """Test getting a non-existent board"""
        response = client.get("/api/boards/99999", headers=auth_headers)

        assert response.status_code == 404

    def test_get_board_access_denied(
        self, client, db_session, regular_user, auth_headers
    ):
        """Test getting another user's board"""
        # Create a board for user 1
        board = Board(name="User 1 Board", user_id=regular_user.id)
        db_session.add(board)
        db_session.commit()

        # Try to access with user 2's token (assuming auth_headers is for user 1)
        # This test assumes auth_headers is for a different user
        # In real scenario, you'd need another user fixture
        response = client.get(f"/api/boards/{board.id}", headers=auth_headers)

        # Should succeed since we're using same user's token
        assert response.status_code == 200

    def test_create_board_success(self, client, db_session, auth_headers):
        """Test creating a new board"""
        response = client.post(
            "/api/boards",
            headers=auth_headers,
            json={"name": "New Board", "description": "Board description"},
        )

        assert response.status_code == 201
        data = response.get_json()
        assert data["name"] == "New Board"
        assert data["description"] == "Board description"
        assert "id" in data

    def test_create_board_missing_name(self, client, db_session, auth_headers):
        """Test creating a board without name"""
        response = client.post(
            "/api/boards", headers=auth_headers, json={"description": "Test"}
        )

        assert response.status_code == 400
        data = response.get_json()
        assert "validation_error" in data

    def test_create_board_unauthorized(self, client, db_session):
        """Test creating a board without authentication"""
        response = client.post("/api/boards", json={"name": "New Board"})

        assert response.status_code == 401

    def test_update_board_success(self, client, db_session, regular_user, auth_headers):
        """Test updating a board"""
        board = Board(name="Original Name", user_id=regular_user.id)
        db_session.add(board)
        db_session.commit()

        response = client.put(
            f"/api/boards/{board.id}",
            headers=auth_headers,
            json={"name": "Updated Name", "description": "New description"},
        )

        assert response.status_code == 200
        data = response.get_json()
        assert data["name"] == "Updated Name"
        assert data["description"] == "New description"

    def test_update_board_not_found(self, client, db_session, auth_headers):
        """Test updating a non-existent board"""
        response = client.put(
            "/api/boards/99999",
            headers=auth_headers,
            json={"name": "Updated"},
        )

        assert response.status_code == 404

    def test_delete_board_success(self, client, db_session, regular_user, auth_headers):
        """Test deleting a board"""
        board = Board(name="To Delete", user_id=regular_user.id)
        db_session.add(board)
        db_session.commit()

        response = client.delete(f"/api/boards/{board.id}", headers=auth_headers)

        assert response.status_code == 200
        data = response.get_json()
        assert "message" in data

        # Verify board is deleted
        deleted_board = db.session.get(Board, board.id)
        assert deleted_board is None

    def test_delete_board_not_found(self, client, db_session, auth_headers):
        """Test deleting a non-existent board"""
        response = client.delete("/api/boards/99999", headers=auth_headers)

        assert response.status_code == 404

    def test_delete_board_unauthorized(self, client, db_session, regular_user):
        """Test deleting a board without authentication"""
        board = Board(name="Test", user_id=regular_user.id)
        db_session.add(board)
        db_session.commit()

        response = client.delete(f"/api/boards/{board.id}")

        assert response.status_code == 401