feat(client): add admin GUI for stations CRUD and recipe assignments

Adds a complete browser-based interface for managing stations, closing the last deliverable of rev04 Phase 1. - New /admin/stations page with stations table, create/edit modal, delete confirmation and dedicated recipe-assignment modal - Proxy endpoints under /admin/api/stations/* covering CRUD and recipe assign/unassign so all admin operations stay behind the Flask CSRF + admin_required guard - Navbar entry "Stazioni" (desktop + mobile), visible to admins only - 10 new tests covering page render, every proxy and the non-admin redirect Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 11:50:33 +02:00
parent 946264637b
commit a6c335ca8b
4 changed files with 824 additions and 2 deletions
@@ -0,0 +1,134 @@
+"""Tests for the admin Stations management UI and proxy endpoints."""
+from unittest.mock import MagicMock, patch
+
+import pytest
+
+
+@pytest.fixture
+def mock_admin_api():
+    """Patch api_client used by the admin blueprint."""
+    mock = MagicMock()
+    with patch("blueprints.admin.api_client", mock):
+        yield mock
+
+
+def test_station_list_page_requires_admin(logged_in_client, mock_admin_api):
+    mock_admin_api.get.return_value = []
+    resp = logged_in_client.get("/admin/stations")
+    assert resp.status_code == 200
+    assert b"Gestione Stazioni" in resp.data or b"stations" in resp.data.lower()
+
+
+def test_station_list_page_calls_correct_endpoints(logged_in_client, mock_admin_api):
+    mock_admin_api.get.side_effect = [
+        [{"id": 1, "code": "ST-001", "name": "Linea A", "location": None,
+          "notes": None, "active": True, "created_by": 1, "created_at": "2026-04-25T10:00:00"}],
+        [{"id": 1, "code": "REC-001", "name": "Test Recipe", "active": True}],
+    ]
+    resp = logged_in_client.get("/admin/stations")
+    assert resp.status_code == 200
+    calls = [c.args[0] for c in mock_admin_api.get.call_args_list]
+    assert "/api/stations" in calls
+    assert "/api/recipes" in calls
+
+
+def test_create_station_proxy(logged_in_client, mock_admin_api):
+    mock_admin_api.post.return_value = {
+        "id": 5, "code": "ST-005", "name": "Nuova",
+        "location": None, "notes": None, "active": True,
+        "created_by": 1, "created_at": "2026-04-25T10:00:00",
+    }
+    resp = logged_in_client.post(
+        "/admin/api/stations",
+        json={"code": "ST-005", "name": "Nuova", "active": True},
+    )
+    assert resp.status_code == 201
+    body = resp.get_json()
+    assert body["code"] == "ST-005"
+    mock_admin_api.post.assert_called_once_with(
+        "/api/stations",
+        data={"code": "ST-005", "name": "Nuova", "active": True},
+    )
+
+
+def test_create_station_propagates_error(logged_in_client, mock_admin_api):
+    mock_admin_api.post.return_value = {
+        "error": True, "status_code": 409, "detail": "code already exists",
+    }
+    resp = logged_in_client.post(
+        "/admin/api/stations", json={"code": "ST-001", "name": "x"},
+    )
+    assert resp.status_code == 409
+    assert resp.get_json()["detail"] == "code already exists"
+
+
+def test_update_station_proxy(logged_in_client, mock_admin_api):
+    mock_admin_api.put.return_value = {
+        "id": 3, "code": "ST-003", "name": "Aggiornata",
+        "location": "Reparto B", "notes": None, "active": False,
+        "created_by": 1, "created_at": "2026-04-25T10:00:00",
+    }
+    resp = logged_in_client.put(
+        "/admin/api/stations/3",
+        json={"name": "Aggiornata", "location": "Reparto B", "active": False},
+    )
+    assert resp.status_code == 200
+    mock_admin_api.put.assert_called_once_with(
+        "/api/stations/3",
+        data={"name": "Aggiornata", "location": "Reparto B", "active": False},
+    )
+
+
+def test_delete_station_proxy(logged_in_client, mock_admin_api):
+    mock_admin_api.delete.return_value = {}
+    resp = logged_in_client.delete("/admin/api/stations/7")
+    assert resp.status_code == 200
+    assert resp.get_json() == {"deleted": True}
+    mock_admin_api.delete.assert_called_once_with("/api/stations/7")
+
+
+def test_assign_recipe_proxy(logged_in_client, mock_admin_api):
+    mock_admin_api.post.return_value = {
+        "id": 1, "station_id": 2, "recipe_id": 10,
+        "assigned_by": 1, "assigned_at": "2026-04-25T10:00:00",
+    }
+    resp = logged_in_client.post(
+        "/admin/api/stations/2/recipes", json={"recipe_id": 10},
+    )
+    assert resp.status_code == 201
+    mock_admin_api.post.assert_called_once_with(
+        "/api/stations/2/recipes", data={"recipe_id": 10},
+    )
+
+
+def test_unassign_recipe_proxy(logged_in_client, mock_admin_api):
+    mock_admin_api.delete.return_value = {}
+    resp = logged_in_client.delete("/admin/api/stations/2/recipes/10")
+    assert resp.status_code == 200
+    mock_admin_api.delete.assert_called_once_with("/api/stations/2/recipes/10")
+
+
+def test_list_station_recipes_proxy(logged_in_client, mock_admin_api):
+    mock_admin_api.get.return_value = [
+        {"id": 1, "code": "REC-001", "name": "R1", "active": True},
+    ]
+    resp = logged_in_client.get("/admin/api/stations/2/recipes")
+    assert resp.status_code == 200
+    assert resp.get_json() == [{"id": 1, "code": "REC-001", "name": "R1", "active": True}]
+    mock_admin_api.get.assert_called_once_with("/api/stations/2/recipes")
+
+
+def test_non_admin_cannot_access(client, mock_admin_api):
+    """Non-admin user gets redirected away from station management."""
+    with client.session_transaction() as sess:
+        sess["api_key"] = "test-key"
+        sess["user"] = {
+            "id": 2,
+            "username": "operator",
+            "roles": ["MeasurementTec"],
+            "is_admin": False,
+            "active": True,
+        }
+        sess["user_id"] = 2
+    resp = client.get("/admin/stations", follow_redirects=False)
+    assert resp.status_code in (301, 302)