feat(admin): add dedicated routes for admin user management (#37)

- New GET /admin/users/new page: create user with all profile fields (login, password, firstName, lastName, birthDate, email, contact, groups) - New GET /admin/users/[id] page: edit user profile, groups, and optional password change without requiring current password - New PUT /api/users/{id} backend endpoint (ADMIN_USER permission) with AdminUpdateUserRequest DTO for admin-override user updates - Refactored admin users tab: replaced inline editing with edit links to dedicated routes; create button now links to /admin/users/new - Extended CreateUserRequest with profile fields so new users can be created with full profile data in a single request - Added 28 component tests across 3 new spec files (TDD) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 16:33:50 +01:00
parent 9731afb776
commit fb4f8e820c
16 changed files with 999 additions and 199 deletions
--- a/frontend/src/routes/admin/users/[id]/page.svelte.spec.ts
+++ b/frontend/src/routes/admin/users/[id]/page.svelte.spec.ts
@@ -0,0 +1,129 @@
+import { afterEach, describe, expect, it, vi } from 'vitest';
+import { cleanup, render } from 'vitest-browser-svelte';
+import { page } from 'vitest/browser';
+import Page from './+page.svelte';
+
+vi.mock('$app/forms', () => ({ enhance: () => () => {} }));
+
+const groups = [
+	{ id: 'g1', name: 'Editoren', permissions: ['WRITE_ALL'] },
+	{ id: 'g2', name: 'Admins', permissions: ['ADMIN'] }
+];
+
+const makeUser = (overrides = {}) => ({
+	id: 'u1',
+	username: 'max',
+	firstName: 'Max',
+	lastName: 'Mustermann',
+	email: 'max@example.com',
+	birthDate: '1985-03-22',
+	contact: 'Tel: 0123',
+	enabled: true,
+	groups: [{ id: 'g1', name: 'Editoren', permissions: ['WRITE_ALL'] }],
+	createdAt: '2024-01-01T00:00:00Z',
+	...overrides
+});
+
+const baseData = { editUser: makeUser(), groups };
+
+afterEach(cleanup);
+
+// ─── Rendering ────────────────────────────────────────────────────────────────
+
+describe('Admin edit user page – rendering', () => {
+	it('renders the heading with username', async () => {
+		render(Page, { data: baseData });
+		await expect.element(page.getByText(/Benutzer bearbeiten: max/i)).toBeInTheDocument();
+	});
+
+	it('pre-fills first name from editUser data', async () => {
+		render(Page, { data: baseData });
+		const input = document.querySelector<HTMLInputElement>('input[name="firstName"]');
+		expect(input?.value).toBe('Max');
+	});
+
+	it('pre-fills last name from editUser data', async () => {
+		render(Page, { data: baseData });
+		const input = document.querySelector<HTMLInputElement>('input[name="lastName"]');
+		expect(input?.value).toBe('Mustermann');
+	});
+
+	it('pre-fills email from editUser data', async () => {
+		render(Page, { data: baseData });
+		const input = document.querySelector<HTMLInputElement>('input[name="email"]');
+		expect(input?.value).toBe('max@example.com');
+	});
+
+	it('pre-fills birth date in German format (dd.mm.yyyy)', async () => {
+		render(Page, { data: baseData });
+		const input = document.querySelector<HTMLInputElement>('input[placeholder="TT.MM.JJJJ"]');
+		expect(input?.value).toBe('22.03.1985');
+	});
+
+	it('pre-fills contact field', async () => {
+		render(Page, { data: baseData });
+		const textarea = document.querySelector<HTMLTextAreaElement>('textarea[name="contact"]');
+		expect(textarea?.value).toBe('Tel: 0123');
+	});
+
+	it('renders group checkboxes', async () => {
+		render(Page, { data: baseData });
+		await expect.element(page.getByText('Editoren')).toBeInTheDocument();
+		await expect.element(page.getByText('Admins')).toBeInTheDocument();
+	});
+
+	it('pre-selects the groups the user already belongs to', async () => {
+		render(Page, { data: baseData });
+		const checkbox = document.querySelector<HTMLInputElement>(
+			'input[type="checkbox"][name="groupIds"][value="g1"]'
+		);
+		expect(checkbox?.checked).toBe(true);
+	});
+
+	it('does not pre-select groups the user does not belong to', async () => {
+		render(Page, { data: baseData });
+		const checkbox = document.querySelector<HTMLInputElement>(
+			'input[type="checkbox"][name="groupIds"][value="g2"]'
+		);
+		expect(checkbox?.checked).toBe(false);
+	});
+
+	it('password fields are empty by default', async () => {
+		render(Page, { data: baseData });
+		const passwordInputs = document.querySelectorAll<HTMLInputElement>('input[type="password"]');
+		passwordInputs.forEach((input) => {
+			expect(input.value).toBe('');
+		});
+	});
+
+	it('cancel link points to /admin', async () => {
+		render(Page, { data: baseData });
+		await expect
+			.element(page.getByRole('link', { name: /Abbrechen/i }))
+			.toHaveAttribute('href', '/admin');
+	});
+
+	it('renders the save button', async () => {
+		render(Page, { data: baseData });
+		await expect.element(page.getByRole('button', { name: /Speichern/i })).toBeInTheDocument();
+	});
+});
+
+// ─── Feedback messages ────────────────────────────────────────────────────────
+
+describe('Admin edit user page – feedback', () => {
+	it('shows success message when form.success is true', async () => {
+		render(Page, { data: baseData, form: { success: true } });
+		await expect.element(page.getByText(/Änderungen gespeichert/i)).toBeInTheDocument();
+	});
+
+	it('shows error message when form.error is set', async () => {
+		render(Page, { data: baseData, form: { error: 'Ungültige Eingabe.' } });
+		await expect.element(page.getByText('Ungültige Eingabe.')).toBeInTheDocument();
+	});
+
+	it('does not show success message when form is null', async () => {
+		render(Page, { data: baseData, form: null });
+		await expect.element(page.getByText(/Änderungen gespeichert/i)).not.toBeInTheDocument();
+	});
+});