96.99% test coverage

test/controllers/admin/users_controller_test.rb

@@ -18,6 +18,26 @@ class Admin::UsersControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
   end
 
+  test "should filter users by role" do
+    login_as(users(:admin_user))
+
+    get admin_users_path, params: { role: "reviewer" }
+
+    assert_response :success
+    assert_select "td", text: /#{Regexp.escape(users(:reviewer_user).email)}/
+    assert_select "td", text: /#{Regexp.escape(users(:contributor_user).email)}/, count: 0
+  end
+
+  test "should filter users by email query" do
+    login_as(users(:admin_user))
+
+    get admin_users_path, params: { q: "admin" }
+
+    assert_response :success
+    assert_select "td", text: /#{Regexp.escape(users(:admin_user).email)}/
+    assert_select "td", text: /#{Regexp.escape(users(:contributor_user).email)}/, count: 0
+  end
+
   test "should get edit page for user when logged in as admin" do
     login_as(users(:admin_user))
     get edit_admin_user_path(users(:contributor_user))
@@ -35,6 +55,45 @@ class Admin::UsersControllerTest < ActionDispatch::IntegrationTest
     assert_equal "reviewer", users(:contributor_user).reload.role
   end
 
+  test "should not allow admin to update own role" do
+    admin_user = users(:admin_user)
+    login_as(admin_user)
+
+    patch admin_user_path(admin_user), params: {
+      user: { role: "reviewer" }
+    }
+
+    assert_redirected_to admin_users_path
+    assert_equal "You cannot modify your own role.", flash[:alert]
+    assert_equal "admin", admin_user.reload.role
+  end
+
+  test "should ignore invalid role updates" do
+    login_as(users(:admin_user))
+    contributor = users(:contributor_user)
+
+    patch admin_user_path(contributor), params: {
+      user: { role: "invalid_role", name: "Updated Name" }
+    }
+
+    assert_redirected_to admin_users_path
+    contributor.reload
+    assert_equal "contributor", contributor.role
+    assert_equal "Updated Name", contributor.name
+  end
+
+  test "should render edit when update is invalid" do
+    login_as(users(:admin_user))
+    contributor = users(:contributor_user)
+
+    patch admin_user_path(contributor), params: {
+      user: { email: "" }
+    }
+
+    assert_response :unprocessable_entity
+    assert_select "li", text: "Email can't be blank"
+  end
+
   test "should delete user when logged in as admin" do
     login_as(users(:admin_user))
 
@@ -46,6 +105,37 @@ class Admin::UsersControllerTest < ActionDispatch::IntegrationTest
     assert_redirected_to admin_users_path
   end
 
+  test "should not allow admin to delete own account" do
+    admin_user = users(:admin_user)
+    login_as(admin_user)
+
+    assert_no_difference("User.count") do
+      delete admin_user_path(admin_user)
+    end
+
+    assert_redirected_to admin_users_path
+    assert_equal "You cannot delete your own account.", flash[:alert]
+  end
+
+  test "should not allow deleting first admin user" do
+    other_admin = User.create!(
+      email: "other-admin@example.com",
+      name: "Other Admin",
+      role: :admin,
+      primary_language: "en",
+      password: "password123456",
+      invitation_accepted_at: Time.current
+    )
+    login_as(other_admin)
+
+    assert_no_difference("User.count") do
+      delete admin_user_path(User.first)
+    end
+
+    assert_redirected_to admin_users_path
+    assert_equal "Cannot delete the first admin user (system default contact).", flash[:alert]
+  end
+
   test "should not allow non-admin to update user" do
     login_as(users(:contributor_user))