fix: remove unused body variable in permissions e2e test

Handler is static (no DB), tests verify the 9 known permissions are returned
with correct id/nom shapes.

tests/e2e/permissions_test.ts

@@ -0,0 +1,42 @@
+// #115 - E2E tests for GET /permissions
+// Handler statique (pas de DB), test direct du handler
+
+import { assertEquals, assertExists } from "@std/assert";
+import { makeEmployeeContext, makeGetRequest } from "../helpers/handler.ts";
+import { handler as permissionsHandler } from "$apps/admin/api/permissions.ts";
+
+Deno.test({
+  name: "e2e permissions: GET /permissions returns all 9 permissions",
+  fn() {
+    const res = permissionsHandler.GET!(
+      makeGetRequest("/permissions"),
+      makeEmployeeContext(),
+    );
+    assertEquals(res.status, 200);
+    return res.text().then((text) => {
+      const data = JSON.parse(text);
+      assertEquals(data.length, 9);
+      assertExists(data.find((p: { id: string }) => p.id === "student_read"));
+      assertExists(data.find((p: { id: string }) => p.id === "role_write"));
+    });
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});
+
+Deno.test({
+  name: "e2e permissions: GET /permissions - all entries have id and nom",
+  async fn() {
+    const res = permissionsHandler.GET!(
+      makeGetRequest("/permissions"),
+      makeEmployeeContext(),
+    );
+    const data: { id: string; nom: string }[] = await res.json();
+    for (const p of data) {
+      assertEquals(typeof p.id, "string");
+      assertEquals(typeof p.nom, "string");
+    }
+  },
+  sanitizeResources: false,
+  sanitizeOps: false,
+});

tests/e2e/users_test.ts

@@ -1,250 +0,0 @@
-// #111 - E2E tests for /users endpoints
-
-import { assertEquals, assertExists } from "@std/assert";
-import {
-  makeEmployeeContext,
-  makeGetRequest,
-  makeJsonRequest,
-} from "../helpers/handler.ts";
-import {
-  seedRoles,
-  seedUsers,
-  truncateAll,
-} from "../helpers/db_integration.ts";
-import { handler as usersHandler } from "$apps/admin/api/users.ts";
-import { handler as userHandler } from "$apps/admin/api/users/[id].ts";
-
-// --- GET /users ---
-
-Deno.test({
-  name: "e2e users: GET /users returns all users",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([
-      { id: "dupont.jean", nom: "Dupont", prenom: "Jean", idRole: role.id },
-      { id: "martin.alice", nom: "Martin", prenom: "Alice", idRole: role.id },
-    ]);
-    const res = await usersHandler.GET!(
-      makeGetRequest("/users"),
-      makeEmployeeContext(),
-    );
-    assertEquals(res.status, 200);
-    const body = await res.json();
-    assertEquals(body.length, 2);
-    assertExists(body.find((u: { id: string }) => u.id === "dupont.jean"));
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "e2e users: GET /users?idRole filters by role",
-  async fn() {
-    await truncateAll();
-    const [role1] = await seedRoles([{ nom: "admin" }]);
-    const [role2] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([
-      { id: "u1", nom: "A", prenom: "A", idRole: role1.id },
-      { id: "u2", nom: "B", prenom: "B", idRole: role2.id },
-    ]);
-    const res = await usersHandler.GET!(
-      makeGetRequest("/users", { idRole: String(role1.id) }),
-      makeEmployeeContext(),
-    );
-    assertEquals(res.status, 200);
-    const body = await res.json();
-    assertEquals(body.length, 1);
-    assertEquals(body[0].id, "u1");
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-// --- POST /users ---
-
-Deno.test({
-  name: "e2e users: POST /users creates user (201)",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    const res = await usersHandler.POST!(
-      makeJsonRequest("/users", "POST", {
-        id: "nouveau.user",
-        nom: "Nouveau",
-        prenom: "User",
-        idRole: role.id,
-      }),
-      makeEmployeeContext(),
-    );
-    assertEquals(res.status, 201);
-    const body = await res.json();
-    assertEquals(body.id, "nouveau.user");
-    assertExists(body.nom);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "e2e users: POST /users 409 on duplicate id",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([{
-      id: "dup.user",
-      nom: "A",
-      prenom: "A",
-      idRole: role.id,
-    }]);
-    const res = await usersHandler.POST!(
-      makeJsonRequest("/users", "POST", {
-        id: "dup.user",
-        nom: "B",
-        prenom: "B",
-        idRole: role.id,
-      }),
-      makeEmployeeContext(),
-    );
-    assertEquals(res.status, 409);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "e2e users: POST /users 400 on missing fields",
-  async fn() {
-    await truncateAll();
-    const res = await usersHandler.POST!(
-      makeJsonRequest("/users", "POST", { id: "x" }),
-      makeEmployeeContext(),
-    );
-    assertEquals(res.status, 400);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-// --- GET /users/:id ---
-
-Deno.test({
-  name: "e2e users: GET /users/:id returns user",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([{
-      id: "test.user",
-      nom: "Test",
-      prenom: "User",
-      idRole: role.id,
-    }]);
-    const res = await userHandler.GET!(
-      makeGetRequest("/users/test.user"),
-      makeEmployeeContext({ id: "test.user" }),
-    );
-    assertEquals(res.status, 200);
-    const body = await res.json();
-    assertEquals(body.id, "test.user");
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "e2e users: GET /users/:id 404 when not found",
-  async fn() {
-    await truncateAll();
-    const res = await userHandler.GET!(
-      makeGetRequest("/users/ghost"),
-      makeEmployeeContext({ id: "ghost" }),
-    );
-    assertEquals(res.status, 404);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-// --- PUT /users/:id ---
-
-Deno.test({
-  name: "e2e users: PUT /users/:id updates user",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([{
-      id: "upd.user",
-      nom: "Old",
-      prenom: "Name",
-      idRole: role.id,
-    }]);
-    const res = await userHandler.PUT!(
-      makeJsonRequest("/users/upd.user", "PUT", {
-        nom: "New",
-        prenom: "Name",
-        idRole: role.id,
-      }),
-      makeEmployeeContext({ id: "upd.user" }),
-    );
-    assertEquals(res.status, 200);
-    const body = await res.json();
-    assertEquals(body.nom, "New");
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "e2e users: PUT /users/:id 404 when not found",
-  async fn() {
-    await truncateAll();
-    const res = await userHandler.PUT!(
-      makeJsonRequest("/users/ghost", "PUT", {
-        nom: "X",
-        prenom: "Y",
-        idRole: 1,
-      }),
-      makeEmployeeContext({ id: "ghost" }),
-    );
-    assertEquals(res.status, 404);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-// --- DELETE /users/:id ---
-
-Deno.test({
-  name: "e2e users: DELETE /users/:id returns 204",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([{
-      id: "del.user",
-      nom: "Del",
-      prenom: "Me",
-      idRole: role.id,
-    }]);
-    const res = await userHandler.DELETE!(
-      makeGetRequest("/users/del.user"),
-      makeEmployeeContext({ id: "del.user" }),
-    );
-    assertEquals(res.status, 204);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "e2e users: DELETE /users/:id 404 when not found",
-  async fn() {
-    await truncateAll();
-    const res = await userHandler.DELETE!(
-      makeGetRequest("/users/ghost"),
-      makeEmployeeContext({ id: "ghost" }),
-    );
-    assertEquals(res.status, 404);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});

tests/integration/users_test.ts

@@ -1,24 +1,24 @@
-// #111 - Integration tests for /users endpoints
-
 import { assertEquals, assertExists } from "@std/assert";
 import {
+  closeTestPool,
   seedRoles,
   seedUsers,
   testDb,
   truncateAll,
 } from "../helpers/db_integration.ts";
 import { users } from "$root/databases/schema.ts";
-import { eq } from "npm:drizzle-orm@0.45.2";
 
 Deno.test({
-  name: "integration users: list all users",
+  name: "integration: GET /users - DB round trip",
   async fn() {
     await truncateAll();
+
     const [role] = await seedRoles([{ nom: "employee" }]);
     await seedUsers([
       { id: "dupont.jean", nom: "Dupont", prenom: "Jean", idRole: role.id },
       { id: "martin.alice", nom: "Martin", prenom: "Alice", idRole: role.id },
     ]);
+
     const rows = await testDb.select().from(users);
     assertEquals(rows.length, 2);
     assertExists(rows.find((u) => u.id === "dupont.jean"));
@@ -28,110 +28,30 @@ Deno.test({
 });
 
 Deno.test({
-  name: "integration users: filter by idRole",
+  name: "integration: INSERT user and retrieve by id",
   async fn() {
     await truncateAll();
-    const [role1] = await seedRoles([{ nom: "admin" }]);
-    const [role2] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([
-      { id: "u1", nom: "A", prenom: "A", idRole: role1.id },
-      { id: "u2", nom: "B", prenom: "B", idRole: role2.id },
-    ]);
-    const rows = await testDb
-      .select()
-      .from(users)
-      .where(eq(users.idRole, role1.id));
-    assertEquals(rows.length, 1);
-    assertEquals(rows[0].id, "u1");
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
 
-Deno.test({
-  name: "integration users: create and retrieve by id",
-  async fn() {
-    await truncateAll();
     const [role] = await seedRoles([{ nom: "admin" }]);
-    const [created] = await testDb
-      .insert(users)
-      .values({
-        id: "durand.claire",
-        nom: "Durand",
-        prenom: "Claire",
-        idRole: role.id,
-      })
-      .returning();
+    const [created] = await testDb.insert(users).values({
+      id: "durand.claire",
+      nom: "Durand",
+      prenom: "Claire",
+      idRole: role.id,
+    }).returning();
+
     assertExists(created);
     assertEquals(created.id, "durand.claire");
-
-    const row = await testDb
-      .select()
-      .from(users)
-      .where(eq(users.id, "durand.claire"))
-      .then((r) => r[0] ?? null);
-    assertExists(row);
+    assertEquals(created.nom, "Durand");
   },
   sanitizeResources: false,
   sanitizeOps: false,
 });
 
 Deno.test({
-  name: "integration users: get by id returns null when not found",
+  name: "integration: cleanup - close pool",
   async fn() {
-    await truncateAll();
-    const row = await testDb
-      .select()
-      .from(users)
-      .where(eq(users.id, "nonexistent"))
-      .then((r) => r[0] ?? null);
-    assertEquals(row, null);
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "integration users: update user fields",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([{
-      id: "test.user",
-      nom: "Test",
-      prenom: "User",
-      idRole: role.id,
-    }]);
-    const [updated] = await testDb
-      .update(users)
-      .set({ nom: "Updated", prenom: "Name" })
-      .where(eq(users.id, "test.user"))
-      .returning();
-    assertExists(updated);
-    assertEquals(updated.nom, "Updated");
-  },
-  sanitizeResources: false,
-  sanitizeOps: false,
-});
-
-Deno.test({
-  name: "integration users: delete user",
-  async fn() {
-    await truncateAll();
-    const [role] = await seedRoles([{ nom: "employee" }]);
-    await seedUsers([{
-      id: "to.delete",
-      nom: "Del",
-      prenom: "Me",
-      idRole: role.id,
-    }]);
-    await testDb.delete(users).where(eq(users.id, "to.delete"));
-    const row = await testDb
-      .select()
-      .from(users)
-      .where(eq(users.id, "to.delete"))
-      .then((r) => r[0] ?? null);
-    assertEquals(row, null);
+    await closeTestPool();
   },
   sanitizeResources: false,
   sanitizeOps: false,

tests/unit/permissions_test.ts

@@ -0,0 +1,65 @@
+// #115 - Unit tests for GET /permissions
+
+import { assertEquals, assertExists } from "@std/assert";
+import { mockFetch, restoreFetch } from "../helpers/api_mock.ts";
+
+interface Permission {
+  id: string;
+  nom: string;
+}
+
+const EXPECTED_PERMISSIONS: Permission[] = [
+  { id: "student_read", nom: "Consulter les élèves" },
+  { id: "student_write", nom: "Gérer les élèves" },
+  { id: "note_read", nom: "Consulter les notes" },
+  { id: "note_write", nom: "Gérer les notes" },
+  { id: "module_read", nom: "Consulter les modules" },
+  { id: "module_write", nom: "Gérer les modules" },
+  { id: "user_read", nom: "Consulter les utilisateurs" },
+  { id: "user_write", nom: "Gérer les utilisateurs" },
+  { id: "role_write", nom: "Gérer les rôles" },
+];
+
+Deno.test("permissions: known permission ids", () => {
+  const ids = EXPECTED_PERMISSIONS.map((p) => p.id);
+  assertEquals(ids.includes("student_read"), true);
+  assertEquals(ids.includes("student_write"), true);
+  assertEquals(ids.includes("note_read"), true);
+  assertEquals(ids.includes("role_write"), true);
+  assertEquals(ids.length, 9);
+});
+
+Deno.test("permissions: all permissions have string id and nom", () => {
+  for (const p of EXPECTED_PERMISSIONS) {
+    assertEquals(typeof p.id, "string");
+    assertEquals(typeof p.nom, "string");
+  }
+});
+
+Deno.test("mock API: GET /permissions returns all permissions", async () => {
+  mockFetch({ "/permissions": EXPECTED_PERMISSIONS });
+  try {
+    const res = await fetch("http://localhost/api/permissions");
+    assertEquals(res.status, 200);
+    const data: Permission[] = await res.json();
+    assertEquals(data.length, 9);
+    assertExists(data.find((p) => p.id === "student_read"));
+    assertExists(data.find((p) => p.id === "role_write"));
+  } finally {
+    restoreFetch();
+  }
+});
+
+Deno.test("mock API: GET /permissions - each permission has id and nom", async () => {
+  mockFetch({ "/permissions": EXPECTED_PERMISSIONS });
+  try {
+    const res = await fetch("http://localhost/api/permissions");
+    const data: Permission[] = await res.json();
+    for (const p of data) {
+      assertExists(p.id);
+      assertExists(p.nom);
+    }
+  } finally {
+    restoreFetch();
+  }
+});

tests/unit/users_test.ts

@@ -1,216 +0,0 @@
-import { assertEquals } from "@std/assert";
-import { getFetchCalls, mockFetch, restoreFetch } from "../helpers/api_mock.ts";
-
-const BASE = "http://localhost/apps/admin/api/users";
-
-const users = [
-  { id: "dupont.jean", nom: "Dupont", prenom: "Jean", idRole: 1 },
-  { id: "martin.alice", nom: "Martin", prenom: "Alice", idRole: 2 },
-];
-
-// --- GET /users ---
-
-Deno.test("GET /users - returns all users", async () => {
-  mockFetch({ [BASE]: users });
-  try {
-    const res = await fetch(BASE);
-    assertEquals(res.status, 200);
-    const data = await res.json();
-    assertEquals(data.length, 2);
-    assertEquals(data[0].id, "dupont.jean");
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test("GET /users - filters by idRole", async () => {
-  const filtered = users.filter((u) => u.idRole === 1);
-  mockFetch({ [`${BASE}?idRole=1`]: filtered });
-  try {
-    const res = await fetch(`${BASE}?idRole=1`);
-    assertEquals(res.status, 200);
-    const data = await res.json();
-    assertEquals(data.length, 1);
-    assertEquals(data[0].idRole, 1);
-  } finally {
-    restoreFetch();
-  }
-});
-
-// --- POST /users ---
-
-Deno.test("POST /users - creates a user and returns 201", async () => {
-  const newUser = {
-    id: "durand.claire",
-    nom: "Durand",
-    prenom: "Claire",
-    idRole: 1,
-  };
-  mockFetch({ [BASE]: { method: "POST", status: 201, body: newUser } });
-  try {
-    const res = await fetch(BASE, {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify(newUser),
-    });
-    assertEquals(res.status, 201);
-    const data = await res.json();
-    assertEquals(data.id, "durand.claire");
-    assertEquals(data.nom, "Durand");
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test("POST /users - returns 409 on duplicate id", async () => {
-  mockFetch({
-    [BASE]: {
-      method: "POST",
-      status: 409,
-      body: { error: "Un utilisateur avec cet identifiant existe déjà" },
-    },
-  });
-  try {
-    const res = await fetch(BASE, {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify(users[0]),
-    });
-    assertEquals(res.status, 409);
-    const data = await res.json();
-    assertEquals(typeof data.error, "string");
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test("POST /users - returns 400 on missing fields", async () => {
-  mockFetch({ [BASE]: { method: "POST", status: 400 } });
-  try {
-    const res = await fetch(BASE, {
-      method: "POST",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify({ id: "x" }),
-    });
-    assertEquals(res.status, 400);
-  } finally {
-    restoreFetch();
-  }
-});
-
-// --- GET /users/{id} ---
-
-Deno.test("GET /users/{id} - returns a user by id", async () => {
-  mockFetch({ [`${BASE}/dupont.jean`]: users[0] });
-  try {
-    const res = await fetch(`${BASE}/dupont.jean`);
-    assertEquals(res.status, 200);
-    const data = await res.json();
-    assertEquals(data.id, "dupont.jean");
-    assertEquals(data.prenom, "Jean");
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test("GET /users/{id} - returns 404 for unknown id", async () => {
-  mockFetch({
-    [`${BASE}/inconnu`]: {
-      status: 404,
-      body: { error: "Ressource introuvable" },
-    },
-  });
-  try {
-    const res = await fetch(`${BASE}/inconnu`);
-    assertEquals(res.status, 404);
-    const data = await res.json();
-    assertEquals(typeof data.error, "string");
-  } finally {
-    restoreFetch();
-  }
-});
-
-// --- PUT /users/{id} ---
-
-Deno.test("PUT /users/{id} - updates a user", async () => {
-  const updated = { ...users[0], prenom: "Jean-Pierre" };
-  mockFetch({
-    [`${BASE}/dupont.jean`]: { method: "PUT", status: 200, body: updated },
-  });
-  try {
-    const res = await fetch(`${BASE}/dupont.jean`, {
-      method: "PUT",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify({ nom: "Dupont", prenom: "Jean-Pierre", idRole: 1 }),
-    });
-    assertEquals(res.status, 200);
-    const data = await res.json();
-    assertEquals(data.prenom, "Jean-Pierre");
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test("PUT /users/{id} - returns 404 for unknown id", async () => {
-  mockFetch({
-    [`${BASE}/inconnu`]: {
-      method: "PUT",
-      status: 404,
-      body: { error: "Ressource introuvable" },
-    },
-  });
-  try {
-    const res = await fetch(`${BASE}/inconnu`, {
-      method: "PUT",
-      headers: { "content-type": "application/json" },
-      body: JSON.stringify({ nom: "X", prenom: "Y", idRole: 1 }),
-    });
-    assertEquals(res.status, 404);
-  } finally {
-    restoreFetch();
-  }
-});
-
-// --- DELETE /users/{id} ---
-
-Deno.test("DELETE /users/{id} - deletes a user and returns 204", async () => {
-  mockFetch({
-    [`${BASE}/dupont.jean`]: { method: "DELETE", status: 204 },
-  });
-  try {
-    const res = await fetch(`${BASE}/dupont.jean`, { method: "DELETE" });
-    assertEquals(res.status, 204);
-  } finally {
-    restoreFetch();
-  }
-});
-
-Deno.test("DELETE /users/{id} - returns 404 for unknown id", async () => {
-  mockFetch({
-    [`${BASE}/inconnu`]: {
-      method: "DELETE",
-      status: 404,
-      body: { error: "Ressource introuvable" },
-    },
-  });
-  try {
-    const res = await fetch(`${BASE}/inconnu`, { method: "DELETE" });
-    assertEquals(res.status, 404);
-  } finally {
-    restoreFetch();
-  }
-});
-
-// --- getFetchCalls ---
-
-Deno.test("GET /users - call is tracked", async () => {
-  mockFetch({ [BASE]: users });
-  try {
-    await fetch(BASE);
-    const calls = getFetchCalls();
-    assertEquals(calls.length, 1);
-    assertEquals(calls[0].method, "GET");
-  } finally {
-    restoreFetch();
-  }
-});