left4me

cronekorkn/left4me

Fork 0

Commit graph

Author	SHA1	Message	Date
mwiegand	c594d4b5e8	tests: admin user management 14 tests covering /admin/users/<id>/{deactivate,activate,delete}: - deactivate/activate flips and 404 on unknown user - deactivate-self refused (409) - deactivated user cannot log in (same 401 as wrong-password) - existing sessions stop working after deactivation (load_current_user returns None for inactive users → @require_login redirects to /login) - delete-self refused (409) - delete refuses when user owns Server, Blueprint, or custom Overlay - delete on orphan succeeds (302 → /admin/users) - delete nulls out Job.user_id (jobs survive as audit trail) - delete-other-admin succeeds when more than one admin exists The "last admin" branch in the delete endpoint is defense-in-depth and unreachable via normal flow (any path that triggers it is shadowed by self-delete) — covered by a comment, not a test.	2026-05-10 21:19:03 +02:00

Author

SHA1

Message

Date

mwiegand

c594d4b5e8

tests: admin user management

14 tests covering /admin/users/<id>/{deactivate,activate,delete}:

  - deactivate/activate flips and 404 on unknown user
  - deactivate-self refused (409)
  - deactivated user cannot log in (same 401 as wrong-password)
  - existing sessions stop working after deactivation (load_current_user
    returns None for inactive users → @require_login redirects to /login)
  - delete-self refused (409)
  - delete refuses when user owns Server, Blueprint, or custom Overlay
  - delete on orphan succeeds (302 → /admin/users)
  - delete nulls out Job.user_id (jobs survive as audit trail)
  - delete-other-admin succeeds when more than one admin exists

The "last admin" branch in the delete endpoint is defense-in-depth and
unreachable via normal flow (any path that triggers it is shadowed by
self-delete) — covered by a comment, not a test.

2026-05-10 21:19:03 +02:00

1 commit