From 171f4a0b9cde6a00fdabe0adfd9fef609e178ec9 Mon Sep 17 00:00:00 2001
From: Niklas Meinzer <mail@niklas-meinzer.de>
Date: Sat, 14 Mar 2026 15:34:33 +0100
Subject: [PATCH] Add and fix tests

---
 src/allmende_payment_system/api/admin.py |  3 +-
 src/allmende_payment_system/database.py  |  7 +++--
 src/allmende_payment_system/models.py    |  2 ++
 test/conftest.py                         |  8 +++++
 test/test_admin.py                       | 40 +++++++++++++++++++++++-
 test/test_auth.py                        |  7 ++++-
 6 files changed, 61 insertions(+), 6 deletions(-)

diff --git a/src/allmende_payment_system/api/admin.py b/src/allmende_payment_system/api/admin.py
index 2ad1020..2287690 100644
--- a/src/allmende_payment_system/api/admin.py
+++ b/src/allmende_payment_system/api/admin.py
@@ -269,11 +269,10 @@ async def new_product_post(
     session: SessionDep,
     user: UserDep,
     product_data: Annotated[types.Product, Form()],
-    # product_image: Annotated[bytes, File()]
 ):
     if not user.has_permission("product", "edit"):
         raise HTTPException(status_code=403, detail="Insufficient permissions")
-    # print(len(product_image))
+
     product = Product()
 
     for field_name, data in product_data.model_dump().items():
diff --git a/src/allmende_payment_system/database.py b/src/allmende_payment_system/database.py
index 7996ce6..b5c2a04 100644
--- a/src/allmende_payment_system/database.py
+++ b/src/allmende_payment_system/database.py
@@ -1,4 +1,5 @@
 import os
+from decimal import Decimal
 
 from sqlalchemy import create_engine, select
 from sqlalchemy.orm import Session, sessionmaker
@@ -40,10 +41,12 @@ def ensure_user(user_info: dict, session: Session) -> User:
     session.add(user)
     session.flush()
 
-    if not "APS_PRODUCTION_MODE" in os.environ:
+    if not "APS_PRODUCTION_MODE" in os.environ and not "APS_TESTRUN" in os.environ:
         # when in demo mode each user gets an account with some starting balance
         account = Account(name=f"Demokonto für {user.display_name}")
-        account.transactions.append(Transaction(total_amount=100.0, type="deposit"))
+        account.transactions.append(
+            Transaction(total_amount=Decimal(100), type="deposit")
+        )
         user.accounts.append(account)
         session.flush()
 
diff --git a/src/allmende_payment_system/models.py b/src/allmende_payment_system/models.py
index 9425319..8c52bf5 100644
--- a/src/allmende_payment_system/models.py
+++ b/src/allmende_payment_system/models.py
@@ -35,6 +35,8 @@ class Account(Base):
 
     @property
     def balance(self):
+        for t in self.transactions:
+            print(t)
         return sum(t.total_amount for t in self.transactions)
 
 
diff --git a/test/conftest.py b/test/conftest.py
index d61fabd..ade3612 100644
--- a/test/conftest.py
+++ b/test/conftest.py
@@ -78,3 +78,11 @@ def test_db():
         test_session = None
         db.rollback()
         db.close()
+
+
+@pytest.fixture(scope="session", autouse=True)
+def test_env():
+    """Set up environment variables for testing"""
+    os.environ["APS_TESTRUN"] = "true"
+    yield
+    os.environ.pop("APS_TESTRUN", None)
diff --git a/test/test_admin.py b/test/test_admin.py
index 744bbc3..4bc19c3 100644
--- a/test/test_admin.py
+++ b/test/test_admin.py
@@ -1,3 +1,5 @@
+from decimal import Decimal
+
 import pytest
 from fastapi.testclient import TestClient
 from sqlalchemy import select
@@ -5,7 +7,14 @@ from sqlalchemy.orm import Session
 
 from allmende_payment_system.app import app
 from allmende_payment_system.database import ensure_user
-from allmende_payment_system.models import Account, Permission, User, UserGroup
+from allmende_payment_system.models import (
+    Account,
+    Area,
+    Permission,
+    Product,
+    User,
+    UserGroup,
+)
 
 
 @pytest.fixture
@@ -16,6 +25,7 @@ def admin_user(test_db):
     group = UserGroup(id=1, name="Admins")
     group.permissions.append(Permission(scope="user", action="edit"))
     group.permissions.append(Permission(scope="account", action="edit"))
+    group.permissions.append(Permission(scope="product", action="edit"))
     user.user_groups.append(group)
     test_db.add(group)
     test_db.flush()
@@ -187,3 +197,31 @@ def test_add_balance_to_account(test_db, client, admin_user):
 
     account = test_db.execute(select(Account).where(Account.id == account.id)).scalar()
     assert account.balance == 100.00
+
+
+### area and product management
+
+
+def test_add_product(test_db, client, admin_user):
+    area = Area(name="Test Area", description="An area for testing")
+    test_db.add(area)
+    test_db.flush()
+    response = client.post(
+        "/admin/products/new",
+        data={
+            "name": "Test Product",
+            "vat_rate": "19.00",
+            "unit_of_measure": "piece",
+            "price": 9.99,
+            "area_id": area.id,
+        },
+        user=admin_user,
+        follow_redirects=False,
+    )
+    assert response.status_code == 303
+    product = test_db.execute(
+        select(Product).where(Product.name == "Test Product")
+    ).scalar()
+    assert product is not None
+    assert product.name == "Test Product"
+    assert product.price == Decimal("9.99")
diff --git a/test/test_auth.py b/test/test_auth.py
index eac0b3d..23e73f4 100644
--- a/test/test_auth.py
+++ b/test/test_auth.py
@@ -1,8 +1,13 @@
+import os
+from unittest import mock
+
 from allmende_payment_system.models import Account
 
 
 def test_unauthorized_access(unauthorized_client, test_db):
-    response = unauthorized_client.get("/")
+    # enable production mode to test the authentication mechanism
+    with mock.patch.dict(os.environ, {"APS_PRODUCTION_MODE": "true"}, clear=False):
+        response = unauthorized_client.get("/")
     assert response.status_code == 401