♻️ Update created_at

alejsdev · alejsdev · commit 408de0dc04f3 · 2026-01-23T15:51:00.000+01:00
diff --git a/backend/app/alembic/versions/fe56fa70289e_add_created_at_to_user_and_item.py b/backend/app/alembic/versions/fe56fa70289e_add_created_at_to_user_and_item.py
@@ -1,8 +1,8 @@
 """Add created_at to User and Item
 
-Revision ID: 44fc2bbcc925
+Revision ID: fe56fa70289e
 Revises: 1a31ce608336
-Create Date: 2026-01-23 15:42:52.493895
+Create Date: 2026-01-23 15:50:37.171462
 
 """
 from alembic import op
@@ -11,16 +11,16 @@
 
 
 # revision identifiers, used by Alembic.
-revision = '44fc2bbcc925'
+revision = 'fe56fa70289e'
 down_revision = '1a31ce608336'
 branch_labels = None
 depends_on = None
 
 
 def upgrade():
     # ### commands auto generated by Alembic - please adjust! ###
-    op.add_column('item', sa.Column('created_at', sa.DateTime(timezone=True), nullable=False))
-    op.add_column('user', sa.Column('created_at', sa.DateTime(timezone=True), nullable=False))
+    op.add_column('item', sa.Column('created_at', sa.DateTime(timezone=True), nullable=True))
+    op.add_column('user', sa.Column('created_at', sa.DateTime(timezone=True), nullable=True))
     # ### end Alembic commands ###
 
 
diff --git a/backend/app/models.py b/backend/app/models.py
@@ -49,7 +49,7 @@ class UpdatePassword(SQLModel):
 class User(UserBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
     hashed_password: str
-    created_at: datetime = Field(
+    created_at: datetime | None = Field(
         default_factory=get_datetime_utc,
         sa_type=DateTime(timezone=True),  # type: ignore
     )
@@ -85,7 +85,7 @@ class ItemUpdate(ItemBase):
 # Database model, database table inferred from class name
 class Item(ItemBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
-    created_at: datetime = Field(
+    created_at: datetime | None = Field(
         default_factory=get_datetime_utc,
         sa_type=DateTime(timezone=True),  # type: ignore
     )
diff --git a/frontend/tests/admin.spec.ts b/frontend/tests/admin.spec.ts
@@ -0,0 +1,251 @@
+import { expect, test } from "@playwright/test"
+import { firstSuperuser, firstSuperuserPassword } from "./config.ts"
+import { createUser } from "./utils/privateApi"
+import { randomEmail, randomPassword } from "./utils/random"
+import { logInUser } from "./utils/user"
+
+test("Admin page is accessible and shows correct title", async ({ page }) => {
+  await page.goto("/admin")
+  await expect(page.getByRole("heading", { name: "Users" })).toBeVisible()
+  await expect(
+    page.getByText("Manage user accounts and permissions"),
+  ).toBeVisible()
+})
+
+test("Add User button is visible", async ({ page }) => {
+  await page.goto("/admin")
+  await expect(page.getByRole("button", { name: "Add User" })).toBeVisible()
+})
+
+test("Current user is shown in the table with 'You' badge", async ({
+  page,
+}) => {
+  await page.goto("/admin")
+  await expect(page.getByText("You", { exact: true })).toBeVisible()
+})
+
+test("Current user does not have actions menu", async ({ page }) => {
+  await page.goto("/admin")
+
+  const currentUserRow = page.getByRole("row").filter({ hasText: "You" })
+
+  await expect(
+    currentUserRow.getByRole("button", { name: "Actions" }),
+  ).not.toBeVisible()
+})
+
+test.describe("Admin user management", () => {
+  test("Create a new user successfully", async ({ page }) => {
+    await page.goto("/admin")
+
+    const email = randomEmail()
+    const password = randomPassword()
+    const fullName = "Test User Admin"
+
+    await page.getByRole("button", { name: "Add User" }).click()
+
+    await page.getByPlaceholder("Email").fill(email)
+    await page.getByPlaceholder("Full name").fill(fullName)
+    await page.getByPlaceholder("Password").first().fill(password)
+    await page.getByPlaceholder("Password").last().fill(password)
+
+    await page.getByRole("button", { name: "Save" }).click()
+
+    await expect(page.getByText("User created successfully")).toBeVisible()
+
+    await expect(page.getByRole("dialog")).not.toBeVisible()
+
+    const userRow = page.getByRole("row").filter({ hasText: email })
+    await expect(userRow).toBeVisible()
+  })
+
+  test("Create a superuser", async ({ page }) => {
+    await page.goto("/admin")
+
+    const email = randomEmail()
+    const password = randomPassword()
+
+    await page.getByRole("button", { name: "Add User" }).click()
+
+    await page.getByPlaceholder("Email").fill(email)
+    await page.getByPlaceholder("Password").first().fill(password)
+    await page.getByPlaceholder("Password").last().fill(password)
+    await page.getByLabel("Is superuser?").check()
+    await page.getByLabel("Is active?").check()
+
+    await page.getByRole("button", { name: "Save" }).click()
+
+    await expect(page.getByText("User created successfully")).toBeVisible()
+
+    await expect(page.getByRole("dialog")).not.toBeVisible()
+
+    const userRow = page.getByRole("row").filter({ hasText: email })
+    await expect(userRow.getByText("Superuser")).toBeVisible()
+  })
+
+  test("Edit a user successfully", async ({ page }) => {
+    await page.goto("/admin")
+
+    const email = randomEmail()
+    const password = randomPassword()
+    const originalName = "Original Name"
+    const updatedName = "Updated Name"
+
+    await page.getByRole("button", { name: "Add User" }).click()
+    await page.getByPlaceholder("Email").fill(email)
+    await page.getByPlaceholder("Full name").fill(originalName)
+    await page.getByPlaceholder("Password").first().fill(password)
+    await page.getByPlaceholder("Password").last().fill(password)
+    await page.getByRole("button", { name: "Save" }).click()
+
+    await expect(page.getByText("User created successfully")).toBeVisible()
+    await expect(page.getByRole("dialog")).not.toBeVisible()
+
+    const userRow = page.getByRole("row").filter({ hasText: email })
+    await userRow.getByRole("button").click()
+
+    await page.getByRole("menuitem", { name: "Edit User" }).click()
+
+    await page.getByPlaceholder("Full name").fill(updatedName)
+    await page.getByRole("button", { name: "Save" }).click()
+
+    await expect(page.getByText("User updated successfully")).toBeVisible()
+    await expect(page.getByText(updatedName)).toBeVisible()
+  })
+
+  test("Delete a user successfully", async ({ page }) => {
+    await page.goto("/admin")
+
+    // First create a user to delete
+    const email = randomEmail()
+    const password = randomPassword()
+
+    await page.getByRole("button", { name: "Add User" }).click()
+    await page.getByPlaceholder("Email").fill(email)
+    await page.getByPlaceholder("Password").first().fill(password)
+    await page.getByPlaceholder("Password").last().fill(password)
+    await page.getByRole("button", { name: "Save" }).click()
+
+    await expect(page.getByText("User created successfully")).toBeVisible()
+
+    // Wait for dialog to close
+    await expect(page.getByRole("dialog")).not.toBeVisible()
+
+    // Open actions menu for the user
+    const userRow = page.getByRole("row").filter({ hasText: email })
+    await userRow.getByRole("button").click()
+
+    // Click Delete User
+    await page.getByRole("menuitem", { name: "Delete User" }).click()
+
+    // Confirm deletion
+    await page.getByRole("button", { name: "Delete" }).click()
+
+    // Verify success
+    await expect(
+      page.getByText("The user was deleted successfully"),
+    ).toBeVisible()
+
+    // Verify user is removed from table
+    await expect(
+      page.getByRole("row").filter({ hasText: email }),
+    ).not.toBeVisible()
+  })
+
+  test("Cancel user creation", async ({ page }) => {
+    await page.goto("/admin")
+
+    await page.getByRole("button", { name: "Add User" }).click()
+    await page.getByPlaceholder("Email").fill("test@example.com")
+
+    // Cancel
+    await page.getByRole("button", { name: "Cancel" }).click()
+
+    // Dialog should close
+    await expect(page.getByRole("dialog")).not.toBeVisible()
+  })
+})
+
+test.describe("Admin form validation", () => {
+  test("Email is required and must be valid", async ({ page }) => {
+    await page.goto("/admin")
+
+    await page.getByRole("button", { name: "Add User" }).click()
+
+    // Enter invalid email
+    await page.getByPlaceholder("Email").fill("invalid-email")
+    await page.getByPlaceholder("Email").blur()
+
+    await expect(page.getByText("Invalid email address")).toBeVisible()
+  })
+
+  test("Password must be at least 8 characters", async ({ page }) => {
+    await page.goto("/admin")
+
+    await page.getByRole("button", { name: "Add User" }).click()
+
+    await page.getByPlaceholder("Email").fill(randomEmail())
+    await page.getByPlaceholder("Password").first().fill("short")
+    await page.getByPlaceholder("Password").last().fill("short")
+    await page.getByRole("button", { name: "Save" }).click()
+
+    await expect(
+      page.getByText("Password must be at least 8 characters"),
+    ).toBeVisible()
+  })
+
+  test("Passwords must match", async ({ page }) => {
+    await page.goto("/admin")
+
+    await page.getByRole("button", { name: "Add User" }).click()
+
+    await page.getByPlaceholder("Email").fill(randomEmail())
+    await page.getByPlaceholder("Password").first().fill(randomPassword())
+    await page.getByPlaceholder("Password").last().fill("different12345")
+    await page.getByPlaceholder("Password").last().blur()
+
+    await expect(page.getByText("The passwords don't match")).toBeVisible()
+  })
+})
+
+test.describe("Admin page access control", () => {
+  test.use({ storageState: { cookies: [], origins: [] } })
+
+  test("Non-superuser cannot access admin page", async ({ page }) => {
+    // Create a regular user (not superuser)
+    const email = randomEmail()
+    const password = randomPassword()
+
+    await createUser({ email, password })
+    await logInUser(page, email, password)
+
+    // Try to access admin page
+    await page.goto("/admin")
+
+    // Regular users should not see the Users heading or admin content
+    // They should see an error or be redirected
+    // Wait a bit for any redirect to happen
+    await page.waitForTimeout(1000)
+
+    // Either redirected away from /admin or shows forbidden content
+    const isOnAdmin = page.url().includes("/admin")
+    if (isOnAdmin) {
+      // If still on admin, should see forbidden or no users table
+      await expect(
+        page.getByRole("heading", { name: "Users" }),
+      ).not.toBeVisible({ timeout: 2000 }).catch(() => {
+        // Alternative: page shows error
+      })
+    }
+  })
+
+  test("Superuser can access admin page", async ({ page }) => {
+    // Log in as superuser
+    await logInUser(page, firstSuperuser, firstSuperuserPassword)
+
+    await page.goto("/admin")
+
+    // Should see the admin page
+    await expect(page.getByRole("heading", { name: "Users" })).toBeVisible()
+  })
+})
diff --git a/frontend/tests/items.spec.ts b/frontend/tests/items.spec.ts
