hackforla
diff --git a/‎backend/ctj_api/tests/common.py‎
Lines changed: 118 additions & 0 deletions b/‎backend/ctj_api/tests/common.py‎
Lines changed: 118 additions & 0 deletions
diff --git a/‎backend/ctj_api/tests/test_api_endpoints.py‎
Lines changed: 0 additions & 168 deletions b/‎backend/ctj_api/tests/test_api_endpoints.py‎
Lines changed: 0 additions & 168 deletions
diff --git a/‎backend/ctj_api/tests/test_community_of_practice.py‎
Lines changed: 20 additions & 0 deletions b/‎backend/ctj_api/tests/test_community_of_practice.py‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎backend/ctj_api/tests/test_healthcheck.py‎
Lines changed: 14 additions & 0 deletions b/‎backend/ctj_api/tests/test_healthcheck.py‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎backend/ctj_api/tests/test_opportunities.py‎
Lines changed: 57 additions & 0 deletions b/‎backend/ctj_api/tests/test_opportunities.py‎
Lines changed: 57 additions & 0 deletions
@@ -0,0 +1,118 @@
+"""Shared factory helpers for `ctj_api` test files.
+
+Each helper saves a model instance with sensible defaults that callers
+can override via keyword arguments. The helpers do not return shared
+state - each call creates a new row. Callers wire factories together
+explicitly when they need relationships (e.g. an `Opportunity` needs
+a `Project`, a `Role`, and a `created_by` user; the test's `setUp`
+creates the dependencies and passes them in).
+
+Per-test-file `setUp` methods import only the helpers they need.
+"""
+
+from ctj_api.models import (
+    CommunityOfPractice,
+    CustomUser,
+    Opportunity,
+    Project,
+    Role,
+    Skill,
+)
+
+
+def make_pm_user(
+    *,
+    username: str = "pm_user",
+    email: str = "pm_user@example.com",
+    password: str = "password123",
+    people_depot_user_id: str = "pm_user_pd_id",
+) -> CustomUser:
+    """Create a project-manager user."""
+    return CustomUser.objects.create_user(
+        username=username,
+        email=email,
+        password=password,
+        people_depot_user_id=people_depot_user_id,
+        isProjectManager=True,
+    )
+
+
+def make_regular_user(
+    *,
+    username: str = "regular_user",
+    email: str = "regular_user@example.com",
+    password: str = "password123",
+    people_depot_user_id: str = "regular_user_pd_id",
+) -> CustomUser:
+    """Create a non-PM user."""
+    return CustomUser.objects.create_user(
+        username=username,
+        email=email,
+        password=password,
+        people_depot_user_id=people_depot_user_id,
+        isProjectManager=False,
+    )
+
+
+def make_cop(
+    *,
+    practice_area: str = "engineering",
+    description: str = "Engineering CoP",
+) -> CommunityOfPractice:
+    """Create a Community of Practice row."""
+    return CommunityOfPractice.objects.create(
+        practice_area=practice_area,
+        description=description,
+    )
+
+
+def make_role(*, title: str = "Developer", cop: CommunityOfPractice) -> Role:
+    """Create a Role row anchored to the given CoP."""
+    return Role.objects.create(title=title, community_of_practice=cop)
+
+
+def make_skill(*, name: str = "Python") -> Skill:
+    """Create a Skill row."""
+    return Skill.objects.create(name=name)
+
+
+def make_project(
+    *,
+    name: str = "Civic Tech Jobs",
+    people_depot_project_id: str = "1234-abcd",
+) -> Project:
+    """Create a Project row."""
+    return Project.objects.create(
+        name=name,
+        people_depot_project_id=people_depot_project_id,
+    )
+
+
+def make_opportunity(
+    *,
+    project: Project,
+    role: Role,
+    created_by: CustomUser,
+    body: str = "Test opportunity",
+    min_experience_required: str = "junior",
+    min_hours_required: int = 10,
+    work_environment: str = "remote",
+    status: str = "open",
+) -> Opportunity:
+    """Create an Opportunity row.
+
+    Caller supplies the FK rows (project, role, created_by) explicitly
+    because tests typically want to assert against a specific PM user
+    or project; default-constructing them inside the helper would
+    obscure those references.
+    """
+    return Opportunity.objects.create(
+        project=project,
+        role=role,
+        body=body,
+        min_experience_required=min_experience_required,
+        min_hours_required=min_hours_required,
+        work_environment=work_environment,
+        status=status,
+        created_by=created_by,
+    )
@@ -0,0 +1,20 @@
+"""Tests for `/api/communityOfPractice/` (read-only catalog)."""
+
+from rest_framework import status
+from rest_framework.test import APITestCase
+
+from ctj_api.tests.common import make_cop
+
+
+class CommunityOfPracticeReadTests(APITestCase):
+    """Read-only catalog endpoints for `CommunityOfPractice`."""
+
+    def setUp(self):
+        self.cop = make_cop()
+
+    def test_list_returns_all_cops(self):
+        """GET on the CoP list returns 200 with all rows serialized."""
+        response = self.client.get("/api/communityOfPractice/")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 1)
+        self.assertEqual(response.data[0]["practice_area"], "engineering")
@@ -0,0 +1,14 @@
+"""Tests for `GET /api/healthcheck`."""
+
+from rest_framework import status
+from rest_framework.test import APITestCase
+
+
+class HealthcheckTests(APITestCase):
+    """Liveness probe at `/api/healthcheck`."""
+
+    def test_healthcheck_returns_uptime(self):
+        """Healthcheck returns 200 with an `uptime` key in the JSON body."""
+        response = self.client.get("/api/healthcheck")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn("uptime", response.json())
@@ -0,0 +1,57 @@
+"""Tests for `/api/opportunities/` (the one full-CRUD ViewSet)."""
+
+from rest_framework import status
+from rest_framework.test import APIClient, APITestCase
+
+from ctj_api.tests.common import (
+    make_cop,
+    make_opportunity,
+    make_pm_user,
+    make_project,
+    make_regular_user,
+    make_role,
+)
+
+
+class OpportunityTests(APITestCase):
+    """`OpportunityViewSet` behavior at `/api/opportunities/`.
+
+    Reads are public; mutations are gated by `OpportunityPermission`.
+    Only PMs can create; only the creator can update; any PM can
+    delete. PATCH is currently always 403'd (flagged for fix in
+    `ctj_api.permissions`).
+    """
+
+    def setUp(self):
+        self.client = APIClient()
+        self.pm_user = make_pm_user()
+        self.regular_user = make_regular_user()
+        self.cop = make_cop()
+        self.role = make_role(cop=self.cop)
+        self.project = make_project()
+        self.opportunity = make_opportunity(
+            project=self.project,
+            role=self.role,
+            created_by=self.pm_user,
+        )
+
+    def test_anonymous_can_list_opportunities(self):
+        """Opportunity list is publicly readable (no auth required)."""
+        response = self.client.get("/api/opportunities/")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertGreater(len(response.data), 0)
+
+    def test_regular_user_cannot_create_opportunity(self):
+        """Non-PM users get 403 on POST /api/opportunities/."""
+        self.client.force_authenticate(user=self.regular_user)
+        payload = {
+            "project": str(self.project.id),
+            "role": str(self.role.id),
+            "body": "Unauthorized create attempt",
+            "min_experience_required": "senior",
+            "min_hours_required": 5,
+            "work_environment": "remote",
+            "status": "open",
+        }
+        response = self.client.post("/api/opportunities/", payload)
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)