tests/SIGCM2.Application.Tests/Integration/UsuarioRepository_PermisosTests.cs

using Dapper;
using Microsoft.Data.SqlClient;
using Respawn;
using SIGCM2.Infrastructure.Persistence;

namespace SIGCM2.Application.Tests.Integration;

/// <summary>
/// Integration tests for IUsuarioRepository.UpdatePermisosJsonAsync (UDT-009).
/// Uses SIGCM2_Test database directly.
/// </summary>
[Collection("Database")]
public sealed class UsuarioRepository_PermisosTests : IAsyncLifetime
{
    private const string ConnectionString =
        "Server=TECNICA3;Database=SIGCM2_Test;User Id=desarrollo;Password=desarrollo2026;TrustServerCertificate=True;";

    private SqlConnection _connection = null!;
    private Respawner _respawner = null!;
    private UsuarioRepository _repository = null!;

    public async Task InitializeAsync()
    {
        _connection = new SqlConnection(ConnectionString);
        await _connection.OpenAsync();

        _respawner = await Respawner.CreateAsync(_connection, new RespawnerOptions
        {
            DbAdapter = DbAdapter.SqlServer,
            TablesToIgnore =
            [
                new Respawn.Graph.Table("dbo", "Rol"),
                new Respawn.Graph.Table("dbo", "Permiso"),
                new Respawn.Graph.Table("dbo", "RolPermiso"),
                // UDT-010: *_History tables are system-versioned — engine rejects direct DELETE.
                new Respawn.Graph.Table("dbo", "Usuario_History"),
                new Respawn.Graph.Table("dbo", "Rol_History"),
                new Respawn.Graph.Table("dbo", "Permiso_History"),
                new Respawn.Graph.Table("dbo", "RolPermiso_History"),
                // ADM-001 (V011): Medio + Seccion are temporal — history tables cannot be directly deleted.
                new Respawn.Graph.Table("dbo", "Medio_History"),
                new Respawn.Graph.Table("dbo", "Seccion_History"),
                // ADM-008 (V013): PuntoDeVenta is temporal; SecuenciaComprobante is NOT temporal (AD8 revisitado).
                new Respawn.Graph.Table("dbo", "PuntoDeVenta_History"),
                // ADM-009 (V014): TipoDeIva + IngresosBrutos son temporales.
                new Respawn.Graph.Table("dbo", "TipoDeIva_History"),
                new Respawn.Graph.Table("dbo", "IngresosBrutos_History"),
                new Respawn.Graph.Table("dbo", "TipoDeIva"),
                new Respawn.Graph.Table("dbo", "IngresosBrutos"),
                // CAT-001 (V016): Rubro es temporal — history no puede deletearse directo.
                new Respawn.Graph.Table("dbo", "Rubro_History"),
            ]
        });

        await _respawner.ResetAsync(_connection);
        await SeedRolCanonicalAsync();

        var factory = new SqlConnectionFactory(ConnectionString);
        _repository = new UsuarioRepository(factory);

        // Seed a test user
        await _connection.ExecuteAsync("""
            INSERT INTO dbo.Usuario (Username, PasswordHash, Nombre, Apellido, Rol, PermisosJson, Activo, MustChangePassword)
            VALUES ('testuser', '$2a$12$hash', 'Test', 'User', 'cajero', '{"grant":[],"deny":[]}', 1, 0)
            """);
    }

    public async Task DisposeAsync()
    {
        if (_connection is not null)
        {
            await _respawner.ResetAsync(_connection);
            await _connection.CloseAsync();
            await _connection.DisposeAsync();
        }
    }

    // UPJ-01: UpdatePermisosJsonAsync persists PermisosJson and FechaModificacion
    [Fact]
    public async Task UpdatePermisosJsonAsync_PersistsJsonAndFechaModificacion()
    {
        // Arrange
        var userId = await _connection.QuerySingleAsync<int>(
            "SELECT Id FROM dbo.Usuario WHERE Username = 'testuser'");
        var newJson = """{"grant":["textos:editar"],"deny":[]}""";
        var fechaMod = DateTime.UtcNow;

        // Act
        await _repository.UpdatePermisosJsonAsync(userId, newJson, fechaMod);

        // Assert
        var row = await _connection.QuerySingleAsync<(string PermisosJson, DateTime? FechaModificacion)>(
            "SELECT PermisosJson, FechaModificacion FROM dbo.Usuario WHERE Id = @Id",
            new { Id = userId });

        Assert.Equal(newJson, row.PermisosJson);
        Assert.NotNull(row.FechaModificacion);
        // Allow 2-second tolerance for DB round-trip
        Assert.True(
            Math.Abs((row.FechaModificacion!.Value - fechaMod).TotalSeconds) < 2,
            $"FechaModificacion {row.FechaModificacion} is too far from {fechaMod}");
    }

    // UPJ-02: UpdatePermisosJsonAsync with non-existent id → no throw (UPDATE affects 0 rows)
    [Fact]
    public async Task UpdatePermisosJsonAsync_NonExistentId_NoThrow()
    {
        // Should not throw — UPDATE with 0 rows affected is a no-op
        await _repository.UpdatePermisosJsonAsync(99999, """{"grant":[],"deny":[]}""", DateTime.UtcNow);
    }

    // UPJ-03: GetByIdAsync after update reflects new PermisosJson
    [Fact]
    public async Task UpdatePermisosJsonAsync_GetByIdReflectsChange()
    {
        // Arrange
        var userId = await _connection.QuerySingleAsync<int>(
            "SELECT Id FROM dbo.Usuario WHERE Username = 'testuser'");
        var newJson = """{"grant":["pauta:azanu:ver"],"deny":["ventas:contado:cobrar"]}""";

        // Act
        await _repository.UpdatePermisosJsonAsync(userId, newJson, DateTime.UtcNow);

        // Assert — read back through the repo
        var usuario = await _repository.GetByIdAsync(userId);

        Assert.NotNull(usuario);
        Assert.Equal(newJson, usuario!.PermisosJson);
    }

    // ── helpers ───────────────────────────────────────────────────────────────

    private async Task SeedRolCanonicalAsync()
    {
        await _connection.ExecuteAsync("""
            SET QUOTED_IDENTIFIER ON;
            MERGE dbo.Rol AS t
            USING (VALUES
                ('admin', N'Administrador', N'Supervisor total'),
                ('cajero', N'Cajero', N'Mostrador contado')
            ) AS s (Codigo, Nombre, Descripcion)
            ON t.Codigo = s.Codigo
            WHEN NOT MATCHED BY TARGET THEN
                INSERT (Codigo, Nombre, Descripcion, Activo)
                VALUES (s.Codigo, s.Nombre, s.Descripcion, 1);
            """);
    }
}
feat(infra): IUsuarioRepository.UpdatePermisosJsonAsync + impl Dapper [UDT-009] 2026-04-15 21:33:39 -03:00			`using Dapper;`
			`using Microsoft.Data.SqlClient;`
			`using Respawn;`
			`using SIGCM2.Infrastructure.Persistence;`

			`namespace SIGCM2.Application.Tests.Integration;`

			`/// <summary>`
			`/// Integration tests for IUsuarioRepository.UpdatePermisosJsonAsync (UDT-009).`
			`/// Uses SIGCM2_Test database directly.`
			`/// </summary>`
			`[Collection("Database")]`
			`public sealed class UsuarioRepository_PermisosTests : IAsyncLifetime`
			`{`
			`private const string ConnectionString =`
			`"Server=TECNICA3;Database=SIGCM2_Test;User Id=desarrollo;Password=desarrollo2026;TrustServerCertificate=True;";`

			`private SqlConnection _connection = null!;`
			`private Respawner _respawner = null!;`
			`private UsuarioRepository _repository = null!;`

			`public async Task InitializeAsync()`
			`{`
			`_connection = new SqlConnection(ConnectionString);`
			`await _connection.OpenAsync();`

			`_respawner = await Respawner.CreateAsync(_connection, new RespawnerOptions`
			`{`
			`DbAdapter = DbAdapter.SqlServer,`
			`TablesToIgnore =`
			`[`
			`new Respawn.Graph.Table("dbo", "Rol"),`
			`new Respawn.Graph.Table("dbo", "Permiso"),`
			`new Respawn.Graph.Table("dbo", "RolPermiso"),`
fix(tests): extend Respawn + collection config for UDT-010 temporal tables Follow-up of B1 (V010 migration). Issues found when running the full suite cross-assembly: 1. Respawn 'Cannot delete rows from a temporal history table' error: 4 per-class Respawner configs in SIGCM2.Application.Tests did not include the newly-created *_History tables introduced by V010 (Usuario_History / Rol_History / Permiso_History / RolPermiso_History). The engine rejects direct DELETE on system-versioned history tables. Extended TablesToIgnore in all 4 configs. 2. FK_RefreshToken_Usuario violation in RolRepositoryTests.InitializeAsync: Manual 'DELETE FROM Usuario' failed when residual RefreshTokens from prior suites existed. Added 'DELETE FROM RefreshToken' before the Usuario cleanup to respect FK order. Latent bug surfaced by a new test-run ordering — not UDT-010 specific, but fixed in scope. 3. UQ_Usuario_Username duplicate admin race: TransactionScopeSpikeTests (B0) and V010MigrationTests (B1) were missing [Collection("ApiIntegration")], causing them to run in parallel with the rest of SIGCM2.Api.Tests and race on SeedAdmin. Serialized by adding the Collection attribute. Suite now passes cross-assembly: 130/130 Api.Tests + 336/336 Application.Tests. Refs: sdd/udt-010-auditoria-trazabilidad/apply-progress (B1 follow-up) 2026-04-16 13:22:56 -03:00			`// UDT-010: *_History tables are system-versioned — engine rejects direct DELETE.`
			`new Respawn.Graph.Table("dbo", "Usuario_History"),`
			`new Respawn.Graph.Table("dbo", "Rol_History"),`
			`new Respawn.Graph.Table("dbo", "Permiso_History"),`
			`new Respawn.Graph.Table("dbo", "RolPermiso_History"),`
fix(tests): realign test expectations with V011 (ADM-001) seed — 22 permisos + Medios fixture 2026-04-16 19:04:06 -03:00			`// ADM-001 (V011): Medio + Seccion are temporal — history tables cannot be directly deleted.`
			`new Respawn.Graph.Table("dbo", "Medio_History"),`
			`new Respawn.Graph.Table("dbo", "Seccion_History"),`
fix(adm-008): correcciones del verify loop Seis ajustes post-verify detectados durante la corrida full de tests: 1. PuntoDeVentaRepository: UQ_PuntoDeVenta_Medio_AFIP (no _MedioId_NumeroAFIP) — el catch de unique violation no disparaba → 500 en race duplicado. 2. Application.DependencyInjection: registro de 8 handlers PuntosDeVenta — sin esto, dispatcher arrojaba "No service registered" → 500. 3. ReservarNumeroCommandHandler: backoff ampliado a 5 retries [25, 75, 200, 500, 1200]ms para soportar 50 threads concurrentes. 4. SecuenciaComprobante: SYSTEM_VERSIONING = OFF (AD8 revisitado). Under UPDATE concurrente sobre misma fila, el engine arroja "transaction time earlier than period start time" — limitación conocida de Temporal Tables con alta contención de UPDATEs. Decisión: secuencia es operacional, no configuración → sin history. V013 y SqlTestFixture actualizados para ser idempotentes. 5. SqlTestFixture: EnsureV013SchemaAsync idempotente + PuntoDeVenta_History en TablesToIgnore + permiso administracion:puntos_de_venta:gestionar en seed canónico + asignación a rol admin. 6. Tests: conteos 22→23 permisos (V013 agrega uno); repository fixtures ignoran PuntoDeVenta_History; test UpdatePdv_WhenPdvInactive eliminado (over-specified — spec no bloquea update en PdV inactivo, solo en Medio padre inactivo; alineado con frontend que permite editar PdV inactivo). Resultado: 190/190 Api.Tests y tests específicos ADM-008 verdes (Domain 13, Application 42, Api 21 = 76 tests nuevos). El único failure residual (AuditEventRepositoryTests.QueryAsync_Limit_EmitsCursor) es pre-existente y no relacionado a ADM-008. Covers: verify report CRITICAL (UQ name mismatch) + WARNINGs descubiertos durante la ejecución (DI registro, temporal tables concurrency, permiso fixture, counts de tests pre-existentes). 2026-04-17 13:02:35 -03:00			`// ADM-008 (V013): PuntoDeVenta is temporal; SecuenciaComprobante is NOT temporal (AD8 revisitado).`
			`new Respawn.Graph.Table("dbo", "PuntoDeVenta_History"),`
chore(adm-009): actualizar Respawner TablesToIgnore + conteos de permisos en tests existentes 2026-04-17 17:41:30 -03:00			`// ADM-009 (V014): TipoDeIva + IngresosBrutos son temporales.`
			`new Respawn.Graph.Table("dbo", "TipoDeIva_History"),`
			`new Respawn.Graph.Table("dbo", "IngresosBrutos_History"),`
			`new Respawn.Graph.Table("dbo", "TipoDeIva"),`
			`new Respawn.Graph.Table("dbo", "IngresosBrutos"),`
fix(tests): propagar Rubro_History + permisos 25 a integration tests (CAT-001) - SqlTestFixture: agrega EnsureV016SchemaAsync + seed del permiso catalogo:rubros:gestionar + Rubro_History al TablesToIgnore - 6 test files con Respawner propio: agrega Rubro_History al TablesToIgnore - 2 tests con count hardcoded (Permiso/RolPermiso): 24 -> 25 + rename - 3 Api tests con count hardcoded (Auth/Permisos): 24 -> 25 + rename 2026-04-18 19:48:33 -03:00			`// CAT-001 (V016): Rubro es temporal — history no puede deletearse directo.`
			`new Respawn.Graph.Table("dbo", "Rubro_History"),`
feat(infra): IUsuarioRepository.UpdatePermisosJsonAsync + impl Dapper [UDT-009] 2026-04-15 21:33:39 -03:00			`]`
			`});`

			`await _respawner.ResetAsync(_connection);`
			`await SeedRolCanonicalAsync();`

			`var factory = new SqlConnectionFactory(ConnectionString);`
			`_repository = new UsuarioRepository(factory);`

			`// Seed a test user`
			`await _connection.ExecuteAsync("""`
			`INSERT INTO dbo.Usuario (Username, PasswordHash, Nombre, Apellido, Rol, PermisosJson, Activo, MustChangePassword)`
			`VALUES ('testuser', '$2a$12$hash', 'Test', 'User', 'cajero', '{"grant":[],"deny":[]}', 1, 0)`
			`""");`
			`}`

			`public async Task DisposeAsync()`
			`{`
			`if (_connection is not null)`
			`{`
			`await _respawner.ResetAsync(_connection);`
			`await _connection.CloseAsync();`
			`await _connection.DisposeAsync();`
			`}`
			`}`

			`// UPJ-01: UpdatePermisosJsonAsync persists PermisosJson and FechaModificacion`
			`[Fact]`
			`public async Task UpdatePermisosJsonAsync_PersistsJsonAndFechaModificacion()`
			`{`
			`// Arrange`
			`var userId = await _connection.QuerySingleAsync<int>(`
			`"SELECT Id FROM dbo.Usuario WHERE Username = 'testuser'");`
			`var newJson = """{"grant":["textos:editar"],"deny":[]}""";`
			`var fechaMod = DateTime.UtcNow;`

			`// Act`
			`await _repository.UpdatePermisosJsonAsync(userId, newJson, fechaMod);`

			`// Assert`
			`var row = await _connection.QuerySingleAsync<(string PermisosJson, DateTime? FechaModificacion)>(`
			`"SELECT PermisosJson, FechaModificacion FROM dbo.Usuario WHERE Id = @Id",`
			`new { Id = userId });`

			`Assert.Equal(newJson, row.PermisosJson);`
			`Assert.NotNull(row.FechaModificacion);`
			`// Allow 2-second tolerance for DB round-trip`
			`Assert.True(`
			`Math.Abs((row.FechaModificacion!.Value - fechaMod).TotalSeconds) < 2,`
			`$"FechaModificacion {row.FechaModificacion} is too far from {fechaMod}");`
			`}`

			`// UPJ-02: UpdatePermisosJsonAsync with non-existent id → no throw (UPDATE affects 0 rows)`
			`[Fact]`
			`public async Task UpdatePermisosJsonAsync_NonExistentId_NoThrow()`
			`{`
			`// Should not throw — UPDATE with 0 rows affected is a no-op`
			`await _repository.UpdatePermisosJsonAsync(99999, """{"grant":[],"deny":[]}""", DateTime.UtcNow);`
			`}`

			`// UPJ-03: GetByIdAsync after update reflects new PermisosJson`
			`[Fact]`
			`public async Task UpdatePermisosJsonAsync_GetByIdReflectsChange()`
			`{`
			`// Arrange`
			`var userId = await _connection.QuerySingleAsync<int>(`
			`"SELECT Id FROM dbo.Usuario WHERE Username = 'testuser'");`
			`var newJson = """{"grant":["pauta:azanu:ver"],"deny":["ventas:contado:cobrar"]}""";`

			`// Act`
			`await _repository.UpdatePermisosJsonAsync(userId, newJson, DateTime.UtcNow);`

			`// Assert — read back through the repo`
			`var usuario = await _repository.GetByIdAsync(userId);`

			`Assert.NotNull(usuario);`
			`Assert.Equal(newJson, usuario!.PermisosJson);`
			`}`

			`// ── helpers ───────────────────────────────────────────────────────────────`

			`private async Task SeedRolCanonicalAsync()`
			`{`
			`await _connection.ExecuteAsync("""`
			`SET QUOTED_IDENTIFIER ON;`
			`MERGE dbo.Rol AS t`
			`USING (VALUES`
			`('admin', N'Administrador', N'Supervisor total'),`
			`('cajero', N'Cajero', N'Mostrador contado')`
			`) AS s (Codigo, Nombre, Descripcion)`
			`ON t.Codigo = s.Codigo`
			`WHEN NOT MATCHED BY TARGET THEN`
			`INSERT (Codigo, Nombre, Descripcion, Activo)`
			`VALUES (s.Codigo, s.Nombre, s.Descripcion, 1);`
			`""");`
			`}`
			`}`