feat: update all endpoints and schemas for account-based model

Replace team_id with account_id across all API endpoints (trees, categories, tags, steps, step_categories, admin, auth). Add new accounts and webhooks endpoints. Registration now atomically creates Account + Subscription, with account_invite_code bypassing the platform invite gate. Schemas updated for account_id/account_role. 82 tests passing including 18 new tests for accounts, subscriptions, and permissions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 02:39:01 -05:00
parent 4ccb93ee31
commit e0089a9c5a
24 changed files with 1178 additions and 152 deletions
--- a/backend/tests/test_admin.py
+++ b/backend/tests/test_admin.py
@@ -169,3 +169,51 @@ class TestAdminEndpoints:
        log = result.scalar_one_or_none()
        assert log is not None
        assert str(log.resource_id) == user_id
+
+    @pytest.mark.asyncio
+    async def test_change_account_role(
+        self, client: AsyncClient, admin_auth_headers: dict, test_user: dict
+    ):
+        """Test changing a user's account role."""
+        user_id = test_user["user_data"]["id"]
+        response = await client.put(
+            f"/api/v1/admin/users/{user_id}/account-role",
+            json={"account_role": "viewer"},
+            headers=admin_auth_headers
+        )
+        assert response.status_code == 200
+        assert response.json()["account_role"] == "viewer"
+
+    @pytest.mark.asyncio
+    async def test_change_account_role_invalid(
+        self, client: AsyncClient, admin_auth_headers: dict, test_user: dict
+    ):
+        """Test that invalid account_role values are rejected."""
+        user_id = test_user["user_data"]["id"]
+        response = await client.put(
+            f"/api/v1/admin/users/{user_id}/account-role",
+            json={"account_role": "owner"},
+            headers=admin_auth_headers
+        )
+        assert response.status_code == 422
+
+    @pytest.mark.asyncio
+    async def test_audit_log_created_on_account_role_change(
+        self, client: AsyncClient, admin_auth_headers: dict, test_user: dict, test_db: AsyncSession
+    ):
+        """Test that changing account role creates an audit log entry."""
+        user_id = test_user["user_data"]["id"]
+        await client.put(
+            f"/api/v1/admin/users/{user_id}/account-role",
+            json={"account_role": "viewer"},
+            headers=admin_auth_headers
+        )
+
+        result = await test_db.execute(
+            select(AuditLog).where(AuditLog.action == "user.account_role_change")
+        )
+        log = result.scalar_one_or_none()
+        assert log is not None
+        assert str(log.resource_id) == user_id
+        assert log.details["old_account_role"] == "owner"
+        assert log.details["new_account_role"] == "viewer"