#!/bin/bash # Test script for dashboard statistics endpoints # Tests admin and ground stats with proper role enforcement BASE_URL="https://api.captaindecision.com" ADMIN_EMAIL="admin.test@slipstream.local" ADMIN_PASSWORD="Test@123" GROUND_EMAIL="ground.test@slipstream.local" GROUND_PASSWORD="Test@123" PILOT_EMAIL="pilot.test@slipstream.local" PILOT_PASSWORD="Test@123" echo "=========================================" echo "DASHBOARD STATISTICS ENDPOINTS TESTING" echo "=========================================" echo "" # Test 1: Admin login echo "Test 1: Admin login..." ADMIN_LOGIN=$(curl -s -X POST "$BASE_URL/auth/login.php" \ -H "Content-Type: application/json" \ -d "{\"email\":\"$ADMIN_EMAIL\",\"password\":\"$ADMIN_PASSWORD\"}") ADMIN_TOKEN=$(echo $ADMIN_LOGIN | grep -o '"token":"[^"]*' | sed 's/"token":"//') if [ -z "$ADMIN_TOKEN" ]; then echo "❌ Admin login failed" echo "Response: $ADMIN_LOGIN" exit 1 fi echo "✅ Admin logged in successfully" echo "" # Test 2: Admin can access admin stats echo "Test 2: Admin accessing /stats/admin.php..." ADMIN_STATS=$(curl -s -X GET "$BASE_URL/stats/admin.php" \ -H "Authorization: Bearer $ADMIN_TOKEN") if echo "$ADMIN_STATS" | grep -q '"flights"'; then echo "✅ Admin stats returned successfully" echo "Response: $ADMIN_STATS" else echo "❌ Admin stats failed" echo "Response: $ADMIN_STATS" fi echo "" # Test 3: Ground staff login echo "Test 3: Ground staff login..." GROUND_LOGIN=$(curl -s -X POST "$BASE_URL/auth/login.php" \ -H "Content-Type: application/json" \ -d "{\"email\":\"$GROUND_EMAIL\",\"password\":\"$GROUND_PASSWORD\"}") GROUND_TOKEN=$(echo $GROUND_LOGIN | grep -o '"token":"[^"]*' | sed 's/"token":"//') if [ -z "$GROUND_TOKEN" ]; then echo "❌ Ground staff login failed" echo "Response: $GROUND_LOGIN" exit 1 fi echo "✅ Ground staff logged in successfully" echo "" # Test 4: Ground staff accessing their stats echo "Test 4: Ground staff accessing /stats/ground.php..." GROUND_STATS=$(curl -s -X GET "$BASE_URL/stats/ground.php" \ -H "Authorization: Bearer $GROUND_TOKEN") if echo "$GROUND_STATS" | grep -q '"base_airport"'; then echo "✅ Ground stats returned successfully" echo "Response: $GROUND_STATS" else echo "❌ Ground stats failed" echo "Response: $GROUND_STATS" fi echo "" # Test 5: Ground staff CANNOT access admin stats (403) echo "Test 5: Ground staff trying to access admin stats (should fail)..." FORBIDDEN_ADMIN=$(curl -s -w "\n%{http_code}" -X GET "$BASE_URL/stats/admin.php" \ -H "Authorization: Bearer $GROUND_TOKEN") HTTP_CODE=$(echo "$FORBIDDEN_ADMIN" | tail -n1) RESPONSE=$(echo "$FORBIDDEN_ADMIN" | head -n1) if [ "$HTTP_CODE" == "403" ]; then echo "✅ Ground staff correctly blocked from admin stats (403)" echo "Response: $RESPONSE" else echo "❌ Ground staff should not access admin stats" echo "HTTP Code: $HTTP_CODE" echo "Response: $RESPONSE" fi echo "" # Test 6: Pilot login echo "Test 6: Pilot login..." PILOT_LOGIN=$(curl -s -X POST "$BASE_URL/auth/login.php" \ -H "Content-Type: application/json" \ -d "{\"email\":\"$PILOT_EMAIL\",\"password\":\"$PILOT_PASSWORD\"}") PILOT_TOKEN=$(echo $PILOT_LOGIN | grep -o '"token":"[^"]*' | sed 's/"token":"//') if [ -z "$PILOT_TOKEN" ]; then echo "❌ Pilot login failed" echo "Response: $PILOT_LOGIN" exit 1 fi echo "✅ Pilot logged in successfully" echo "" # Test 7: Pilot CANNOT access ground stats (403) echo "Test 7: Pilot trying to access ground stats (should fail)..." FORBIDDEN_GROUND=$(curl -s -w "\n%{http_code}" -X GET "$BASE_URL/stats/ground.php" \ -H "Authorization: Bearer $PILOT_TOKEN") HTTP_CODE=$(echo "$FORBIDDEN_GROUND" | tail -n1) RESPONSE=$(echo "$FORBIDDEN_GROUND" | head -n1) if [ "$HTTP_CODE" == "403" ]; then echo "✅ Pilot correctly blocked from ground stats (403)" echo "Response: $RESPONSE" else echo "❌ Pilot should not access ground stats" echo "HTTP Code: $HTTP_CODE" echo "Response: $RESPONSE" fi echo "" # Test 8: Pilot CANNOT access admin stats (403) echo "Test 8: Pilot trying to access admin stats (should fail)..." FORBIDDEN_ADMIN_PILOT=$(curl -s -w "\n%{http_code}" -X GET "$BASE_URL/stats/admin.php" \ -H "Authorization: Bearer $PILOT_TOKEN") HTTP_CODE=$(echo "$FORBIDDEN_ADMIN_PILOT" | tail -n1) RESPONSE=$(echo "$FORBIDDEN_ADMIN_PILOT" | head -n1) if [ "$HTTP_CODE" == "403" ]; then echo "✅ Pilot correctly blocked from admin stats (403)" echo "Response: $RESPONSE" else echo "❌ Pilot should not access admin stats" echo "HTTP Code: $HTTP_CODE" echo "Response: $RESPONSE" fi echo "" echo "=========================================" echo "ALL TESTS COMPLETED" echo "========================================="