✅ fixed UserService unit test

[Pa-Touche]

Fixes #13830

Summary by CodeRabbit

• Tests
  • Updated expectations for user lookup and filtering to assert explicit result sizes (including non-empty cases) across region/right combinations and multiple-right queries.
  • Adjusted the single-district disease + right scenario to expect exactly one matching result instead of an empty outcome.

[coderabbitai]

Warning

Review limit reached

@Pa-Touche, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 24 minutes and 53 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan refill rate.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, the refill rate gradually slows as usage increases. The highest same-day bursts are limited more strictly.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c0464c0c-9aad-49e9-9831-6d0ca83f505d

📥 Commits

Reviewing files that changed from the base of the PR and between bd16d6b and dcb4913.

📒 Files selected for processing (1)

• sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java

📝 Walkthrough

Walkthrough

Test assertions in UserFacadeEjbTest are updated across two test methods to expect explicit result set sizes from user lookup queries filtered by region and rights. The first test adds an initial assertion for a single result, then validates two results after creating additional users. Different-region scenarios change from empty-result checks to explicit hasSize(3) assertions. The external-message access right case changes from non-empty assertion to expecting exactly one result. No production logic is modified.

Changes

UserFacadeEjbTest assertion updates

Layer / File(s)	Summary
testGetUsersByRegionAndRights expected count updates sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java	Initial region/right query asserts hasSize(1); after creating additional users/roles, re-query asserts hasSize(2); different-region scenarios updated from empty-result checks to hasSize(3).
testGetUserRefsByDistrictsWithLimitedDiseaseUsersSingleDistrict assertion update sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java	EXTERNAL_MESSAGE_ACCESS right case updated to assert hasSize(1) instead of checking for non-empty results.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• SORMAS-Foundation/SORMAS-Project#13995: Directly related — the production logic change in that PR expands getUserReferences filtering to include NATION-jurisdiction users, which is precisely what drives the updated expected counts in this PR's test assertion changes.

Poem

🐇 The nation-wide users were lost in the dark,
Hidden from queries without a spark.
Now explicit counts light the way,
From one to three—hooray, hooray!
Tests retold, the bug is fixed,
Nation and district users now mixed. 🌟

🚥 Pre-merge checks | ✅ 1 | ❌ 4

❌ Failed checks (2 warnings, 2 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description provides only the issue reference without explaining what was changed, why the test changes were needed, or how they relate to the bug fix.	Expand the description to explain what test assertions were updated and how these changes validate the fix for issue #13830.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title uses a checkmark emoji and refers to 'fixed UserService unit test', which only partially describes the actual changes—the tests verify specific size assertions and expected user results.	Replace the emoji and use a more descriptive title like 'Fix UserService unit test expectations for region and district queries' to better convey the specific test adjustments.
Linked Issues check	❓ Inconclusive	The test changes update expected result sizes but lack clear evidence of validating the core issue: allowing national-level users to be selected as responsible officers.	Provide explicit test cases or assertions that directly verify national-level user eligibility for the responsible officer selection dropdown.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Out of Scope Changes check	✅ Passed	All changes are limited to unit test assertions in UserFacadeEjbTest, which is directly related to validating user-related backend logic.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/13830-national-user-cannot-be-responsible-user

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java (1)

322-327: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Assert identity of the new 4th result, not just count

Line 322 increases expected size, but Lines 324-327 don’t verify who the newly included user is. This can pass with an unintended extra user. Add an explicit assertion for the expected national-level user UUID/reference.

Proposed test hardening

 		assertEquals(4, userReferenceDtos.size());
 		List<String> userReferenceUUIDs = userReferenceDtos.stream().map(u -> u.getUuid()).collect(Collectors.toList());
 		assertTrue(userReferenceUUIDs.contains(surveilanceOfficerDefault.getUuid()));
 		assertTrue(userReferenceUUIDs.contains(surveilanceSupervisorDefault.getUuid()));
 		assertTrue(userReferenceUUIDs.contains(adminSupervisorDefault.getUuid()));
+		assertTrue(userReferenceUUIDs.contains(nationalAdmin.getUuid()));
 		assertFalse(userReferenceUUIDs.contains(adminSupervisorOther.getUuid()));

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java`
around lines 322 - 327, The test asserts that userReferenceDtos has size 4 on
line 322 and verifies several specific users are included in userReferenceUUIDs,
but does not explicitly verify the identity of the new 4th user that was added.
Add an assertion (assertTrue) to verify that the expected national-level user's
UUID is contained in the userReferenceUUIDs list, ensuring the newly included
user is the intended one and not just any arbitrary user.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java`:
- Around line 399-402: The assertion at line 401 in the getUserRefsByDistrict
test only verifies that exactly one user reference is returned using hasSize(1),
but does not verify which user is actually returned. This allows the test to
pass even if the wrong user with the wrong right or wrong jurisdiction is
returned. Add an additional assertion after the hasSize check to verify that the
returned userReferenceDtos contains the expected user by asserting on the user's
ID or other identifying properties, so that the test will fail if the incorrect
user is matched or if the right/jurisdiction filtering is broken.

---

Outside diff comments:
In
`@sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java`:
- Around line 322-327: The test asserts that userReferenceDtos has size 4 on
line 322 and verifies several specific users are included in userReferenceUUIDs,
but does not explicitly verify the identity of the new 4th user that was added.
Add an assertion (assertTrue) to verify that the expected national-level user's
UUID is contained in the userReferenceUUIDs list, ensuring the newly included
user is the intended one and not just any arbitrary user.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3b28b20e-2faf-4aaf-831f-6fdb0f2106f7

📥 Commits

Reviewing files that changed from the base of the PR and between 8b90a9b and 5f37eb3.

📒 Files selected for processing (1)

• sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Strengthen EXTERNAL_MESSAGE_ACCESS assertion with expected user

The new non-empty expectation at Line 401 only checks size. Please also assert which user is returned so this test fails on wrong-right/wrong-jurisdiction matches.

Proposed assertion update

 		userReferenceDtos = getUserFacade().getUserRefsByDistrict(rdcf.district, Disease.CORONAVIRUS, UserRight.EXTERNAL_MESSAGE_ACCESS);

 		assertThat(userReferenceDtos, hasSize(1));
+		assertThat(userReferenceDtos, hasItem(equalTo(nationalAdmin.toReference())));

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	userReferenceDtos = getUserFacade().getUserRefsByDistrict(rdcf.district, Disease.CORONAVIRUS, UserRight.EXTERNAL_MESSAGE_ACCESS);
	assertFalse(userReferenceDtos.isEmpty());
	assertThat(userReferenceDtos, hasSize(1));
	userReferenceDtos = getUserFacade().getUserRefsByDistrict(rdcf.district, Disease.CORONAVIRUS, UserRight.EXTERNAL_MESSAGE_ACCESS);
	assertThat(userReferenceDtos, hasSize(1));
	assertThat(userReferenceDtos, hasItem(equalTo(nationalAdmin.toReference())));

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@sormas-backend/src/test/java/de/symeda/sormas/backend/user/UserFacadeEjbTest.java`
around lines 399 - 402, The assertion at line 401 in the getUserRefsByDistrict
test only verifies that exactly one user reference is returned using hasSize(1),
but does not verify which user is actually returned. This allows the test to
pass even if the wrong user with the wrong right or wrong jurisdiction is
returned. Add an additional assertion after the hasSize check to verify that the
returned userReferenceDtos contains the expected user by asserting on the user's
ID or other identifying properties, so that the test will fail if the incorrect
user is matched or if the right/jurisdiction filtering is broken.

[Pa-Touche]

already fixed