from app.models.db import SessionLocal, User def test_admin_stats_requires_admin(client, auth_headers): response = client.get("/admin/stats", headers=auth_headers) assert response.status_code == 403 def test_admin_stats_accessible_to_admin(client, auth_headers): db = SessionLocal() try: db.query(User).filter(User.email == "doc@example.com").update({"is_admin": True}) db.commit() finally: db.close() response = client.get("/admin/stats", headers=auth_headers) assert response.status_code == 200 body = response.json() assert body["total_users"] >= 1