Enhance user filtering and testing documentation

- Updated `docs/Improvements.md` to reflect the current testing strategy with checkboxes for completed tests.
- Refactored `src/search.rs` to introduce a new shadow status retrieval mechanism, improving user filtering based on account states.
- Added tests in `src/app/update.rs` to validate user and group management actions, including restrictions on system users and primary group modifications.
- Expanded unit tests in `tests/unit_test.rs` to cover shadow filters and home directory existence checks, ensuring robust filtering functionality.

Author: Firstp1ck

docs/Improvements.md

@@ -67,9 +67,10 @@ On macOS, the information reported will not be accurate. The tool relies on the
 - Search: `fuzzy-matcher` (optional), simple substring by default
 
 ### Testing Strategy
-- Parser tests using fixture files; property tests for edge cases
-- Integration tests driving the update loop with synthetic input events
-- Snapshot tests for UI components using known tables
+- [x] Parser tests using fixture files
+- [x] Integration tests driving the update loop with synthetic input events
+- [ ] Property tests for edge cases
+- [ ] Snapshot tests for UI components using known tables
 
 ### Platform Notes
 - Linux/BSD: primary targets. `users` uses libc calls and should honor NSS.
@@ -91,10 +92,12 @@ See the milestone roadmap in [docs/roadmap.md](docs/roadmap.md) for v0.3, v0.4,
 
 ### UX & Navigation
 
-- Core CRUD: Create/modify/delete users and groups; lock/unlock; login shell toggle; password set/reset with strength checks
-- Search & Filtering: Fuzzy find users/groups; filters (system vs human, inactive, expired, locked, no home, no password)
-- Layout & Interactions: Split view (list + detail), breadcrumbs, status bar hints, non‑blocking jobs panel
-- Accessibility & Theming: High‑contrast theme, mouse support, resizable panes, configurable keymaps, persistent settings file
+- [ ] Core CRUD: Create/modify/delete users and groups; lock/unlock; login shell toggle; password set/reset with strength checks
+- Search & Filtering:
+  - [ ] Fuzzy find users/groups
+  - [x] Filters (system vs human, inactive, expired, locked, no home, no password)
+- [ ] Layout & Interactions: Split view (list + detail), breadcrumbs, status bar hints, non‑blocking jobs panel
+- [ ] Accessibility & Theming: High‑contrast theme, mouse support, resizable panes, configurable keymaps, persistent settings file
 
 ### Security & Compliance
 
@@ -144,13 +147,11 @@ User management is inherently high-risk from a security perspective
 
 ## Testing Overview
 
-See [docs/testing.md](docs/testing.md) for the complete testing plan, including unit/integration/snapshot tests and safety checks.
-
 Targets:
 
-- Datasets up to 10,000 users/groups
-- Incremental search latency under 50 ms on large datasets
-- Clear separation of privileged vs non‑privileged flows
+- [x] Datasets up to 10,000 users/groups (unit test coverage for search performance)
+- [x] Incremental search latency under 50 ms on large datasets (assertions in unit tests)
+- [x] Clear separation of privileged vs non‑privileged flows (update-loop tests for SudoPrompt)
 
 ## Platform Support
 

src/app/update.rs

@@ -1962,4 +1962,189 @@ mod tests {
         assert!(app.modal.is_none());
         assert!(matches!(app.input_mode, InputMode::Normal));
     }
+
+    #[test]
+    fn modify_groups_remove_primary_group_shows_info() {
+        // Create a user 'alice' with primary_gid 100 and groups including that primary group
+        let mut app = AppState::default();
+        app.users = vec![crate::sys::SystemUser {
+            uid: 1000,
+            name: "alice".to_string(),
+            primary_gid: 100,
+            full_name: None,
+            home_dir: "/home/alice".to_string(),
+            shell: "/bin/bash".to_string(),
+        }];
+        app.groups_all = vec![
+            crate::sys::SystemGroup { gid: 100, name: "users".to_string(), members: vec![] },
+            crate::sys::SystemGroup { gid: 10, name: "wheel".to_string(), members: vec!["alice".to_string()] },
+        ];
+        app.selected_user_index = 0;
+
+        // Open ModifyGroupsRemove and select the primary group entry (index 0 in the filtered list)
+        app.input_mode = InputMode::Modal;
+        app.modal = Some(ModalState::ModifyGroupsRemove {
+            selected: 0,
+            offset: 0,
+            selected_multi: Vec::new(),
+        });
+
+        handle_modal_key(&mut app, key(KeyCode::Enter));
+
+        match &app.modal {
+            Some(ModalState::Info { message }) => {
+                assert!(message.contains("Cannot remove user from primary group"))
+            }
+            other => panic!("expected Info modal, got {:?}", other),
+        }
+    }
+
+    #[test]
+    fn actions_delete_blocked_for_non_user_uid_range() {
+        let mut app = AppState::default();
+        // Root-like user (UID < 1000) should be blocked
+        app.users = vec![crate::sys::SystemUser {
+            uid: 0,
+            name: "root".to_string(),
+            primary_gid: 0,
+            full_name: None,
+            home_dir: "/root".to_string(),
+            shell: "/bin/bash".to_string(),
+        }];
+        app.selected_user_index = 0;
+        app.input_mode = InputMode::Modal;
+        app.modal = Some(ModalState::Actions { selected: 1 }); // Delete
+
+        handle_modal_key(&mut app, key(KeyCode::Enter));
+
+        match &app.modal {
+            Some(ModalState::Info { message }) => {
+                assert!(message.contains("Deletion not allowed. Only UID 1000-1999 allowed"));
+                assert!(message.contains("root"));
+            }
+            other => panic!("expected Info modal, got {:?}", other),
+        }
+    }
+
+    #[test]
+    fn groups_rename_blocked_for_system_gid() {
+        let mut app = AppState::default();
+        app.groups = vec![
+            crate::sys::SystemGroup { gid: 10, name: "wheel".to_string(), members: vec![] },
+            crate::sys::SystemGroup { gid: 1000, name: "users".to_string(), members: vec![] },
+        ];
+        app.selected_group_index = 0; // system group
+        app.input_mode = InputMode::Modal;
+        app.modal = Some(ModalState::GroupModifyMenu { selected: 2, target_gid: None }); // Rename
+
+        handle_modal_key(&mut app, key(KeyCode::Enter));
+
+        match &app.modal {
+            Some(ModalState::Info { message }) => {
+                assert!(message.contains("Renaming system groups is disabled"));
+                assert!(message.contains("wheel"));
+                assert!(message.contains("10"));
+            }
+            other => panic!("expected Info modal, got {:?}", other),
+        }
+    }
+
+    #[test]
+    fn privileged_action_opens_sudo_prompt_without_credentials() {
+        // Set up a normal user entry
+        let mut app = AppState::default();
+        app.users = vec![crate::sys::SystemUser {
+            uid: 1000,
+            name: "userx".to_string(),
+            primary_gid: 1000,
+            full_name: None,
+            home_dir: "/home/userx".to_string(),
+            shell: "/bin/bash".to_string(),
+        }];
+        app.selected_user_index = 0;
+
+        // Open ModifyPasswordMenu and choose Reset (selection 1) which requires privileges
+        app.input_mode = InputMode::Modal;
+        app.modal = Some(ModalState::ModifyPasswordMenu { selected: 1 });
+
+        handle_modal_key(&mut app, key(KeyCode::Enter));
+
+        match &app.modal {
+            Some(ModalState::SudoPrompt { next, password, error }) => {
+                // Should queue the reset action and prompt for sudo
+                match next {
+                    PendingAction::ResetPassword { username } => {
+                        assert_eq!(username, "userx");
+                    }
+                    other => panic!("unexpected pending: {:?}", other),
+                }
+                assert!(password.is_empty());
+                assert!(error.is_none());
+            }
+            other => panic!("expected SudoPrompt, got {:?}", other),
+        }
+    }
+
+    // Test-only helper: simulate effects of a subset of PendingAction without system calls
+    fn simulate_pending_action(app: &mut AppState, pending: PendingAction) {
+        match pending {
+            PendingAction::DeleteUser { username, delete_home: _ } => {
+                app.users_all.retain(|u| u.name != username);
+                app.users_all.sort_by_key(|u| u.uid);
+                apply_filters_and_search(app);
+                if app.selected_user_index >= app.users.len() {
+                    app.selected_user_index = app.users.len().saturating_sub(1);
+                }
+            }
+            PendingAction::DeleteGroup { groupname } => {
+                app.groups_all.retain(|g| g.name != groupname);
+                app.groups_all.sort_by_key(|g| g.gid);
+                apply_filters_and_search(app);
+                if app.selected_group_index >= app.groups.len() {
+                    app.selected_group_index = app.groups.len().saturating_sub(1);
+                }
+            }
+            _ => {}
+        }
+    }
+
+    #[test]
+    fn selected_user_index_clamps_after_delete() {
+        let mut app = AppState::default();
+        app.users_all = vec![
+            crate::sys::SystemUser { uid: 1000, name: "a".into(), primary_gid: 1000, full_name: None, home_dir: "/home/a".into(), shell: "/bin/bash".into() },
+            crate::sys::SystemUser { uid: 1001, name: "b".into(), primary_gid: 1001, full_name: None, home_dir: "/home/b".into(), shell: "/bin/bash".into() },
+        ];
+        app.users = app.users_all.clone();
+        app.selected_user_index = 1; // last item
+
+        simulate_pending_action(
+            &mut app,
+            PendingAction::DeleteUser { username: "b".into(), delete_home: false },
+        );
+
+        assert_eq!(app.users.len(), 1);
+        assert_eq!(app.selected_user_index, 0);
+        assert_eq!(app.users[0].name, "a");
+    }
+
+    #[test]
+    fn selected_group_index_clamps_after_delete() {
+        let mut app = AppState::default();
+        app.groups_all = vec![
+            crate::sys::SystemGroup { gid: 1000, name: "g1".into(), members: vec![] },
+            crate::sys::SystemGroup { gid: 1001, name: "g2".into(), members: vec![] },
+        ];
+        app.groups = app.groups_all.clone();
+        app.selected_group_index = 1; // last item
+
+        simulate_pending_action(
+            &mut app,
+            PendingAction::DeleteGroup { groupname: "g2".into() },
+        );
+
+        assert_eq!(app.groups.len(), 1);
+        assert_eq!(app.selected_group_index, 0);
+        assert_eq!(app.groups[0].name, "g1");
+    }
 }

src/search.rs

@@ -4,6 +4,7 @@
 //! based on the current input mode and query string.
 //!
 use crate::app::{AppState, GroupsFilter, InputMode, UsersFilter};
+use std::collections::HashMap;
 
 /// Filter the visible users or groups of `app` according to the lowercase query.
 ///
@@ -42,7 +43,7 @@ pub fn apply_filters_and_search(app: &mut AppState) {
         }
     // System-backed filters via /etc/shadow (best-effort; ignored if unreadable)
         if chips.locked || chips.no_password || chips.expired {
-            if let Some(shadow) = read_shadow_status().ok() {
+            if let Some(shadow) = get_shadow_status().ok() {
                 if chips.locked {
                     users_view.retain(|u| shadow.get(&u.name).map(|s| s.locked).unwrap_or(false));
                 }
@@ -99,14 +100,14 @@ pub fn apply_filters_and_search(app: &mut AppState) {
 }
 
 // Lightweight shadow status used for filters
-struct ShadowStatus {
-    locked: bool,
-    no_password: bool,
-    expired: bool,
+#[derive(Clone, Debug)]
+pub struct ShadowStatus {
+    pub locked: bool,
+    pub no_password: bool,
+    pub expired: bool,
 }
 
-fn read_shadow_status() -> std::io::Result<std::collections::HashMap<String, ShadowStatus>> {
-    use std::collections::HashMap;
+fn read_shadow_status() -> std::io::Result<HashMap<String, ShadowStatus>> {
     use std::fs;
     use std::os::unix::fs::MetadataExt;
     use std::time::{SystemTime, UNIX_EPOCH};
@@ -153,6 +154,35 @@ fn read_shadow_status() -> std::io::Result<std::collections::HashMap<String, Sha
     Ok(map)
 }
 
+fn get_shadow_status() -> std::io::Result<HashMap<String, ShadowStatus>> {
+    if let Some(res) = SHADOW_PROVIDER.with(|p| p.borrow().as_ref().map(|f| f())) {
+        return res;
+    }
+    read_shadow_status()
+}
+
+thread_local! {
+    static SHADOW_PROVIDER: std::cell::RefCell<Option<Box<dyn Fn() -> std::io::Result<HashMap<String, ShadowStatus>>>>> = std::cell::RefCell::new(None);
+}
+
+#[allow(dead_code)]
+pub fn set_shadow_provider<F>(f: F)
+where
+    F: Fn() -> std::io::Result<HashMap<String, ShadowStatus>> + 'static,
+{
+    SHADOW_PROVIDER.with(|p| *p.borrow_mut() = Some(Box::new(f)));
+}
+
+#[allow(dead_code)]
+pub fn clear_shadow_provider() {
+    SHADOW_PROVIDER.with(|p| *p.borrow_mut() = None);
+}
+
+#[allow(dead_code)]
+pub fn make_shadow_status(locked: bool, no_password: bool, expired: bool) -> ShadowStatus {
+    ShadowStatus { locked, no_password, expired }
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;