Refactor event access validation and enhance endpoint logic

Centralized event access validation into a reusable `validate_event_access` function, eliminating duplicated code across endpoints. Updated the logic in `get_event` and `get_event_by_slug` to use this function. Adjusted tests to align with the refactored logic and fixed permission-based response statuses.

backend/tests/api/routes/events/test_router.py

@@ -410,9 +410,11 @@ class TestGetPublicEvents:
         assert data["page"] == 1
         assert data["size"] == 100
 
+# @pytest.mark.parametrize("endpoint_type", ["id", "slug"])
+@pytest.mark.parametrize("endpoint_type", ["id"])
 class TestGetEvent:
     @pytest.fixture(autouse=True)
-    def setup_method(self, create_test_client, db_session, mock_user):
+    def setup_method(self, create_test_client, db_session, mock_user, endpoint_type):
         self.client = create_test_client(
             router=events_router,
             prefix="/events",
@@ -421,6 +423,8 @@ class TestGetEvent:
         )
         self.db_session = db_session
         self.mock_user = mock_user
+        self.endpoint_type = endpoint_type
+
 
     def create_mock_user(
             self,
@@ -501,15 +505,36 @@ class TestGetEvent:
 
         return mock_event
 
+    def get_event_endpoint(self, event_obj, access_code=None):
+        """
+        Helper method to dynamically build the endpoint URL based on the test parameter.
+        """
+        if self.endpoint_type == "id":
+            endpoint = f"/events/{event_obj.id}"
+        # else:
+        #     endpoint = f"/events/by-slug/{event_obj.slug}"
+        if access_code is not None:
+            endpoint += f"?access_code={access_code}"
+        return endpoint
 
     def test_get_event_by_creator_success(self):
         mocked_event = self.create_mock_event(created_by=self.mock_user.id)
 
-        response = self.client.get(f"/events/{mocked_event.id}")
+        endpoint = self.get_event_endpoint(mocked_event)
+        response = self.client.get(endpoint)
 
         assert response.status_code == status.HTTP_200_OK
         assert response.json()["id"] == str(mocked_event.id)
 
+
+    # def test_get_event_by_creator_success(self):
+    #     mocked_event = self.create_mock_event(created_by=self.mock_user.id)
+    #
+    #     response = self.client.get(f"/events/{mocked_event.id}")
+    #
+    #     assert response.status_code == status.HTTP_200_OK
+    #     assert response.json()["id"] == str(mocked_event.id)
+
     def test_get_event_by_manager_success(self, mock_user):
         manager_user = self.create_mock_user(email="manager@example.com")
         mocked_event = self.create_mock_event(created_by=self.mock_user.id, managers=[manager_user])
@@ -604,7 +629,7 @@ class TestGetEvent:
     def test_get_event_unauthenticated_user_fails(self, create_test_client, db_session):
         mocked_event = self.create_mock_event(
             created_by=self.mock_user.id,
-            is_public=True
+            is_public=False
         )
         client = create_test_client(
             router=events_router,
@@ -617,5 +642,5 @@ class TestGetEvent:
 
         response = client.get(f"/events/{mocked_event.id}")
 
-        assert response.status_code == status.HTTP_401_UNAUTHORIZED
-        assert response.json()["detail"] == "Invalid authentication credentials"
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+        assert response.json()["detail"] == "Not enough permissions to access this event"