feat(role_management): add test report for role management

apps/authentication/requirements.txt

@@ -14,3 +14,5 @@ pydantic-settings
 python-jose
 passlib[bcrypt]
 prometheus-fastapi-instrumentator==7.0.2
+pytest==8.4.1
+pytest-asyncio==0.21.2

apps/authentication/tests/api_tests/permission/README.md

@@ -0,0 +1,86 @@
+# Permission API Test Report
+
+## How to Run the Tests
+
+ **Run all permission API tests with coverage:**
+   ```bash
+   pytest --cov=authentication --cov-report=term-missing tests/api_tests/permission/
+   ```
+
+---
+
+## Test Results Summary
+
+- **Total tests collected:** 26
+- **All tests passed.**
+- **Warnings:**
+  - Deprecation warnings from Pydantic/Beanie (upgrade recommended for future compatibility).
+  - Coverage warning: `Module authentication was never imported. (module-not-imported)`
+
+---
+
+## Test Case Explanations
+
+### test_create_permission.py
+
+- **test_create_permission_success**  
+  Admin user can create a permission with valid data.
+- **test_create_permission_fail_duplicate_key/name**  
+  Creating a permission with duplicate key or name fails.
+- **test_create_permission_fail_empty_key/name**  
+  Creating a permission with empty key or name fails.
+- **test_create_permission_success_empty_description**  
+  Description is optional.
+- **test_create_permission_fail_by_non_admin**  
+  Non-admin user cannot create permissions.
+- **test_create_permission_success_after_grant_admin**  
+  After admin grants admin role to a temp user and the user re-logs in, the user can create permissions.
+
+### test_delete_permission.py
+
+- **test_delete_permission_success**  
+  Admin user can delete a permission.
+- **test_delete_permission_fail_not_found**  
+  Deleting a non-existent permission fails.
+- **test_delete_default_permission_fail**  
+  Default permissions cannot be deleted.
+- **test_delete_permission_fail_by_non_admin**  
+  Non-admin user cannot delete permissions.
+- **test_delete_permission_success_after_grant_admin**  
+  After admin grants admin role to a temp user and the user re-logs in, the user can delete permissions.
+
+### test_update_permission.py
+
+- **test_update_permission_success**  
+  Admin user can update a permission.
+- **test_update_permission_fail_not_found**  
+  Updating a non-existent permission fails.
+- **test_update_permission_fail_duplicate_key/name**  
+  Updating to a duplicate key or name fails.
+- **test_update_permission_fail_empty_key/name**  
+  Updating with empty key or name fails.
+- **test_update_default_permission_fail**  
+  Default permissions cannot be updated.
+- **test_update_permission_fail_by_non_admin**  
+  Non-admin user cannot update permissions.
+- **test_update_permission_success_after_grant_admin**  
+  After admin grants admin role to a temp user and the user re-logs in, the user can update permissions.
+
+### test_query_permission.py
+
+- **test_query_all_permissions**  
+  Query all permissions, expect a list.
+- **test_query_permissions_by_key/name**  
+  Query permissions by key or name (fuzzy search).
+- **test_query_permissions_pagination**  
+  Query permissions with pagination.
+
+---
+
+## Summary
+
+- These tests ensure that only admin users can manage permissions, and that permission can be delegated by granting the admin role to other users.
+- Each test case is designed to verify both positive and negative scenarios, including permission escalation and proper error handling.
+- **Coverage reporting is not working** due to import or execution issues—fix this for a complete report.
+
+---

apps/authentication/tests/api_tests/role/README.md

@@ -0,0 +1,99 @@
+# Role API Test Report
+
+## How to Run the Tests
+
+**Run all role API tests:**
+```bash
+pytest --tb=short tests/api_tests/role/
+```
+
+---
+
+## Test Results Summary
+
+- **Total tests collected:** 33
+- **All tests passed.**
+- **Warnings:**
+  - Deprecation warnings from Pydantic/Beanie (upgrade recommended for future compatibility).
+
+---
+
+## Test Case Explanations
+
+### test_assign_permissions.py
+- **test_assign_permissions_success**  
+  Assign multiple permissions to a role successfully.
+- **test_assign_permissions_fail_role_not_found**  
+  Assigning permissions to a non-existent role fails.
+- **test_assign_permissions_fail_permission_not_found**  
+  Assigning a non-existent permission to a role fails.
+- **test_assign_permissions_fail_empty_permission_ids**  
+  Assigning with an empty permission list fails.
+- **test_assign_permissions_fail_empty_role_id**  
+  Assigning with an empty role ID fails.
+- **test_assign_permissions_remove_duplicates**  
+  Assigning duplicate permission IDs results in de-duplication.
+- **test_assign_permissions_to_default_role**  
+  Assigning permissions to a default role (should succeed if not restricted).
+
+### test_create_role.py
+- **test_create_role_success**  
+  Admin user can create a role with valid and unique data.
+- **test_create_role_fail_duplicate_role_key/name**  
+  Creating a role with duplicate key or name fails.
+- **test_create_role_fail_empty_role_key/name**  
+  Creating a role with empty key or name fails.
+- **test_create_role_success_empty_description**  
+  Description is optional.
+- **test_create_role_fail_by_non_admin**  
+  Non-admin user cannot create roles.
+- **test_create_role_success_after_grant_admin**  
+  After admin grants admin role to a temp user and the user re-logs in, the user can create roles.
+
+### test_delete_role.py
+- **test_delete_role_success**  
+  Admin user can delete a role.
+- **test_delete_role_fail_not_found**  
+  Deleting a non-existent role fails.
+- **test_delete_default_role_fail**  
+  Default roles cannot be deleted.
+- **test_delete_role_fail_by_non_admin**  
+  Non-admin user cannot delete roles.
+- **test_delete_role_success_after_grant_admin**  
+  After admin grants admin role to a temp user and the user re-logs in, the user can delete roles.
+
+### test_query_role.py
+- **test_query_all_roles**  
+  Query all roles, expect a list.
+- **test_query_roles_by_key/name**  
+  Query roles by key or name (fuzzy search).
+- **test_query_roles_pagination**  
+  Query roles with pagination.
+
+### test_update_role.py
+- **test_update_role_success**  
+  Admin user can update a role with valid and unique data.
+- **test_update_role_fail_not_found**  
+  Updating a non-existent role fails.
+- **test_update_role_fail_duplicate_key/name**  
+  Updating to a duplicate key or name fails.
+- **test_update_role_fail_empty_key/name**  
+  Updating with empty key or name fails.
+- **test_update_default_role_fail**  
+  Default roles cannot be updated.
+- **test_update_role_fail_by_non_admin**  
+  Non-admin user cannot update roles.
+- **test_update_role_success_after_grant_admin**  
+  After admin grants admin role to a temp user and the user re-logs in, the user can update roles.
+
+---
+
+## Summary
+
+- These tests ensure that only admin users can manage roles, and that permission can be delegated by granting the admin role to other users.
+- Each test case is designed to verify both positive and negative scenarios, including permission escalation and proper error handling.
+- **Coverage reporting is not included in this report.**
+
+---
+
+If you need a more detailed, markdown-formatted report with actual coverage numbers, please enable coverage and re-run the tests. 

apps/authentication/tests/api_tests/siginin/README.md

@@ -0,0 +1,37 @@
+# Signin API Test Report
+
+## How to Run the Tests
+
+**Run all signin API tests:**
+```bash
+pytest --tb=short tests/api_tests/siginin/
+```
+
+---
+
+## Test Results Summary
+
+- **Total tests collected:** 1
+- **All tests passed.**
+- **Warnings:**
+  - Deprecation warning from Pydantic (upgrade recommended for future compatibility).
+
+---
+
+## Test Case Explanations
+
+### test_signin_with_email_and_password.py
+- **test_sign_in_with_email_and_password**  
+  This test verifies the email and password sign-in flow:
+  - Calls the login API with valid credentials.
+  - Asserts that the response contains a valid access token, refresh token, expiration, identity, role names, and user permissions.
+  - Decodes the JWT access token and checks that the payload contains the expected subject fields (id, role_names, user_permissions).
+
+---
+
+## Summary
+
+- This test ensures that the email/password sign-in API returns all required authentication and user information fields, and that the JWT token is correctly structured.
+- If you need to add more signin scenarios, add new test cases to this directory and re-run the tests.
+
+--- 

apps/authentication/tests/api_tests/user/README.md

@@ -0,0 +1,45 @@
+# User API Test Report
+
+## How to Run the Tests
+
+**Run all user API tests:**
+```bash
+pytest --tb=short tests/api_tests/user/
+```
+
+---
+
+## Test Results Summary
+
+- **Total tests collected:** 6
+- **All tests passed.**
+- **Warnings:**
+  - Deprecation warnings from Pydantic/Beanie (upgrade recommended for future compatibility).
+
+---
+
+## Test Case Explanations
+
+### test_assign_roles.py
+- **test_assign_roles_success_by_admin**  
+  Admin user can assign a role to a user successfully.
+- **test_assign_roles_fail_by_non_admin**  
+  Non-admin user cannot assign roles to other users (permission denied).
+- **test_assign_roles_fail_role_not_found**  
+  Assigning a non-existent role to a user fails.
+- **test_assign_roles_fail_empty_role_ids**  
+  Assigning with an empty role list fails.
+- **test_assign_roles_fail_empty_user_id**  
+  Assigning roles with an empty user ID fails.
+- **test_assign_roles_remove_duplicates**  
+  Assigning duplicate role IDs results in de-duplication; the user ends up with a single instance of the role.
+
+---
+
+## Summary
+
+- These tests ensure that only admin users can assign roles to users, and that the system properly handles invalid input and duplicate assignments.
+- Each test case is designed to verify both positive and negative scenarios, including permission checks and input validation.
+- If you need to add more user management scenarios, add new test cases to this directory and re-run the tests.
+
+--- 

apps/authentication/tests/base/config.py

@@ -1,3 +1,5 @@
-USER_EMAIL = "icecheng@mathmast.com"
+# user with admin role
-USER_PASSWORD = "@Cwb1535145760"
+USER_EMAIL = "XXXXX"
+USER_PASSWORD = "XXXXX"
+# authentication base url
 BASE_URL = "http://localhost:8103"