From 55e0bebbef1bfe462a554ae0a10478d080051657 Mon Sep 17 00:00:00 2001
From: icecheng <icecheng@mathmast.com>
Date: Tue, 22 Jul 2025 12:27:26 +0800
Subject: [PATCH] feat(role_management): update apitest for role management

---
 .../permission/test_create_permission.py      | 39 +++++++++++++
 .../permission/test_delete_permission.py      | 44 +++++++++++++++
 .../permission/test_update_permission.py      | 55 +++++++++++++++++++
 3 files changed, 138 insertions(+)

diff --git a/apps/authentication/tests/api_tests/permission/test_create_permission.py b/apps/authentication/tests/api_tests/permission/test_create_permission.py
index 08a7e03..ab579be 100644
--- a/apps/authentication/tests/api_tests/permission/test_create_permission.py
+++ b/apps/authentication/tests/api_tests/permission/test_create_permission.py
@@ -99,6 +99,45 @@ class TestCreatePermission:
         assert json["permission_name"] == perm_data["permission_name"]
         assert json["description"] is None or json["description"] == ""
 
+    @pytest.mark.asyncio
+    async def test_create_permission_fail_by_non_admin(self, authentication_web_of_temp_user1: AuthenticationWeb):
+        """Test creating a permission fails by non-admin user (no permission)."""
+        suffix = str(random.randint(10000, 99999))
+        perm_data = {
+            "permission_key": f"test_perm_key_nonadmin_{suffix}",
+            "permission_name": f"Test Permission NonAdmin {suffix}",
+            "description": "desc"
+        }
+        response = await authentication_web_of_temp_user1.create_permission(perm_data)
+        assert response.status_code == 403 or response.status_code == 401
+
+    @pytest.mark.asyncio
+    async def test_create_permission_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
+        """Test creating a permission succeeds after granting admin role to a new temporary user and re-login."""
+        # Create a new temp user
+        user = authentication_web.create_temporary_user()
+        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
+        temp_authentication_web.user_id = user["user_id"]
+        temp_authentication_web.login()
+        # Grant admin role to temp user
+        resp = await authentication_web.query_roles({"role_key": "admin"})
+        admin_role_id = resp.json()["items"][0]["id"]
+        await authentication_web.assign_roles_to_user({
+            "user_id": temp_authentication_web.user_id,
+            "role_ids": [admin_role_id]
+        })
+        # Re-login as temp user
+        temp_authentication_web.login()
+        # Try to create permission
+        suffix = str(random.randint(10000, 99999))
+        perm_data = {
+            "permission_key": f"test_perm_key_tempadmin_{suffix}",
+            "permission_name": f"Test Permission TempAdmin {suffix}",
+            "description": "desc"
+        }
+        response = await temp_authentication_web.create_permission(perm_data)
+        assert response.status_code == 200
+
 
 if __name__ == '__main__':
     pytest.main([__file__])
diff --git a/apps/authentication/tests/api_tests/permission/test_delete_permission.py b/apps/authentication/tests/api_tests/permission/test_delete_permission.py
index 73ad109..6604daf 100644
--- a/apps/authentication/tests/api_tests/permission/test_delete_permission.py
+++ b/apps/authentication/tests/api_tests/permission/test_delete_permission.py
@@ -37,5 +37,49 @@ class TestDeletePermission:
         resp = await authentication_web.delete_permission(perm_data={"permission_id": default_permission_id})
         assert resp.status_code == 422 or resp.status_code == 400
 
+    @pytest.mark.asyncio
+    async def test_delete_permission_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb):
+        """Test deleting a permission fails by non-admin user (no permission)."""
+        # Create a permission as admin
+        suffix = str(random.randint(10000, 99999))
+        perm = await authentication_web.create_permission({
+            "permission_key": f"delperm_nonadmin_{suffix}",
+            "permission_name": f"delperm_nonadmin_{suffix}",
+            "description": "desc"
+        })
+        perm_id = perm.json()["id"]
+        # Try to delete as temp user
+        resp = await authentication_web_of_temp_user1.delete_permission({"permission_id": perm_id})
+        assert resp.status_code == 403 or resp.status_code == 401
+
+    @pytest.mark.asyncio
+    async def test_delete_permission_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
+        """Test deleting a permission succeeds after granting admin role to a new temporary user and re-login."""
+        # Create a new temp user
+        user = authentication_web.create_temporary_user()
+        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
+        temp_authentication_web.user_id = user["user_id"]
+        temp_authentication_web.login()
+        # Create a permission as admin
+        suffix = str(random.randint(10000, 99999))
+        perm = await authentication_web.create_permission({
+            "permission_key": f"delperm_tempadmin_{suffix}",
+            "permission_name": f"delperm_tempadmin_{suffix}",
+            "description": "desc"
+        })
+        perm_id = perm.json()["id"]
+        # Grant admin role to temp user
+        resp = await authentication_web.query_roles({"role_key": "admin"})
+        admin_role_id = resp.json()["items"][0]["id"]
+        await authentication_web.assign_roles_to_user({
+            "user_id": temp_authentication_web.user_id,
+            "role_ids": [admin_role_id]
+        })
+        # Re-login as temp user
+        temp_authentication_web.login()
+        # Try to delete as temp user
+        resp = await temp_authentication_web.delete_permission({"permission_id": perm_id})
+        assert resp.status_code == 200
+
 if __name__ == '__main__':
     pytest.main([__file__]) 
\ No newline at end of file
diff --git a/apps/authentication/tests/api_tests/permission/test_update_permission.py b/apps/authentication/tests/api_tests/permission/test_update_permission.py
index 9027afd..4cf1e20 100644
--- a/apps/authentication/tests/api_tests/permission/test_update_permission.py
+++ b/apps/authentication/tests/api_tests/permission/test_update_permission.py
@@ -146,5 +146,60 @@ class TestUpdatePermission:
         })
         assert resp.status_code == 422 or resp.status_code == 400
 
+    @pytest.mark.asyncio
+    async def test_update_permission_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb):
+        """Test updating a permission fails by non-admin user (no permission)."""
+        # Create a permission as admin
+        suffix = str(random.randint(10000, 99999))
+        perm = await authentication_web.create_permission({
+            "permission_key": f"updateperm_nonadmin_{suffix}",
+            "permission_name": f"updateperm_nonadmin_{suffix}",
+            "description": "desc"
+        })
+        perm_id = perm.json()["id"]
+        update_data = {
+            "permission_id": perm_id,
+            "permission_key": f"updateperm_nonadmin_{suffix}_new",
+            "permission_name": f"updateperm_nonadmin_{suffix}_new",
+            "description": "desc new"
+        }
+        resp = await authentication_web_of_temp_user1.update_permission(update_data)
+        assert resp.status_code == 403 or resp.status_code == 401
+
+    @pytest.mark.asyncio
+    async def test_update_permission_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
+        """Test updating a permission succeeds after granting admin role to a new temporary user and re-login."""
+        # Create a new temp user
+        user = authentication_web.create_temporary_user()
+        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
+        temp_authentication_web.user_id = user["user_id"]
+        temp_authentication_web.login()
+        # Create a permission as admin
+        suffix = str(random.randint(10000, 99999))
+        perm = await authentication_web.create_permission({
+            "permission_key": f"updateperm_tempadmin_{suffix}",
+            "permission_name": f"updateperm_tempadmin_{suffix}",
+            "description": "desc"
+        })
+        perm_id = perm.json()["id"]
+        # Grant admin role to temp user
+        resp = await authentication_web.query_roles({"role_key": "admin"})
+        admin_role_id = resp.json()["items"][0]["id"]
+        await authentication_web.assign_roles_to_user({
+            "user_id": temp_authentication_web.user_id,
+            "role_ids": [admin_role_id]
+        })
+        # Re-login as temp user
+        temp_authentication_web.login()
+        # Try to update as temp user
+        update_data = {
+            "permission_id": perm_id,
+            "permission_key": f"updateperm_tempadmin_{suffix}_new",
+            "permission_name": f"updateperm_tempadmin_{suffix}_new",
+            "description": "desc new"
+        }
+        resp = await temp_authentication_web.update_permission(update_data)
+        assert resp.status_code == 200
+
 if __name__ == '__main__':
     pytest.main([__file__]) 
\ No newline at end of file