From 5be8403c751e03b37c19550e823d6e1a8608138c Mon Sep 17 00:00:00 2001 From: icecheng Date: Tue, 22 Jul 2025 12:14:58 +0800 Subject: [PATCH] feat(role_management): update apitest for role management --- .../tests/api_tests/permission/conftest.py | 1 + .../tests/api_tests/role/conftest.py | 13 +++- .../tests/api_tests/role/test_create_role.py | 42 +++++++++++++ .../tests/api_tests/role/test_delete_role.py | 48 +++++++++++++++ .../tests/api_tests/role/test_update_role.py | 60 +++++++++++++++++++ 5 files changed, 163 insertions(+), 1 deletion(-) diff --git a/apps/authentication/tests/api_tests/permission/conftest.py b/apps/authentication/tests/api_tests/permission/conftest.py index fbf1fa7..b96c630 100644 --- a/apps/authentication/tests/api_tests/permission/conftest.py +++ b/apps/authentication/tests/api_tests/permission/conftest.py @@ -16,5 +16,6 @@ def authentication_web_of_temp_user1() -> AuthenticationWeb: user = authentication_web.create_temporary_user() authentication_web.user_email = user["email"] authentication_web.password = user["password"] + authentication_web.user_id = user["user_id"] authentication_web.login() return authentication_web diff --git a/apps/authentication/tests/api_tests/role/conftest.py b/apps/authentication/tests/api_tests/role/conftest.py index f2aad5a..3731f6c 100644 --- a/apps/authentication/tests/api_tests/role/conftest.py +++ b/apps/authentication/tests/api_tests/role/conftest.py @@ -3,8 +3,19 @@ import pytest from tests.base.authentication_web import AuthenticationWeb -@pytest.fixture +@pytest.fixture(scope="session") def authentication_web()->AuthenticationWeb: authentication_web = AuthenticationWeb() authentication_web.login() return authentication_web + + +@pytest.fixture(scope="session") +def authentication_web_of_temp_user1() -> AuthenticationWeb: + authentication_web = AuthenticationWeb() + user = authentication_web.create_temporary_user() + authentication_web.user_email = user["email"] + authentication_web.password = user["password"] + authentication_web.user_id = user["user_id"] + authentication_web.login() + return authentication_web \ No newline at end of file diff --git a/apps/authentication/tests/api_tests/role/test_create_role.py b/apps/authentication/tests/api_tests/role/test_create_role.py index a52db06..8d4c488 100644 --- a/apps/authentication/tests/api_tests/role/test_create_role.py +++ b/apps/authentication/tests/api_tests/role/test_create_role.py @@ -110,6 +110,48 @@ class TestCreateRole: assert json["role_description"] is None or json["role_description"] == "" assert json["role_level"] == role_data["role_level"] + @pytest.mark.asyncio + async def test_create_role_fail_by_non_admin(self, authentication_web_of_temp_user1: AuthenticationWeb): + """Test creating a role fails by non-admin user (no permission).""" + suffix = str(random.randint(10000, 99999)) + role_data = { + "role_key": f"test_role_key_nonadmin_{suffix}", + "role_name": f"Test Role NonAdmin {suffix}", + "role_description": "desc", + "role_level": 1 + } + response = await authentication_web_of_temp_user1.create_role(role_data) + assert response.status_code == 403 or response.status_code == 401 + + @pytest.mark.asyncio + async def test_create_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb): + """Test creating a role succeeds after granting admin role to a temporary user and re-login.""" + # Create a temp user + user = authentication_web.create_temporary_user() + temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"]) + temp_authentication_web.user_id = user["user_id"] + temp_authentication_web.login() + + # Grant admin role to temp user + resp = await authentication_web.query_roles({"role_key": "admin"}) + admin_role_id = resp.json()["items"][0]["id"] + response1 = await authentication_web.assign_roles_to_user({ + "user_id": temp_authentication_web.user_id, + "role_ids": [admin_role_id] + }) + # Re-login as temp user + temp_authentication_web.login() + # Try to create role + suffix = str(random.randint(10000, 99999)) + role_data = { + "role_key": f"test_role_key_tempadmin_{suffix}", + "role_name": f"Test Role TempAdmin {suffix}", + "role_description": "desc", + "role_level": 1 + } + response = await temp_authentication_web.create_role(role_data) + assert response.status_code == 200 + diff --git a/apps/authentication/tests/api_tests/role/test_delete_role.py b/apps/authentication/tests/api_tests/role/test_delete_role.py index 8d0b43e..a94ce2c 100644 --- a/apps/authentication/tests/api_tests/role/test_delete_role.py +++ b/apps/authentication/tests/api_tests/role/test_delete_role.py @@ -39,5 +39,53 @@ class TestDeleteRole: resp = await authentication_web.delete_role(role_data={"role_id": default_role_id}) assert resp.status_code == 422 or resp.status_code == 400 + @pytest.mark.asyncio + async def test_delete_role_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb): + """Test deleting a role fails by non-admin user (no permission).""" + # Create a role as admin + suffix = str(random.randint(10000, 99999)) + role = await authentication_web.create_role({ + "role_key": f"delrole_nonadmin_{suffix}", + "role_name": f"delrole_nonadmin_{suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role.json()["id"] + # Try to delete as temp user + resp = await authentication_web_of_temp_user1.delete_role(role_data={"role_id": role_id}) + assert resp.status_code == 403 or resp.status_code == 401 + + @pytest.mark.asyncio + async def test_delete_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb): + """Test deleting a role succeeds after granting admin role to a temporary user and re-login.""" + + # Create a temp user + user = authentication_web.create_temporary_user() + temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"]) + temp_authentication_web.user_id = user["user_id"] + temp_authentication_web.login() + + # Create a role as admin + suffix = str(random.randint(10000, 99999)) + role = await authentication_web.create_role({ + "role_key": f"delrole_tempadmin_{suffix}", + "role_name": f"delrole_tempadmin_{suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role.json()["id"] + # Grant admin role to temp user + resp = await authentication_web.query_roles({"role_key": DefaultRoleEnum.ADMIN.value.role_key}) + admin_role_id = resp.json()["items"][0]["id"] + response1 = await authentication_web.assign_roles_to_user({ + "user_id": temp_authentication_web.user_id, + "role_ids": [admin_role_id] + }) + # Re-login as temp user + temp_authentication_web.login() + # Try to delete as temp user + resp = await temp_authentication_web.delete_role(role_data={"role_id": role_id}) + assert resp.status_code == 200 + if __name__ == '__main__': pytest.main([__file__]) diff --git a/apps/authentication/tests/api_tests/role/test_update_role.py b/apps/authentication/tests/api_tests/role/test_update_role.py index f483ed3..de2421f 100644 --- a/apps/authentication/tests/api_tests/role/test_update_role.py +++ b/apps/authentication/tests/api_tests/role/test_update_role.py @@ -168,6 +168,66 @@ class TestUpdateRole: }) assert resp.status_code == 422 or resp.status_code == 400 + @pytest.mark.asyncio + async def test_update_role_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb): + """Test updating a role fails by non-admin user (no permission).""" + # Create a role as admin + suffix = str(random.randint(10000, 99999)) + role = await authentication_web.create_role({ + "role_key": f"updaterole_nonadmin_{suffix}", + "role_name": f"updaterole_nonadmin_{suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role.json()["id"] + update_data = { + "role_id": role_id, + "role_key": f"updaterole_nonadmin_{suffix}_new", + "role_name": f"updaterole_nonadmin_{suffix}_new", + "role_description": "desc new", + "role_level": 2 + } + resp = await authentication_web_of_temp_user1.update_role(role_data=update_data) + assert resp.status_code == 403 or resp.status_code == 401 + + @pytest.mark.asyncio + async def test_update_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb): + """Test updating a role succeeds after granting admin role to a temporary user and re-login.""" + # Create a temp user + user = authentication_web.create_temporary_user() + temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"]) + temp_authentication_web.user_id = user["user_id"] + temp_authentication_web.login() + + # Create a role as admin + suffix = str(random.randint(10000, 99999)) + role = await authentication_web.create_role({ + "role_key": f"updaterole_tempadmin_{suffix}", + "role_name": f"updaterole_tempadmin_{suffix}", + "role_description": "desc", + "role_level": 1 + }) + role_id = role.json()["id"] + # Grant admin role to temp user + resp = await authentication_web.query_roles({"role_key": "admin"}) + admin_role_id = resp.json()["items"][0]["id"] + await authentication_web.assign_roles_to_user({ + "user_id": temp_authentication_web.user_id, + "role_ids": [admin_role_id] + }) + # Re-login as temp user + temp_authentication_web.login() + # Try to update as temp user + update_data = { + "role_id": role_id, + "role_key": f"updaterole_tempadmin_{suffix}_new", + "role_name": f"updaterole_tempadmin_{suffix}_new", + "role_description": "desc new", + "role_level": 2 + } + resp = await temp_authentication_web.update_role(role_data=update_data) + assert resp.status_code == 200 + if __name__ == '__main__': pytest.main([__file__])