feat(role_management): update apitest for role management

apps/authentication/tests/api_tests/permission/conftest.py

@@ -16,5 +16,6 @@ def authentication_web_of_temp_user1() -> AuthenticationWeb:
     user = authentication_web.create_temporary_user()
     authentication_web.user_email = user["email"]
     authentication_web.password = user["password"]
+    authentication_web.user_id = user["user_id"]
     authentication_web.login()
     return authentication_web

apps/authentication/tests/api_tests/role/conftest.py

@@ -3,8 +3,19 @@ import pytest
 from tests.base.authentication_web import AuthenticationWeb
 
 
-@pytest.fixture
+@pytest.fixture(scope="session")
 def authentication_web()->AuthenticationWeb:
     authentication_web = AuthenticationWeb()
     authentication_web.login()
     return authentication_web
+
+
+@pytest.fixture(scope="session")
+def authentication_web_of_temp_user1() -> AuthenticationWeb:
+    authentication_web = AuthenticationWeb()
+    user = authentication_web.create_temporary_user()
+    authentication_web.user_email = user["email"]
+    authentication_web.password = user["password"]
+    authentication_web.user_id = user["user_id"]
+    authentication_web.login()
+    return authentication_web

apps/authentication/tests/api_tests/role/test_create_role.py

@@ -110,6 +110,48 @@ class TestCreateRole:
         assert json["role_description"] is None or json["role_description"] == ""
         assert json["role_level"] == role_data["role_level"]
 
+    @pytest.mark.asyncio
+    async def test_create_role_fail_by_non_admin(self, authentication_web_of_temp_user1: AuthenticationWeb):
+        """Test creating a role fails by non-admin user (no permission)."""
+        suffix = str(random.randint(10000, 99999))
+        role_data = {
+            "role_key": f"test_role_key_nonadmin_{suffix}",
+            "role_name": f"Test Role NonAdmin {suffix}",
+            "role_description": "desc",
+            "role_level": 1
+        }
+        response = await authentication_web_of_temp_user1.create_role(role_data)
+        assert response.status_code == 403 or response.status_code == 401
+
+    @pytest.mark.asyncio
+    async def test_create_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
+        """Test creating a role succeeds after granting admin role to a temporary user and re-login."""
+        # Create a temp user
+        user = authentication_web.create_temporary_user()
+        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
+        temp_authentication_web.user_id = user["user_id"]
+        temp_authentication_web.login()
+
+        # Grant admin role to temp user
+        resp = await authentication_web.query_roles({"role_key": "admin"})
+        admin_role_id = resp.json()["items"][0]["id"]
+        response1 = await authentication_web.assign_roles_to_user({
+            "user_id": temp_authentication_web.user_id,
+            "role_ids": [admin_role_id]
+        })
+        # Re-login as temp user
+        temp_authentication_web.login()
+        # Try to create role
+        suffix = str(random.randint(10000, 99999))
+        role_data = {
+            "role_key": f"test_role_key_tempadmin_{suffix}",
+            "role_name": f"Test Role TempAdmin {suffix}",
+            "role_description": "desc",
+            "role_level": 1
+        }
+        response = await temp_authentication_web.create_role(role_data)
+        assert response.status_code == 200
+
 
 
 

apps/authentication/tests/api_tests/role/test_delete_role.py

@@ -39,5 +39,53 @@ class TestDeleteRole:
         resp = await authentication_web.delete_role(role_data={"role_id": default_role_id})
         assert resp.status_code == 422 or resp.status_code == 400
 
+    @pytest.mark.asyncio
+    async def test_delete_role_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb):
+        """Test deleting a role fails by non-admin user (no permission)."""
+        # Create a role as admin
+        suffix = str(random.randint(10000, 99999))
+        role = await authentication_web.create_role({
+            "role_key": f"delrole_nonadmin_{suffix}",
+            "role_name": f"delrole_nonadmin_{suffix}",
+            "role_description": "desc",
+            "role_level": 1
+        })
+        role_id = role.json()["id"]
+        # Try to delete as temp user
+        resp = await authentication_web_of_temp_user1.delete_role(role_data={"role_id": role_id})
+        assert resp.status_code == 403 or resp.status_code == 401
+
+    @pytest.mark.asyncio
+    async def test_delete_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
+        """Test deleting a role succeeds after granting admin role to a temporary user and re-login."""
+
+        # Create a temp user
+        user = authentication_web.create_temporary_user()
+        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
+        temp_authentication_web.user_id = user["user_id"]
+        temp_authentication_web.login()
+
+        # Create a role as admin
+        suffix = str(random.randint(10000, 99999))
+        role = await authentication_web.create_role({
+            "role_key": f"delrole_tempadmin_{suffix}",
+            "role_name": f"delrole_tempadmin_{suffix}",
+            "role_description": "desc",
+            "role_level": 1
+        })
+        role_id = role.json()["id"]
+        # Grant admin role to temp user
+        resp = await authentication_web.query_roles({"role_key": DefaultRoleEnum.ADMIN.value.role_key})
+        admin_role_id = resp.json()["items"][0]["id"]
+        response1 = await authentication_web.assign_roles_to_user({
+            "user_id": temp_authentication_web.user_id,
+            "role_ids": [admin_role_id]
+        })
+        # Re-login as temp user
+        temp_authentication_web.login()
+        # Try to delete as temp user
+        resp = await temp_authentication_web.delete_role(role_data={"role_id": role_id})
+        assert resp.status_code == 200
+
 if __name__ == '__main__':
     pytest.main([__file__])

apps/authentication/tests/api_tests/role/test_update_role.py

@@ -168,6 +168,66 @@ class TestUpdateRole:
         })
         assert resp.status_code == 422 or resp.status_code == 400
 
+    @pytest.mark.asyncio
+    async def test_update_role_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb):
+        """Test updating a role fails by non-admin user (no permission)."""
+        # Create a role as admin
+        suffix = str(random.randint(10000, 99999))
+        role = await authentication_web.create_role({
+            "role_key": f"updaterole_nonadmin_{suffix}",
+            "role_name": f"updaterole_nonadmin_{suffix}",
+            "role_description": "desc",
+            "role_level": 1
+        })
+        role_id = role.json()["id"]
+        update_data = {
+            "role_id": role_id,
+            "role_key": f"updaterole_nonadmin_{suffix}_new",
+            "role_name": f"updaterole_nonadmin_{suffix}_new",
+            "role_description": "desc new",
+            "role_level": 2
+        }
+        resp = await authentication_web_of_temp_user1.update_role(role_data=update_data)
+        assert resp.status_code == 403 or resp.status_code == 401
+
+    @pytest.mark.asyncio
+    async def test_update_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
+        """Test updating a role succeeds after granting admin role to a temporary user and re-login."""
+        # Create a temp user
+        user = authentication_web.create_temporary_user()
+        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
+        temp_authentication_web.user_id = user["user_id"]
+        temp_authentication_web.login()
+
+        # Create a role as admin
+        suffix = str(random.randint(10000, 99999))
+        role = await authentication_web.create_role({
+            "role_key": f"updaterole_tempadmin_{suffix}",
+            "role_name": f"updaterole_tempadmin_{suffix}",
+            "role_description": "desc",
+            "role_level": 1
+        })
+        role_id = role.json()["id"]
+        # Grant admin role to temp user
+        resp = await authentication_web.query_roles({"role_key": "admin"})
+        admin_role_id = resp.json()["items"][0]["id"]
+        await authentication_web.assign_roles_to_user({
+            "user_id": temp_authentication_web.user_id,
+            "role_ids": [admin_role_id]
+        })
+        # Re-login as temp user
+        temp_authentication_web.login()
+        # Try to update as temp user
+        update_data = {
+            "role_id": role_id,
+            "role_key": f"updaterole_tempadmin_{suffix}_new",
+            "role_name": f"updaterole_tempadmin_{suffix}_new",
+            "role_description": "desc new",
+            "role_level": 2
+        }
+        resp = await temp_authentication_web.update_role(role_data=update_data)
+        assert resp.status_code == 200
+
 
 if __name__ == '__main__':
     pytest.main([__file__])