import pytest import random from backend.models.permission.constants import DefaultPermissionEnum from tests.base.authentication_web import AuthenticationWeb class TestDeletePermission: @pytest.mark.asyncio async def test_delete_permission_success(self, authentication_web: AuthenticationWeb): """Test deleting a permission successfully.""" suffix = str(random.randint(10000, 99999)) perm = await authentication_web.create_permission({ "permission_key": f"delperm_{suffix}", "permission_name": f"delperm_{suffix}", "description": "desc" }) perm_id = perm.json()["id"] resp = await authentication_web.delete_permission({"permission_id": perm_id}) assert resp.status_code == 200 assert resp.json()["success"] is True @pytest.mark.asyncio async def test_delete_permission_fail_not_found(self, authentication_web: AuthenticationWeb): """Test deleting a permission fails when permission_id does not exist.""" resp = await authentication_web.delete_permission({"permission_id": "000000000000000000000000"}) assert resp.status_code == 422 or resp.status_code == 400 @pytest.mark.asyncio async def test_delete_default_permission_fail(self, authentication_web: AuthenticationWeb): """Test deleting a default permission fails. Default permission cannot be deleted.""" # Query a default role resp = await authentication_web.query_permissions( params={"page": 1, "page_size": 2, "permission_key": DefaultPermissionEnum.CHANGE_PERMISSIONS.value.permission_key}) json = resp.json() default_permission_id = json["items"][0]["id"] resp = await authentication_web.delete_permission(perm_data={"permission_id": default_permission_id}) assert resp.status_code == 422 or resp.status_code == 400 @pytest.mark.asyncio async def test_delete_permission_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb): """Test deleting a permission fails by non-admin user (no permission).""" # Create a permission as admin suffix = str(random.randint(10000, 99999)) perm = await authentication_web.create_permission({ "permission_key": f"delperm_nonadmin_{suffix}", "permission_name": f"delperm_nonadmin_{suffix}", "description": "desc" }) perm_id = perm.json()["id"] # Try to delete as temp user resp = await authentication_web_of_temp_user1.delete_permission({"permission_id": perm_id}) assert resp.status_code == 403 or resp.status_code == 401 @pytest.mark.asyncio async def test_delete_permission_success_after_grant_admin(self, authentication_web: AuthenticationWeb): """Test deleting a permission succeeds after granting admin role to a new temporary user and re-login.""" # Create a new temp user user = authentication_web.create_temporary_user() temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"]) temp_authentication_web.user_id = user["user_id"] temp_authentication_web.login() # Create a permission as admin suffix = str(random.randint(10000, 99999)) perm = await authentication_web.create_permission({ "permission_key": f"delperm_tempadmin_{suffix}", "permission_name": f"delperm_tempadmin_{suffix}", "description": "desc" }) perm_id = perm.json()["id"] # Grant admin role to temp user resp = await authentication_web.query_roles({"role_key": "admin"}) admin_role_id = resp.json()["items"][0]["id"] await authentication_web.assign_roles_to_user({ "user_id": temp_authentication_web.user_id, "role_ids": [admin_role_id] }) # Re-login as temp user temp_authentication_web.login() # Try to delete as temp user resp = await temp_authentication_web.delete_permission({"permission_id": perm_id}) assert resp.status_code == 200 if __name__ == '__main__': pytest.main([__file__])