# Permission API Test Report

## How to Run the Tests

 **Run all permission API tests with coverage:**
   ```bash
   pytest --cov=authentication --cov-report=term-missing tests/api_tests/permission/
   ```

---

## Test Results Summary

- **Total tests collected:** 26
- **All tests passed.**
- **Warnings:**
  - Deprecation warnings from Pydantic/Beanie (upgrade recommended for future compatibility).
  - Coverage warning: `Module authentication was never imported. (module-not-imported)`

---

## Test Case Explanations

### test_create_permission.py

- **test_create_permission_success**  
  Admin user can create a permission with valid data.
- **test_create_permission_fail_duplicate_key/name**  
  Creating a permission with duplicate key or name fails.
- **test_create_permission_fail_empty_key/name**  
  Creating a permission with empty key or name fails.
- **test_create_permission_success_empty_description**  
  Description is optional.
- **test_create_permission_fail_by_non_admin**  
  Non-admin user cannot create permissions.
- **test_create_permission_success_after_grant_admin**  
  After admin grants admin role to a temp user and the user re-logs in, the user can create permissions.

### test_delete_permission.py

- **test_delete_permission_success**  
  Admin user can delete a permission.
- **test_delete_permission_fail_not_found**  
  Deleting a non-existent permission fails.
- **test_delete_default_permission_fail**  
  Default permissions cannot be deleted.
- **test_delete_permission_fail_by_non_admin**  
  Non-admin user cannot delete permissions.
- **test_delete_permission_success_after_grant_admin**  
  After admin grants admin role to a temp user and the user re-logs in, the user can delete permissions.

### test_update_permission.py

- **test_update_permission_success**  
  Admin user can update a permission.
- **test_update_permission_fail_not_found**  
  Updating a non-existent permission fails.
- **test_update_permission_fail_duplicate_key/name**  
  Updating to a duplicate key or name fails.
- **test_update_permission_fail_empty_key/name**  
  Updating with empty key or name fails.
- **test_update_default_permission_fail**  
  Default permissions cannot be updated.
- **test_update_permission_fail_by_non_admin**  
  Non-admin user cannot update permissions.
- **test_update_permission_success_after_grant_admin**  
  After admin grants admin role to a temp user and the user re-logs in, the user can update permissions.

### test_query_permission.py

- **test_query_all_permissions**  
  Query all permissions, expect a list.
- **test_query_permissions_by_key/name**  
  Query permissions by key or name (fuzzy search).
- **test_query_permissions_pagination**  
  Query permissions with pagination.

---

## Summary

- These tests ensure that only admin users can manage permissions, and that permission can be delegated by granting the admin role to other users.
- Each test case is designed to verify both positive and negative scenarios, including permission escalation and proper error handling.
- **Coverage reporting is not working** due to import or execution issues—fix this for a complete report.

---