freeleaps-service-hub/apps/authentication/tests/api_tests/role/test_create_role.py

import pytest
import random
from tests.base.authentication_web import AuthenticationWeb


class TestCreateRole:

    @pytest.mark.asyncio
    async def test_create_role_success(self, authentication_web: AuthenticationWeb):
        """Test creating a role successfully with valid and unique role_key and role_name."""
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": f"test_role_key_success_{suffix}",
            "role_name": f"Test Role Success {suffix}",
            "role_description": "Role for testing success",
            "role_level": 1
        }
        response = await authentication_web.create_role(role_data)
        assert response.status_code == 200
        json = response.json()
        assert json["role_key"] == role_data["role_key"]
        assert json["role_name"] == role_data["role_name"]
        assert json["role_description"] == role_data["role_description"]
        assert json["role_level"] == role_data["role_level"]
        assert json["id"] is not None
        assert json["created_at"] is not None
        assert json["updated_at"] is not None

    @pytest.mark.asyncio
    async def test_create_role_fail_duplicate_role_key(self, authentication_web: AuthenticationWeb):
        """Test creating a role fails when role_key is duplicated."""
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": f"test_role_key_dup_{suffix}",
            "role_name": f"Test Role DupKey {suffix}",
            "role_description": "desc",
            "role_level": 1
        }
        await authentication_web.create_role(role_data)
        role_data2 = {
            "role_key": f"test_role_key_dup_{suffix}",
            "role_name": f"Test Role DupKey2 {suffix}",
            "role_description": "desc2",
            "role_level": 2
        }
        response = await authentication_web.create_role(role_data2)
        assert response.status_code == 422 or response.status_code == 400

    @pytest.mark.asyncio
    async def test_create_role_fail_duplicate_role_name(self, authentication_web: AuthenticationWeb):
        """Test creating a role fails when role_name is duplicated."""
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": f"test_role_key_dupname1_{suffix}",
            "role_name": f"Test Role DupName {suffix}",
            "role_description": "desc",
            "role_level": 1
        }
        await authentication_web.create_role(role_data)
        role_data2 = {
            "role_key": f"test_role_key_dupname2_{suffix}",
            "role_name": f"Test Role DupName {suffix}",
            "role_description": "desc2",
            "role_level": 2
        }
        response = await authentication_web.create_role(role_data2)
        assert response.status_code == 422 or response.status_code == 400

    @pytest.mark.asyncio
    async def test_create_role_fail_empty_role_key(self, authentication_web: AuthenticationWeb):
        """Test creating a role fails when role_key is empty."""
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": "",
            "role_name": f"Test Role EmptyKey {suffix}",
            "role_description": "desc",
            "role_level": 1
        }
        response = await authentication_web.create_role(role_data)
        assert response.status_code == 422 or response.status_code == 400

    @pytest.mark.asyncio
    async def test_create_role_fail_empty_role_name(self, authentication_web: AuthenticationWeb):
        """Test creating a role fails when role_name is empty."""
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": f"test_role_key_emptyname_{suffix}",
            "role_name": "",
            "role_description": "desc",
            "role_level": 1
        }
        response = await authentication_web.create_role(role_data)
        assert response.status_code == 422 or response.status_code == 400

    @pytest.mark.asyncio
    async def test_create_role_success_empty_description(self, authentication_web: AuthenticationWeb):
        """Test creating a role successfully when role_description is None (optional field)."""
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": f"test_role_key_emptydesc_{suffix}",
            "role_name": f"Test Role EmptyDesc {suffix}",
            "role_description": None,
            "role_level": 1
        }
        response = await authentication_web.create_role(role_data)
        assert response.status_code == 200
        json = response.json()
        assert json["role_key"] == role_data["role_key"]
        assert json["role_name"] == role_data["role_name"]
        assert json["role_description"] is None or json["role_description"] == ""
        assert json["role_level"] == role_data["role_level"]

    @pytest.mark.asyncio
    async def test_create_role_fail_by_non_admin(self, authentication_web_of_temp_user1: AuthenticationWeb):
        """Test creating a role fails by non-admin user (no permission)."""
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": f"test_role_key_nonadmin_{suffix}",
            "role_name": f"Test Role NonAdmin {suffix}",
            "role_description": "desc",
            "role_level": 1
        }
        response = await authentication_web_of_temp_user1.create_role(role_data)
        assert response.status_code == 403 or response.status_code == 401

    @pytest.mark.asyncio
    async def test_create_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
        """Test creating a role succeeds after granting admin role to a temporary user and re-login."""
        # Create a temp user
        user = authentication_web.create_temporary_user()
        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
        temp_authentication_web.user_id = user["user_id"]
        temp_authentication_web.login()

        # Grant admin role to temp user
        resp = await authentication_web.query_roles({"role_key": "admin"})
        admin_role_id = resp.json()["items"][0]["id"]
        response1 = await authentication_web.assign_roles_to_user({
            "user_id": temp_authentication_web.user_id,
            "role_ids": [admin_role_id]
        })
        # Re-login as temp user
        temp_authentication_web.login()
        # Try to create role
        suffix = str(random.randint(10000, 99999))
        role_data = {
            "role_key": f"test_role_key_tempadmin_{suffix}",
            "role_name": f"Test Role TempAdmin {suffix}",
            "role_description": "desc",
            "role_level": 1
        }
        response = await temp_authentication_web.create_role(role_data)
        assert response.status_code == 200




if __name__ == '__main__':
    pytest.main([__file__])