freeleaps-service-hub/apps/authentication/tests/api_tests/role/test_assign_permissions.py

import pytest
import random
from typing import List
from backend.models.permission.constants import DefaultRoleEnum, DefaultPermissionEnum
from tests.base.authentication_web import AuthenticationWeb


class TestAssignPermissionsToRole:
    @pytest.mark.asyncio
    async def test_assign_permissions_success(self, authentication_web: AuthenticationWeb):
        """Test assigning permissions to a role successfully."""
        # Create a role
        suffix = str(random.randint(10000, 99999))
        role_resp = await authentication_web.create_role({
            "role_key": f"assignperm_role_{suffix}",
            "role_name": f"AssignPerm Role {suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role_resp.json()["id"]
        # Create two permissions
        perm1 = await authentication_web.create_permission({
            "permission_key": f"assignperm_key1_{suffix}",
            "permission_name": f"AssignPerm Permission1 {suffix}",
            "description": "desc"
        })
        perm2 = await authentication_web.create_permission({
            "permission_key": f"assignperm_key2_{suffix}",
            "permission_name": f"AssignPerm Permission2 {suffix}",
            "description": "desc"
        })
        perm_ids = [perm1.json()["id"], perm2.json()["id"]]
        # Assign permissions
        resp = await authentication_web.assign_permissions_to_role({
            "role_id": role_id,
            "permission_ids": perm_ids
        })
        assert resp.status_code == 200
        json = resp.json()
        assert set(json["permission_ids"]) == set(perm_ids)

    @pytest.mark.asyncio
    async def test_assign_permissions_fail_role_not_found(self, authentication_web: AuthenticationWeb):
        """Test assigning permissions fails when role_id does not exist."""
        # Create a permission
        suffix = str(random.randint(10000, 99999))
        perm = await authentication_web.create_permission({
            "permission_key": f"assignperm_key_nf_{suffix}",
            "permission_name": f"AssignPerm PermissionNF {suffix}",
            "description": "desc"
        })
        perm_id = perm.json()["id"]
        resp = await authentication_web.assign_permissions_to_role({
            "role_id": "000000000000000000000000",
            "permission_ids": [perm_id]
        })
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_assign_permissions_fail_permission_not_found(self, authentication_web: AuthenticationWeb):
        """Test assigning permissions fails when a permission_id does not exist."""
        # Create a role
        suffix = str(random.randint(10000, 99999))
        role_resp = await authentication_web.create_role({
            "role_key": f"assignperm_role_nf_{suffix}",
            "role_name": f"AssignPerm RoleNF {suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role_resp.json()["id"]
        resp = await authentication_web.assign_permissions_to_role({
            "role_id": role_id,
            "permission_ids": ["000000000000000000000000"]
        })
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_assign_permissions_fail_empty_permission_ids(self, authentication_web: AuthenticationWeb):
        """Test assigning permissions fails when permission_ids is empty."""
        # Create a role
        suffix = str(random.randint(10000, 99999))
        role_resp = await authentication_web.create_role({
            "role_key": f"assignperm_role_empty_{suffix}",
            "role_name": f"AssignPerm RoleEmpty {suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role_resp.json()["id"]
        resp = await authentication_web.assign_permissions_to_role({
            "role_id": role_id,
            "permission_ids": []
        })
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_assign_permissions_fail_empty_role_id(self, authentication_web: AuthenticationWeb):
        """Test assigning permissions fails when role_id is empty."""
        # Create a permission
        suffix = str(random.randint(10000, 99999))
        perm = await authentication_web.create_permission({
            "permission_key": f"assignperm_key_emptyrole_{suffix}",
            "permission_name": f"AssignPerm PermissionEmptyRole {suffix}",
            "description": "desc"
        })
        perm_id = perm.json()["id"]
        resp = await authentication_web.assign_permissions_to_role({
            "role_id": "",
            "permission_ids": [perm_id]
        })
        assert resp.status_code == 422 or resp.status_code == 400 or resp.status_code == 500

    @pytest.mark.asyncio
    async def test_assign_permissions_remove_duplicates(self, authentication_web: AuthenticationWeb):
        """Test assigning permissions with duplicate permission_ids removes duplicates."""
        # Create a role
        suffix = str(random.randint(10000, 99999))
        role_resp = await authentication_web.create_role({
            "role_key": f"assignperm_role_dup_{suffix}",
            "role_name": f"AssignPerm RoleDup {suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role_resp.json()["id"]
        # Create a permission
        perm = await authentication_web.create_permission({
            "permission_key": f"assignperm_key_dup_{suffix}",
            "permission_name": f"AssignPerm PermissionDup {suffix}",
            "description": "desc"
        })
        perm_id = perm.json()["id"]
        # Assign duplicate permission_ids
        resp = await authentication_web.assign_permissions_to_role({
            "role_id": role_id,
            "permission_ids": [perm_id, perm_id, perm_id]
        })
        assert resp.status_code == 200
        json = resp.json()
        assert json["permission_ids"] == [perm_id]

    @pytest.mark.asyncio
    async def test_assign_permissions_to_default_role(self, authentication_web: AuthenticationWeb):
        """Test assigning permissions to a default role (should succeed if not restricted)."""
        # Query default admin role
        resp = await authentication_web.query_roles({"role_key": DefaultRoleEnum.ADMIN.value.role_key})
        json = resp.json()
        default_role_id = json["items"][0]["id"]
        # Create a permission
        suffix = str(random.randint(10000, 99999))
        perm = await authentication_web.create_permission({
            "permission_key": f"assignperm_key_default_{suffix}",
            "permission_name": f"AssignPerm PermissionDefault {suffix}",
            "description": "desc"
        })
        perm_id = perm.json()["id"]
        # Try to assign permission to default role
        resp = await authentication_web.assign_permissions_to_role({
            "role_id": default_role_id,
            "permission_ids": [perm_id, *json["items"][0]["permission_ids"]]
        })
        assert resp.status_code in [200]

if __name__ == '__main__':
    pytest.main([__file__])