freeleaps-service-hub/apps/authentication/tests/api_tests/user/test_assign_roles.py

import pytest
import random
from backend.models.permission.constants import DefaultRoleEnum
from tests.base.authentication_web import AuthenticationWeb


class TestAssignRolesToUser:
    @pytest.mark.asyncio
    async def test_assign_roles_success_by_admin(self, authentication_web: AuthenticationWeb):
        """Test assigning roles to a user successfully by admin user."""
        # Create a temporary user
        temp_user = authentication_web.create_temporary_user()
        # Create a new role
        suffix = str(random.randint(10000, 99999))
        role_resp = await authentication_web.create_role({
            "role_key": f"assignrole_role_{suffix}",
            "role_name": f"AssignRole Role {suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role_resp.json()["id"]
        # Assign role to user
        resp = await authentication_web.assign_roles_to_user({
            "user_id": temp_user["user_id"], "role_ids": [role_id]
        })
        assert resp.status_code == 200
        json = resp.json()
        assert json["user_id"] == temp_user["user_id"]
        assert json["role_ids"] == [role_id]

    @pytest.mark.asyncio
    async def test_assign_roles_fail_by_non_admin(self, authentication_web_of_temp_user1: AuthenticationWeb):
        """Test assigning roles to a user fails by non-admin user (no permission)."""
        # Create another temporary user
        temp_user = authentication_web_of_temp_user1.create_temporary_user()
        # Query default admin role
        resp = await authentication_web_of_temp_user1.query_roles({"role_key": DefaultRoleEnum.ADMIN.value.role_key})
        admin_role_id = resp.json()["items"][0]["id"]
        # Try to assign admin role to another user
        resp = await authentication_web_of_temp_user1.assign_roles_to_user({
            "user_id": temp_user["user_id"], "role_ids": [admin_role_id]
        })
        assert resp.status_code == 403 or resp.status_code == 401

    @pytest.mark.asyncio
    async def test_assign_roles_fail_role_not_found(self, authentication_web: AuthenticationWeb):
        """Test assigning roles fails when role_id does not exist."""
        # Create a temporary user
        temp_user = authentication_web.create_temporary_user()
        # Try to assign non-existent role
        resp = await authentication_web.assign_roles_to_user({
            "user_id": temp_user["user_id"], "role_ids": ["000000000000000000000000"]
        })
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_assign_roles_fail_empty_role_ids(self, authentication_web: AuthenticationWeb):
        """Test assigning roles fails when role_ids is empty."""
        # Create a temporary user
        temp_user = authentication_web.create_temporary_user()
        resp = await authentication_web.assign_roles_to_user({
            "user_id": temp_user["user_id"], "role_ids": []
        })
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_assign_roles_fail_empty_user_id(self, authentication_web: AuthenticationWeb):
        """Test assigning roles fails when user_id is empty."""
        # Query default admin role
        resp = await authentication_web.query_roles({"role_key": DefaultRoleEnum.ADMIN.value.role_key})
        admin_role_id = resp.json()["items"][0]["id"]
        resp = await authentication_web.assign_roles_to_user({
            "user_id": "", "role_ids": [admin_role_id]
        })
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_assign_roles_remove_duplicates(self, authentication_web: AuthenticationWeb):
        """Test assigning roles with duplicate role_ids removes duplicates."""
        # Create a temporary user
        temp_user = authentication_web.create_temporary_user()
        # Create a new role
        suffix = str(random.randint(10000, 99999))
        role_resp = await authentication_web.create_role({
            "role_key": f"assignrole_role_dup_{suffix}",
            "role_name": f"AssignRole RoleDup {suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role_resp.json()["id"]
        # Assign duplicate role_ids
        resp = await authentication_web.assign_roles_to_user({
            "user_id": temp_user["user_id"], "role_ids": [role_id, role_id, role_id]
        })
        assert resp.status_code == 200
        json = resp.json()
        assert json["role_ids"] == [role_id]

if __name__ == '__main__':
    pytest.main([__file__])