freeleaps-service-hub/apps/authentication/tests/api_tests/role/test_delete_role.py

import pytest
import random

from backend.models.permission.constants import DefaultRole, DefaultRoleEnum
from tests.base.authentication_web import AuthenticationWeb


class TestDeleteRole:

    @pytest.mark.asyncio
    async def test_delete_role_success(self, authentication_web: AuthenticationWeb):
        """Test deleting a role successfully."""
        suffix = str(random.randint(10000, 99999))
        role = await authentication_web.create_role({
            "role_key": f"delrole_{suffix}",
            "role_name": f"delrole_{suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role.json()["id"]
        resp = await authentication_web.delete_role(role_data={"role_id": role_id})
        assert resp.status_code == 200
        assert resp.json()["success"] is True

    @pytest.mark.asyncio
    async def test_delete_role_fail_not_found(self, authentication_web: AuthenticationWeb):
        """Test deleting a role fails when role_id does not exist."""
        resp = await authentication_web.delete_role(role_data={"role_id": "000000000000000000000000"})
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_delete_default_role_fail(self, authentication_web: AuthenticationWeb):
        """Test deleting a default role fails. Default role cannot be deleted."""
        # Query a default role
        resp = await authentication_web.query_roles(
            params={"page": 1, "page_size": 2, "role_key": DefaultRoleEnum.ADMIN.value.role_key})
        json = resp.json()
        default_role_id = json["items"][0]["id"]
        resp = await authentication_web.delete_role(role_data={"role_id": default_role_id})
        assert resp.status_code == 422 or resp.status_code == 400

    @pytest.mark.asyncio
    async def test_delete_role_fail_by_non_admin(self, authentication_web: AuthenticationWeb, authentication_web_of_temp_user1: AuthenticationWeb):
        """Test deleting a role fails by non-admin user (no permission)."""
        # Create a role as admin
        suffix = str(random.randint(10000, 99999))
        role = await authentication_web.create_role({
            "role_key": f"delrole_nonadmin_{suffix}",
            "role_name": f"delrole_nonadmin_{suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role.json()["id"]
        # Try to delete as temp user
        resp = await authentication_web_of_temp_user1.delete_role(role_data={"role_id": role_id})
        assert resp.status_code == 403 or resp.status_code == 401

    @pytest.mark.asyncio
    async def test_delete_role_success_after_grant_admin(self, authentication_web: AuthenticationWeb):
        """Test deleting a role succeeds after granting admin role to a temporary user and re-login."""

        # Create a temp user
        user = authentication_web.create_temporary_user()
        temp_authentication_web = AuthenticationWeb(user_email=user["email"], password=user["password"])
        temp_authentication_web.user_id = user["user_id"]
        temp_authentication_web.login()

        # Create a role as admin
        suffix = str(random.randint(10000, 99999))
        role = await authentication_web.create_role({
            "role_key": f"delrole_tempadmin_{suffix}",
            "role_name": f"delrole_tempadmin_{suffix}",
            "role_description": "desc",
            "role_level": 1
        })
        role_id = role.json()["id"]
        # Grant admin role to temp user
        resp = await authentication_web.query_roles({"role_key": DefaultRoleEnum.ADMIN.value.role_key})
        admin_role_id = resp.json()["items"][0]["id"]
        response1 = await authentication_web.assign_roles_to_user({
            "user_id": temp_authentication_web.user_id,
            "role_ids": [admin_role_id]
        })
        # Re-login as temp user
        temp_authentication_web.login()
        # Try to delete as temp user
        resp = await temp_authentication_web.delete_role(role_data={"role_id": role_id})
        assert resp.status_code == 200

if __name__ == '__main__':
    pytest.main([__file__])