102 lines
3.1 KiB
Python
102 lines
3.1 KiB
Python
import os
|
|
import uuid
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
|
|
os.environ.setdefault("SECRET_KEY", "x" * 32)
|
|
os.environ.setdefault("DATABASE_URL", "sqlite:////tmp/delphi_test.sqlite")
|
|
|
|
from app.main import app # noqa: E402
|
|
from app.auth.security import get_current_user, get_admin_user # noqa: E402
|
|
from tests.helpers import assert_http_error # noqa: E402
|
|
|
|
|
|
class _User:
|
|
def __init__(self, is_admin: bool):
|
|
self.id = 1 if is_admin else 2
|
|
self.username = "admin" if is_admin else "user"
|
|
self.is_admin = is_admin
|
|
self.is_active = True
|
|
self.first_name = "Test"
|
|
self.last_name = "User"
|
|
|
|
|
|
@pytest.fixture()
|
|
def client_admin():
|
|
app.dependency_overrides[get_current_user] = lambda: _User(True)
|
|
app.dependency_overrides[get_admin_user] = lambda: _User(True)
|
|
try:
|
|
yield TestClient(app)
|
|
finally:
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
app.dependency_overrides.pop(get_admin_user, None)
|
|
|
|
|
|
@pytest.fixture()
|
|
def client_user():
|
|
app.dependency_overrides[get_current_user] = lambda: _User(False)
|
|
try:
|
|
yield TestClient(app)
|
|
finally:
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
|
|
|
|
def test_admin_only_access(client_user: TestClient):
|
|
# Drop auth to simulate unauthenticated
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
c = TestClient(app)
|
|
resp = c.get("/api/admin/health")
|
|
assert_http_error(resp, 403, "Not authenticated")
|
|
|
|
# Authenticated non-admin should get 403 from admin endpoints
|
|
app.dependency_overrides[get_current_user] = lambda: _User(False)
|
|
resp = c.get("/api/admin/users")
|
|
assert_http_error(resp, 403, "Not enough permissions")
|
|
|
|
|
|
def test_lookup_crud_file_types_and_statuses_and_audit(client_admin: TestClient):
|
|
# List lookup tables
|
|
resp = client_admin.get("/api/admin/lookups/tables")
|
|
assert resp.status_code == 200
|
|
assert "tables" in resp.json()
|
|
|
|
# Create a system setting (as a simple admin CRUD target)
|
|
skey = f"test_setting_{uuid.uuid4().hex[:6]}"
|
|
resp = client_admin.post(
|
|
"/api/admin/settings",
|
|
json={
|
|
"setting_key": skey,
|
|
"setting_value": "on",
|
|
"description": "pytest",
|
|
"setting_type": "STRING",
|
|
},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json()["setting"]["setting_key"] == skey
|
|
|
|
# Update the setting
|
|
resp = client_admin.put(
|
|
f"/api/admin/settings/{skey}",
|
|
json={"setting_value": "off", "description": "changed"},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json()["setting"]["setting_value"] == "off"
|
|
|
|
# Read the setting
|
|
resp = client_admin.get(f"/api/admin/settings/{skey}")
|
|
assert resp.status_code == 200
|
|
assert resp.json()["setting_key"] == skey
|
|
|
|
# Delete the setting
|
|
resp = client_admin.delete(f"/api/admin/settings/{skey}")
|
|
assert resp.status_code == 200
|
|
|
|
# Verify audit logs endpoint is accessible and returns structure
|
|
resp = client_admin.get("/api/admin/audit/logs")
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert set(body.keys()) == {"total", "logs"}
|
|
|
|
|