171 lines
5.3 KiB
Python
171 lines
5.3 KiB
Python
import os
|
|
import uuid
|
|
|
|
import pytest
|
|
from fastapi.testclient import TestClient
|
|
|
|
os.environ.setdefault("SECRET_KEY", "x" * 32)
|
|
os.environ.setdefault("DATABASE_URL", "sqlite:////tmp/delphi_test.sqlite")
|
|
|
|
from app.main import app # noqa: E402
|
|
from app.auth.security import get_current_user, get_admin_user # noqa: E402
|
|
from tests.helpers import assert_http_error # noqa: E402
|
|
|
|
|
|
class _User:
|
|
def __init__(self, is_admin: bool):
|
|
self.id = 1 if is_admin else 2
|
|
self.username = "admin" if is_admin else "user"
|
|
self.is_admin = is_admin
|
|
self.is_active = True
|
|
self.first_name = "Test"
|
|
self.last_name = "User"
|
|
|
|
|
|
@pytest.fixture()
|
|
def client_admin():
|
|
app.dependency_overrides[get_current_user] = lambda: _User(True)
|
|
app.dependency_overrides[get_admin_user] = lambda: _User(True)
|
|
try:
|
|
yield TestClient(app)
|
|
finally:
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
app.dependency_overrides.pop(get_admin_user, None)
|
|
|
|
|
|
@pytest.fixture()
|
|
def client_user():
|
|
app.dependency_overrides[get_current_user] = lambda: _User(False)
|
|
try:
|
|
yield TestClient(app)
|
|
finally:
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
|
|
|
|
def test_admin_only_access(client_user: TestClient):
|
|
# Drop auth to simulate unauthenticated
|
|
app.dependency_overrides.pop(get_current_user, None)
|
|
c = TestClient(app)
|
|
resp = c.get("/api/admin/health")
|
|
assert_http_error(resp, 403, "Not authenticated")
|
|
|
|
# Authenticated non-admin should get 403 from admin endpoints
|
|
app.dependency_overrides[get_current_user] = lambda: _User(False)
|
|
resp = c.get("/api/admin/users")
|
|
assert_http_error(resp, 403, "Not enough permissions")
|
|
|
|
|
|
def test_lookup_crud_file_types_and_statuses_and_audit(client_admin: TestClient):
|
|
# List lookup tables
|
|
resp = client_admin.get("/api/admin/lookups/tables")
|
|
assert resp.status_code == 200
|
|
assert "tables" in resp.json()
|
|
|
|
# Create a system setting (as a simple admin CRUD target)
|
|
skey = f"test_setting_{uuid.uuid4().hex[:6]}"
|
|
resp = client_admin.post(
|
|
"/api/admin/settings",
|
|
json={
|
|
"setting_key": skey,
|
|
"setting_value": "on",
|
|
"description": "pytest",
|
|
"setting_type": "STRING",
|
|
},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json()["setting"]["setting_key"] == skey
|
|
|
|
# Update the setting
|
|
resp = client_admin.put(
|
|
f"/api/admin/settings/{skey}",
|
|
json={"setting_value": "off", "description": "changed"},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json()["setting"]["setting_value"] == "off"
|
|
|
|
# Read the setting
|
|
resp = client_admin.get(f"/api/admin/settings/{skey}")
|
|
assert resp.status_code == 200
|
|
assert resp.json()["setting_key"] == skey
|
|
|
|
# Delete the setting
|
|
resp = client_admin.delete(f"/api/admin/settings/{skey}")
|
|
assert resp.status_code == 200
|
|
|
|
# Verify audit logs endpoint is accessible and returns structure
|
|
resp = client_admin.get("/api/admin/audit/logs", params={"include_total": 1})
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert set(body.keys()) == {"total", "items"}
|
|
assert isinstance(body["items"], list)
|
|
|
|
|
|
def test_printer_setup_crud(client_admin: TestClient):
|
|
# Create a printer
|
|
resp = client_admin.post(
|
|
"/api/admin/printers",
|
|
json={
|
|
"printer_name": "TestPrinter",
|
|
"description": "Test",
|
|
"driver": "Generic",
|
|
"port": "LPT1",
|
|
"default_printer": True,
|
|
"page_break": "\f",
|
|
"setup_st": "^[[0m",
|
|
"reset_st": "^[[0m",
|
|
"b_bold": "^[[1m",
|
|
"e_bold": "^[[22m",
|
|
"b_underline": "^[[4m",
|
|
"e_underline": "^[[24m",
|
|
"phone_book": True,
|
|
"rolodex_info": False,
|
|
"envelope": True,
|
|
"file_cabinet": True,
|
|
"accounts": False,
|
|
"statements": True,
|
|
"calendar": False,
|
|
},
|
|
)
|
|
assert resp.status_code == 200
|
|
printer = resp.json()
|
|
assert printer["printer_name"] == "TestPrinter"
|
|
assert printer["default_printer"] is True
|
|
|
|
# Update printer flags
|
|
resp = client_admin.put(
|
|
"/api/admin/printers/TestPrinter",
|
|
json={
|
|
"default_printer": False,
|
|
"statements": False,
|
|
"calendar": True,
|
|
},
|
|
)
|
|
assert resp.status_code == 200
|
|
updated = resp.json()
|
|
assert updated["default_printer"] is False
|
|
assert updated["statements"] is False
|
|
assert updated["calendar"] is True
|
|
|
|
# Get printer by name
|
|
resp = client_admin.get("/api/admin/printers/TestPrinter")
|
|
assert resp.status_code == 200
|
|
fetched = resp.json()
|
|
assert fetched["printer_name"] == "TestPrinter"
|
|
|
|
# List printers includes our printer
|
|
resp = client_admin.get("/api/admin/printers")
|
|
assert resp.status_code == 200
|
|
names = [p["printer_name"] for p in resp.json()]
|
|
assert "TestPrinter" in names
|
|
|
|
# Delete the printer
|
|
resp = client_admin.delete("/api/admin/printers/TestPrinter")
|
|
assert resp.status_code == 200
|
|
# Verify it's gone
|
|
resp = client_admin.get("/api/admin/printers")
|
|
assert resp.status_code == 200
|
|
names = [p["printer_name"] for p in resp.json()]
|
|
assert "TestPrinter" not in names
|
|
|
|
|