57 lines
1.6 KiB
Python
57 lines
1.6 KiB
Python
import asyncio
|
|
import pytest
|
|
from fastapi import HTTPException
|
|
|
|
from app.auth import permissions
|
|
from app.domain.models.role import UserRole
|
|
from tests.conftest import make_user
|
|
|
|
|
|
def test_require_role_allows_higher_privilege_user():
|
|
checker = permissions.require_role(UserRole.OPERATOR)
|
|
|
|
result = asyncio.run(checker(current_user=make_user(role=UserRole.ADMIN)))
|
|
|
|
assert result.role == UserRole.ADMIN
|
|
|
|
|
|
def test_require_role_rejects_insufficient_role():
|
|
checker = permissions.require_role(UserRole.ADMIN)
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
asyncio.run(checker(current_user=make_user(role=UserRole.USER)))
|
|
|
|
assert exc_info.value.status_code == 403
|
|
assert "Required role: ADMIN" in exc_info.value.detail
|
|
|
|
|
|
def test_check_resource_owner_allows_admin():
|
|
assert permissions.check_resource_owner(
|
|
99,
|
|
make_user(id=1, role=UserRole.ADMIN),
|
|
) is True
|
|
|
|
|
|
def test_check_resource_owner_allows_owner():
|
|
assert permissions.check_resource_owner(
|
|
7,
|
|
make_user(id=7, role=UserRole.USER),
|
|
) is True
|
|
|
|
|
|
def test_check_resource_owner_rejects_other_user():
|
|
assert permissions.check_resource_owner(
|
|
7,
|
|
make_user(id=8, role=UserRole.USER),
|
|
) is False
|
|
|
|
|
|
def test_require_owner_or_admin_rejects_other_user():
|
|
checker = permissions.require_owner_or_admin(7)
|
|
|
|
with pytest.raises(HTTPException) as exc_info:
|
|
asyncio.run(checker(current_user=make_user(id=8, role=UserRole.USER)))
|
|
|
|
assert exc_info.value.status_code == 403
|
|
assert exc_info.value.detail == "You don't have permission to access this resource"
|