# -*- coding: utf-8 -*- """Test API : utilisateurs Utilisation : pytest tests/api/test_api_users.py """ from tests.api.setup_test_api import ( API_URL, CHECK_CERTIFICATE, GET, POST_JSON, api_headers, api_admin_headers, get_auth_headers, ) def test_list_users(api_admin_headers): """ Routes: /user/ /users/query?departement=dept_acronym&active=1&like= """ admin_h = api_admin_headers depts = GET("/departements", headers=admin_h) assert len(depts) > 0 u = GET("/user/1", headers=admin_h) assert u["id"] == 1 assert u["user_name"] assert u["date_expiration"] is None dept_u = u["dept"] # Tous les utilisateurs, vus par SuperAdmin: users = GET("/users/query", headers=admin_h) # Les utilisateurs de chaque département (+ ceux sans département) all_users = [] for acronym in [dept["acronym"] for dept in depts] + [""]: all_users += GET(f"/users/query?departement={acronym}", headers=admin_h) all_users.sort(key=lambda u: u["user_name"]) assert len(all_users) == len(users) # On a créé un user "u_" par département: u_users = GET("/users/query?starts_with=U ", headers=admin_h) assert len(u_users) == len(depts) assert len(GET("/users/query?departement=AA", headers=admin_h)) == 1 assert len(GET("/users/query?departement=AA&starts_with=U ", headers=admin_h)) == 1 assert ( len( GET( "/users/query?departement=AA&starts_with=XXX", headers=admin_h, ) ) == 0 ) # Utilisateurs vus par d'autres utilisateurs (droits accès) for i, u in enumerate(u for u in u_users if u["dept"] != "TAPI"): headers = get_auth_headers(u["user_name"], "test") users_by_u = GET("/users/query", headers=headers) assert len(users_by_u) == 4 + i # explication: tous ont le droit de voir les 3 users de TAPI # (test, other et u_TAPI) # plus l'utilisateur de chaque département jusqu'au leur # (u_AA voit AA, u_BB voit AA et BB, etc) def test_edit_users(api_admin_headers): """ Routes: /user/create /user/edit/ """ admin_h = api_admin_headers nb_users = len(GET("/users/query", headers=admin_h)) user = POST_JSON( "/user/create", {"user_name": "toto", "nom": "Toto"}, headers=admin_h, ) assert user["user_name"] == "toto" assert user["dept"] is None assert user["active"] is True assert (nb_users + 1) == len(GET("/users/query", headers=admin_h)) # Change le dept et rend inactif user = POST_JSON( f"/user/edit/{user['id']}", {"active": False, "dept": "TAPI"}, headers=admin_h, ) assert user["dept"] == "TAPI" assert user["active"] is False def test_roles(api_admin_headers): """ Routes: /user/create /user//edit """ admin_h = api_admin_headers user = POST_JSON( "/user/create", {"user_name": "test_roles", "nom": "Role", "prenom": "Test"}, headers=admin_h, ) uid = user["id"] ans = POST_JSON(f"/user/{uid}/role/Secr/add", headers=admin_h) assert ans["user_name"] == "test_roles" role = POST_JSON("/role/create/Test_X", headers=admin_h) assert role["role_name"] == "Test_X" assert role["permissions"] == [] role = GET("/role/Test_X", headers=admin_h) assert role["role_name"] == "Test_X" assert role["permissions"] == [] role = POST_JSON("/role/Test_X/edit", {"role_name": "Test_Y"}, headers=admin_h) assert role["role_name"] == "Test_Y" role = GET("/role/Test_Y", headers=admin_h) assert role["role_name"] == "Test_Y" role = POST_JSON( "/role/Test_Y/edit", {"permissions": ["ScoView", "ScoAbsChange"]}, headers=admin_h, ) assert set(role["permissions"]) == {"ScoView", "ScoAbsChange"} role = POST_JSON("/role/Test_Y/add_permission/ScoAbsAddBillet", headers=admin_h) assert set(role["permissions"]) == {"ScoView", "ScoAbsChange", "ScoAbsAddBillet"} role = GET("/role/Test_Y", headers=admin_h) assert set(role["permissions"]) == {"ScoView", "ScoAbsChange", "ScoAbsAddBillet"} role = POST_JSON("/role/Test_Y/remove_permission/ScoAbsChange", headers=admin_h) assert set(role["permissions"]) == {"ScoView", "ScoAbsAddBillet"} ans = POST_JSON("/role/Test_Y/delete", headers=admin_h) assert ans["OK"] is True