ScoDoc/tests/api/test_api_users.py

132 lines
4.4 KiB
Python

# -*- coding: utf-8 -*-
"""Test API : utilisateurs
Utilisation :
pytest tests/api/test_api_users.py
"""
from tests.api.setup_test_api import (
API_URL,
CHECK_CERTIFICATE,
GET,
POST_JSON,
api_headers,
api_admin_headers,
get_auth_headers,
)
def test_list_users(api_admin_headers):
"""
Routes: /user/<int:uid>
/users/query?departement=dept_acronym&active=1&like=<str:nom>
"""
admin_h = api_admin_headers
depts = GET("/departements", headers=admin_h)
assert len(depts) > 0
u = GET("/user/1", headers=admin_h)
assert u["id"] == 1
assert u["user_name"]
assert u["date_expiration"] is None
dept_u = u["dept"]
# Tous les utilisateurs, vus par SuperAdmin:
users = GET("/users/query", headers=admin_h)
# Les utilisateurs de chaque département (+ ceux sans département)
all_users = []
for acronym in [dept["acronym"] for dept in depts] + [""]:
all_users += GET(f"/users/query?departement={acronym}", headers=admin_h)
all_users.sort(key=lambda u: u["user_name"])
assert len(all_users) == len(users)
# On a créé un user "u_" par département:
u_users = GET("/users/query?starts_with=U ", headers=admin_h)
assert len(u_users) == len(depts)
assert len(GET("/users/query?departement=AA", headers=admin_h)) == 1
assert len(GET("/users/query?departement=AA&starts_with=U ", headers=admin_h)) == 1
assert (
len(
GET(
"/users/query?departement=AA&starts_with=XXX",
headers=admin_h,
)
)
== 0
)
# Utilisateurs vus par d'autres utilisateurs (droits accès)
for i, u in enumerate(u for u in u_users if u["dept"] != "TAPI"):
headers = get_auth_headers(u["user_name"], "test")
users_by_u = GET("/users/query", headers=headers)
assert len(users_by_u) == 4 + i
# explication: tous ont le droit de voir les 3 users de TAPI
# (test, other et u_TAPI)
# plus l'utilisateur de chaque département jusqu'au leur
# (u_AA voit AA, u_BB voit AA et BB, etc)
def test_edit_users(api_admin_headers):
"""
Routes: /user/create
/user/edit/<int:uid>
"""
admin_h = api_admin_headers
nb_users = len(GET("/users/query", headers=admin_h))
user = POST_JSON(
"/user/create",
{"user_name": "toto", "nom": "Toto"},
headers=admin_h,
)
assert user["user_name"] == "toto"
assert user["dept"] is None
assert user["active"] is True
assert (nb_users + 1) == len(GET("/users/query", headers=admin_h))
# Change le dept et rend inactif
user = POST_JSON(
f"/user/edit/{user['id']}",
{"active": False, "dept": "TAPI"},
headers=admin_h,
)
assert user["dept"] == "TAPI"
assert user["active"] is False
def test_roles(api_admin_headers):
"""
Routes: /user/create
/user/<int:uid>/edit
"""
admin_h = api_admin_headers
user = POST_JSON(
"/user/create",
{"user_name": "test_roles", "nom": "Role", "prenom": "Test"},
headers=admin_h,
)
uid = user["id"]
ans = POST_JSON(f"/user/{uid}/role/Secr/add", headers=admin_h)
assert ans["user_name"] == "test_roles"
role = POST_JSON("/role/create/Test_X", headers=admin_h)
assert role["role_name"] == "Test_X"
assert role["permissions"] == []
role = GET("/role/Test_X", headers=admin_h)
assert role["role_name"] == "Test_X"
assert role["permissions"] == []
role = POST_JSON("/role/Test_X/edit", {"role_name": "Test_Y"}, headers=admin_h)
assert role["role_name"] == "Test_Y"
role = GET("/role/Test_Y", headers=admin_h)
assert role["role_name"] == "Test_Y"
role = POST_JSON(
"/role/Test_Y/edit",
{"permissions": ["ScoView", "ScoAbsChange"]},
headers=admin_h,
)
assert set(role["permissions"]) == {"ScoView", "ScoAbsChange"}
role = POST_JSON("/role/Test_Y/add_permission/ScoAbsAddBillet", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "ScoAbsChange", "ScoAbsAddBillet"}
role = GET("/role/Test_Y", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "ScoAbsChange", "ScoAbsAddBillet"}
role = POST_JSON("/role/Test_Y/remove_permission/ScoAbsChange", headers=admin_h)
assert set(role["permissions"]) == {"ScoView", "ScoAbsAddBillet"}
ans = POST_JSON("/role/Test_Y/delete", headers=admin_h)
assert ans["OK"] is True