Added the AccountTestCase test case with the test_nobody and test_viewer tests.
This commit is contained in:
parent
3312c835fd
commit
dd3690dd6a
@ -20,11 +20,13 @@
|
||||
"""
|
||||
import unittest
|
||||
|
||||
import httpx
|
||||
import sqlalchemy as sa
|
||||
from click.testing import Result
|
||||
from flask import Flask
|
||||
from flask.testing import FlaskCliRunner
|
||||
|
||||
from testlib import UserClient, get_user_client
|
||||
from testsite import create_app
|
||||
|
||||
|
||||
@ -80,3 +82,127 @@ class AccountCommandTestCase(unittest.TestCase):
|
||||
self.assertEqual(account.title_l10n, base.title_l10n)
|
||||
self.assertEqual({x.locale: x.title for x in account.l10n},
|
||||
{x.locale: x.title for x in base.l10n})
|
||||
|
||||
|
||||
class AccountTestCase(unittest.TestCase):
|
||||
"""The account test case."""
|
||||
|
||||
def setUp(self) -> None:
|
||||
"""Sets up the test.
|
||||
This is run once per test.
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
self.app: Flask = create_app(is_testing=True)
|
||||
|
||||
runner: FlaskCliRunner = self.app.test_cli_runner()
|
||||
with self.app.app_context():
|
||||
from accounting.database import db
|
||||
from accounting.models import BaseAccount, Account, AccountL10n
|
||||
result: Result
|
||||
result = runner.invoke(args="init-db")
|
||||
self.assertEqual(result.exit_code, 0)
|
||||
if BaseAccount.query.first() is None:
|
||||
result = runner.invoke(args="accounting-init-base")
|
||||
self.assertEqual(result.exit_code, 0)
|
||||
AccountL10n.query.delete()
|
||||
Account.query.delete()
|
||||
db.session.commit()
|
||||
|
||||
self.viewer: UserClient = get_user_client(self, self.app, "viewer")
|
||||
self.editor: UserClient = get_user_client(self, self.app, "editor")
|
||||
self.nobody: UserClient = get_user_client(self, self.app, "nobody")
|
||||
|
||||
client: httpx.Client = self.editor.client
|
||||
csrf_token: str = self.editor.csrf_token
|
||||
response: httpx.Response
|
||||
|
||||
response = client.post("/accounting/accounts/store",
|
||||
data={"csrf_token": csrf_token,
|
||||
"base_code": "1111",
|
||||
"title": "1111 title"})
|
||||
self.assertEqual(response.status_code, 302)
|
||||
self.assertEqual(response.headers["Location"],
|
||||
"/accounting/accounts/1111-001")
|
||||
|
||||
response = client.post("/accounting/accounts/store",
|
||||
data={"csrf_token": csrf_token,
|
||||
"base_code": "1112",
|
||||
"title": "1112 title"})
|
||||
self.assertEqual(response.status_code, 302)
|
||||
self.assertEqual(response.headers["Location"],
|
||||
"/accounting/accounts/1112-001")
|
||||
|
||||
def test_nobody(self) -> None:
|
||||
"""Test the permission as nobody.
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
response: httpx.Response
|
||||
client: httpx.Client = self.nobody.client
|
||||
csrf_token: str = self.nobody.csrf_token
|
||||
|
||||
response = client.get("/accounting/accounts")
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.get("/accounting/accounts/1111-001")
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.get("/accounting/accounts/create")
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.post("/accounting/accounts/store",
|
||||
data={"csrf_token": csrf_token,
|
||||
"base_code": "1113",
|
||||
"title": "1113 title"})
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.get("/accounting/accounts/1111-001/edit")
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.post("/accounting/accounts/1111-001/update",
|
||||
data={"csrf_token": csrf_token,
|
||||
"base_code": "1111",
|
||||
"title": "1111 title #2"})
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.post("/accounting/accounts/1111-001/delete",
|
||||
data={"csrf_token": csrf_token})
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
def test_viewer(self) -> None:
|
||||
"""Test the permission as viewer.
|
||||
|
||||
:return: None.
|
||||
"""
|
||||
response: httpx.Response
|
||||
client: httpx.Client = self.viewer.client
|
||||
csrf_token: str = self.viewer.csrf_token
|
||||
|
||||
response = client.get("/accounting/accounts")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
response = client.get("/accounting/accounts/1111-001")
|
||||
self.assertEqual(response.status_code, 200)
|
||||
|
||||
response = client.get("/accounting/accounts/create")
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.post("/accounting/accounts/store",
|
||||
data={"csrf_token": csrf_token,
|
||||
"base_code": "1113",
|
||||
"title": "1113 title"})
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.get("/accounting/accounts/1111-001/edit")
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.post("/accounting/accounts/1111-001/update",
|
||||
data={"csrf_token": csrf_token,
|
||||
"base_code": "1111",
|
||||
"title": "1111 title #2"})
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
||||
response = client.post("/accounting/accounts/1111-001/delete",
|
||||
data={"csrf_token": csrf_token})
|
||||
self.assertEqual(response.status_code, 403)
|
||||
|
@ -21,6 +21,40 @@ from html.parser import HTMLParser
|
||||
from unittest import TestCase
|
||||
|
||||
import httpx
|
||||
from flask import Flask
|
||||
|
||||
|
||||
class UserClient:
|
||||
"""A user client."""
|
||||
|
||||
def __init__(self, client: httpx.Client, csrf_token: str):
|
||||
"""Constructs a user client.
|
||||
|
||||
:param client: The client.
|
||||
:param csrf_token: The CSRF token.
|
||||
"""
|
||||
self.client: httpx.Client = client
|
||||
self.csrf_token: str = csrf_token
|
||||
|
||||
|
||||
def get_user_client(test_case: TestCase, app: Flask, username: str) \
|
||||
-> UserClient:
|
||||
"""Returns a user client.
|
||||
|
||||
:param test_case: The test case.
|
||||
:param app: The Flask application.
|
||||
:param username: The username.
|
||||
:return: The user client.
|
||||
"""
|
||||
client: httpx.Client = httpx.Client(app=app, base_url="https://testserver")
|
||||
client.headers["Referer"] = "https://testserver"
|
||||
csrf_token: str = get_csrf_token(test_case, client, "/login")
|
||||
response: httpx.Response = client.post("/login",
|
||||
data={"csrf_token": csrf_token,
|
||||
"username": username})
|
||||
test_case.assertEqual(response.status_code, 302)
|
||||
test_case.assertEqual(response.headers["Location"], "/")
|
||||
return UserClient(client, csrf_token)
|
||||
|
||||
|
||||
def get_csrf_token(test_case: TestCase, client: httpx.Client, uri: str) -> str:
|
||||
|
Loading…
Reference in New Issue
Block a user