Added the AccountTestCase test case with the test_nobody and test_viewer tests.
This commit is contained in:
parent
3312c835fd
commit
dd3690dd6a
@ -20,11 +20,13 @@
|
|||||||
"""
|
"""
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
|
import httpx
|
||||||
import sqlalchemy as sa
|
import sqlalchemy as sa
|
||||||
from click.testing import Result
|
from click.testing import Result
|
||||||
from flask import Flask
|
from flask import Flask
|
||||||
from flask.testing import FlaskCliRunner
|
from flask.testing import FlaskCliRunner
|
||||||
|
|
||||||
|
from testlib import UserClient, get_user_client
|
||||||
from testsite import create_app
|
from testsite import create_app
|
||||||
|
|
||||||
|
|
||||||
@ -80,3 +82,127 @@ class AccountCommandTestCase(unittest.TestCase):
|
|||||||
self.assertEqual(account.title_l10n, base.title_l10n)
|
self.assertEqual(account.title_l10n, base.title_l10n)
|
||||||
self.assertEqual({x.locale: x.title for x in account.l10n},
|
self.assertEqual({x.locale: x.title for x in account.l10n},
|
||||||
{x.locale: x.title for x in base.l10n})
|
{x.locale: x.title for x in base.l10n})
|
||||||
|
|
||||||
|
|
||||||
|
class AccountTestCase(unittest.TestCase):
|
||||||
|
"""The account test case."""
|
||||||
|
|
||||||
|
def setUp(self) -> None:
|
||||||
|
"""Sets up the test.
|
||||||
|
This is run once per test.
|
||||||
|
|
||||||
|
:return: None.
|
||||||
|
"""
|
||||||
|
self.app: Flask = create_app(is_testing=True)
|
||||||
|
|
||||||
|
runner: FlaskCliRunner = self.app.test_cli_runner()
|
||||||
|
with self.app.app_context():
|
||||||
|
from accounting.database import db
|
||||||
|
from accounting.models import BaseAccount, Account, AccountL10n
|
||||||
|
result: Result
|
||||||
|
result = runner.invoke(args="init-db")
|
||||||
|
self.assertEqual(result.exit_code, 0)
|
||||||
|
if BaseAccount.query.first() is None:
|
||||||
|
result = runner.invoke(args="accounting-init-base")
|
||||||
|
self.assertEqual(result.exit_code, 0)
|
||||||
|
AccountL10n.query.delete()
|
||||||
|
Account.query.delete()
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
self.viewer: UserClient = get_user_client(self, self.app, "viewer")
|
||||||
|
self.editor: UserClient = get_user_client(self, self.app, "editor")
|
||||||
|
self.nobody: UserClient = get_user_client(self, self.app, "nobody")
|
||||||
|
|
||||||
|
client: httpx.Client = self.editor.client
|
||||||
|
csrf_token: str = self.editor.csrf_token
|
||||||
|
response: httpx.Response
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/store",
|
||||||
|
data={"csrf_token": csrf_token,
|
||||||
|
"base_code": "1111",
|
||||||
|
"title": "1111 title"})
|
||||||
|
self.assertEqual(response.status_code, 302)
|
||||||
|
self.assertEqual(response.headers["Location"],
|
||||||
|
"/accounting/accounts/1111-001")
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/store",
|
||||||
|
data={"csrf_token": csrf_token,
|
||||||
|
"base_code": "1112",
|
||||||
|
"title": "1112 title"})
|
||||||
|
self.assertEqual(response.status_code, 302)
|
||||||
|
self.assertEqual(response.headers["Location"],
|
||||||
|
"/accounting/accounts/1112-001")
|
||||||
|
|
||||||
|
def test_nobody(self) -> None:
|
||||||
|
"""Test the permission as nobody.
|
||||||
|
|
||||||
|
:return: None.
|
||||||
|
"""
|
||||||
|
response: httpx.Response
|
||||||
|
client: httpx.Client = self.nobody.client
|
||||||
|
csrf_token: str = self.nobody.csrf_token
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts")
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts/1111-001")
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts/create")
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/store",
|
||||||
|
data={"csrf_token": csrf_token,
|
||||||
|
"base_code": "1113",
|
||||||
|
"title": "1113 title"})
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts/1111-001/edit")
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/1111-001/update",
|
||||||
|
data={"csrf_token": csrf_token,
|
||||||
|
"base_code": "1111",
|
||||||
|
"title": "1111 title #2"})
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/1111-001/delete",
|
||||||
|
data={"csrf_token": csrf_token})
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
def test_viewer(self) -> None:
|
||||||
|
"""Test the permission as viewer.
|
||||||
|
|
||||||
|
:return: None.
|
||||||
|
"""
|
||||||
|
response: httpx.Response
|
||||||
|
client: httpx.Client = self.viewer.client
|
||||||
|
csrf_token: str = self.viewer.csrf_token
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts")
|
||||||
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts/1111-001")
|
||||||
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts/create")
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/store",
|
||||||
|
data={"csrf_token": csrf_token,
|
||||||
|
"base_code": "1113",
|
||||||
|
"title": "1113 title"})
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.get("/accounting/accounts/1111-001/edit")
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/1111-001/update",
|
||||||
|
data={"csrf_token": csrf_token,
|
||||||
|
"base_code": "1111",
|
||||||
|
"title": "1111 title #2"})
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
response = client.post("/accounting/accounts/1111-001/delete",
|
||||||
|
data={"csrf_token": csrf_token})
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
@ -21,6 +21,40 @@ from html.parser import HTMLParser
|
|||||||
from unittest import TestCase
|
from unittest import TestCase
|
||||||
|
|
||||||
import httpx
|
import httpx
|
||||||
|
from flask import Flask
|
||||||
|
|
||||||
|
|
||||||
|
class UserClient:
|
||||||
|
"""A user client."""
|
||||||
|
|
||||||
|
def __init__(self, client: httpx.Client, csrf_token: str):
|
||||||
|
"""Constructs a user client.
|
||||||
|
|
||||||
|
:param client: The client.
|
||||||
|
:param csrf_token: The CSRF token.
|
||||||
|
"""
|
||||||
|
self.client: httpx.Client = client
|
||||||
|
self.csrf_token: str = csrf_token
|
||||||
|
|
||||||
|
|
||||||
|
def get_user_client(test_case: TestCase, app: Flask, username: str) \
|
||||||
|
-> UserClient:
|
||||||
|
"""Returns a user client.
|
||||||
|
|
||||||
|
:param test_case: The test case.
|
||||||
|
:param app: The Flask application.
|
||||||
|
:param username: The username.
|
||||||
|
:return: The user client.
|
||||||
|
"""
|
||||||
|
client: httpx.Client = httpx.Client(app=app, base_url="https://testserver")
|
||||||
|
client.headers["Referer"] = "https://testserver"
|
||||||
|
csrf_token: str = get_csrf_token(test_case, client, "/login")
|
||||||
|
response: httpx.Response = client.post("/login",
|
||||||
|
data={"csrf_token": csrf_token,
|
||||||
|
"username": username})
|
||||||
|
test_case.assertEqual(response.status_code, 302)
|
||||||
|
test_case.assertEqual(response.headers["Location"], "/")
|
||||||
|
return UserClient(client, csrf_token)
|
||||||
|
|
||||||
|
|
||||||
def get_csrf_token(test_case: TestCase, client: httpx.Client, uri: str) -> str:
|
def get_csrf_token(test_case: TestCase, client: httpx.Client, uri: str) -> str:
|
||||||
|
Loading…
Reference in New Issue
Block a user