Added the AccountTestCase test case with the test_nobody and test_viewer tests.

This commit is contained in:
依瑪貓 2023-02-01 23:59:42 +08:00
parent 3312c835fd
commit dd3690dd6a
2 changed files with 160 additions and 0 deletions

View File

@ -20,11 +20,13 @@
""" """
import unittest import unittest
import httpx
import sqlalchemy as sa import sqlalchemy as sa
from click.testing import Result from click.testing import Result
from flask import Flask from flask import Flask
from flask.testing import FlaskCliRunner from flask.testing import FlaskCliRunner
from testlib import UserClient, get_user_client
from testsite import create_app from testsite import create_app
@ -80,3 +82,127 @@ class AccountCommandTestCase(unittest.TestCase):
self.assertEqual(account.title_l10n, base.title_l10n) self.assertEqual(account.title_l10n, base.title_l10n)
self.assertEqual({x.locale: x.title for x in account.l10n}, self.assertEqual({x.locale: x.title for x in account.l10n},
{x.locale: x.title for x in base.l10n}) {x.locale: x.title for x in base.l10n})
class AccountTestCase(unittest.TestCase):
"""The account test case."""
def setUp(self) -> None:
"""Sets up the test.
This is run once per test.
:return: None.
"""
self.app: Flask = create_app(is_testing=True)
runner: FlaskCliRunner = self.app.test_cli_runner()
with self.app.app_context():
from accounting.database import db
from accounting.models import BaseAccount, Account, AccountL10n
result: Result
result = runner.invoke(args="init-db")
self.assertEqual(result.exit_code, 0)
if BaseAccount.query.first() is None:
result = runner.invoke(args="accounting-init-base")
self.assertEqual(result.exit_code, 0)
AccountL10n.query.delete()
Account.query.delete()
db.session.commit()
self.viewer: UserClient = get_user_client(self, self.app, "viewer")
self.editor: UserClient = get_user_client(self, self.app, "editor")
self.nobody: UserClient = get_user_client(self, self.app, "nobody")
client: httpx.Client = self.editor.client
csrf_token: str = self.editor.csrf_token
response: httpx.Response
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1111",
"title": "1111 title"})
self.assertEqual(response.status_code, 302)
self.assertEqual(response.headers["Location"],
"/accounting/accounts/1111-001")
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1112",
"title": "1112 title"})
self.assertEqual(response.status_code, 302)
self.assertEqual(response.headers["Location"],
"/accounting/accounts/1112-001")
def test_nobody(self) -> None:
"""Test the permission as nobody.
:return: None.
"""
response: httpx.Response
client: httpx.Client = self.nobody.client
csrf_token: str = self.nobody.csrf_token
response = client.get("/accounting/accounts")
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/1111-001")
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/create")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1113",
"title": "1113 title"})
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/1111-001/edit")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/update",
data={"csrf_token": csrf_token,
"base_code": "1111",
"title": "1111 title #2"})
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/delete",
data={"csrf_token": csrf_token})
self.assertEqual(response.status_code, 403)
def test_viewer(self) -> None:
"""Test the permission as viewer.
:return: None.
"""
response: httpx.Response
client: httpx.Client = self.viewer.client
csrf_token: str = self.viewer.csrf_token
response = client.get("/accounting/accounts")
self.assertEqual(response.status_code, 200)
response = client.get("/accounting/accounts/1111-001")
self.assertEqual(response.status_code, 200)
response = client.get("/accounting/accounts/create")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1113",
"title": "1113 title"})
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/1111-001/edit")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/update",
data={"csrf_token": csrf_token,
"base_code": "1111",
"title": "1111 title #2"})
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/delete",
data={"csrf_token": csrf_token})
self.assertEqual(response.status_code, 403)

View File

@ -21,6 +21,40 @@ from html.parser import HTMLParser
from unittest import TestCase from unittest import TestCase
import httpx import httpx
from flask import Flask
class UserClient:
"""A user client."""
def __init__(self, client: httpx.Client, csrf_token: str):
"""Constructs a user client.
:param client: The client.
:param csrf_token: The CSRF token.
"""
self.client: httpx.Client = client
self.csrf_token: str = csrf_token
def get_user_client(test_case: TestCase, app: Flask, username: str) \
-> UserClient:
"""Returns a user client.
:param test_case: The test case.
:param app: The Flask application.
:param username: The username.
:return: The user client.
"""
client: httpx.Client = httpx.Client(app=app, base_url="https://testserver")
client.headers["Referer"] = "https://testserver"
csrf_token: str = get_csrf_token(test_case, client, "/login")
response: httpx.Response = client.post("/login",
data={"csrf_token": csrf_token,
"username": username})
test_case.assertEqual(response.status_code, 302)
test_case.assertEqual(response.headers["Location"], "/")
return UserClient(client, csrf_token)
def get_csrf_token(test_case: TestCase, client: httpx.Client, uri: str) -> str: def get_csrf_token(test_case: TestCase, client: httpx.Client, uri: str) -> str: