Added the AccountTestCase test case with the test_nobody and test_viewer tests.

This commit is contained in:
依瑪貓 2023-02-01 23:59:42 +08:00
parent 3312c835fd
commit dd3690dd6a
2 changed files with 160 additions and 0 deletions

View File

@ -20,11 +20,13 @@
"""
import unittest
import httpx
import sqlalchemy as sa
from click.testing import Result
from flask import Flask
from flask.testing import FlaskCliRunner
from testlib import UserClient, get_user_client
from testsite import create_app
@ -80,3 +82,127 @@ class AccountCommandTestCase(unittest.TestCase):
self.assertEqual(account.title_l10n, base.title_l10n)
self.assertEqual({x.locale: x.title for x in account.l10n},
{x.locale: x.title for x in base.l10n})
class AccountTestCase(unittest.TestCase):
"""The account test case."""
def setUp(self) -> None:
"""Sets up the test.
This is run once per test.
:return: None.
"""
self.app: Flask = create_app(is_testing=True)
runner: FlaskCliRunner = self.app.test_cli_runner()
with self.app.app_context():
from accounting.database import db
from accounting.models import BaseAccount, Account, AccountL10n
result: Result
result = runner.invoke(args="init-db")
self.assertEqual(result.exit_code, 0)
if BaseAccount.query.first() is None:
result = runner.invoke(args="accounting-init-base")
self.assertEqual(result.exit_code, 0)
AccountL10n.query.delete()
Account.query.delete()
db.session.commit()
self.viewer: UserClient = get_user_client(self, self.app, "viewer")
self.editor: UserClient = get_user_client(self, self.app, "editor")
self.nobody: UserClient = get_user_client(self, self.app, "nobody")
client: httpx.Client = self.editor.client
csrf_token: str = self.editor.csrf_token
response: httpx.Response
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1111",
"title": "1111 title"})
self.assertEqual(response.status_code, 302)
self.assertEqual(response.headers["Location"],
"/accounting/accounts/1111-001")
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1112",
"title": "1112 title"})
self.assertEqual(response.status_code, 302)
self.assertEqual(response.headers["Location"],
"/accounting/accounts/1112-001")
def test_nobody(self) -> None:
"""Test the permission as nobody.
:return: None.
"""
response: httpx.Response
client: httpx.Client = self.nobody.client
csrf_token: str = self.nobody.csrf_token
response = client.get("/accounting/accounts")
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/1111-001")
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/create")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1113",
"title": "1113 title"})
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/1111-001/edit")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/update",
data={"csrf_token": csrf_token,
"base_code": "1111",
"title": "1111 title #2"})
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/delete",
data={"csrf_token": csrf_token})
self.assertEqual(response.status_code, 403)
def test_viewer(self) -> None:
"""Test the permission as viewer.
:return: None.
"""
response: httpx.Response
client: httpx.Client = self.viewer.client
csrf_token: str = self.viewer.csrf_token
response = client.get("/accounting/accounts")
self.assertEqual(response.status_code, 200)
response = client.get("/accounting/accounts/1111-001")
self.assertEqual(response.status_code, 200)
response = client.get("/accounting/accounts/create")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/store",
data={"csrf_token": csrf_token,
"base_code": "1113",
"title": "1113 title"})
self.assertEqual(response.status_code, 403)
response = client.get("/accounting/accounts/1111-001/edit")
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/update",
data={"csrf_token": csrf_token,
"base_code": "1111",
"title": "1111 title #2"})
self.assertEqual(response.status_code, 403)
response = client.post("/accounting/accounts/1111-001/delete",
data={"csrf_token": csrf_token})
self.assertEqual(response.status_code, 403)

View File

@ -21,6 +21,40 @@ from html.parser import HTMLParser
from unittest import TestCase
import httpx
from flask import Flask
class UserClient:
"""A user client."""
def __init__(self, client: httpx.Client, csrf_token: str):
"""Constructs a user client.
:param client: The client.
:param csrf_token: The CSRF token.
"""
self.client: httpx.Client = client
self.csrf_token: str = csrf_token
def get_user_client(test_case: TestCase, app: Flask, username: str) \
-> UserClient:
"""Returns a user client.
:param test_case: The test case.
:param app: The Flask application.
:param username: The username.
:return: The user client.
"""
client: httpx.Client = httpx.Client(app=app, base_url="https://testserver")
client.headers["Referer"] = "https://testserver"
csrf_token: str = get_csrf_token(test_case, client, "/login")
response: httpx.Response = client.post("/login",
data={"csrf_token": csrf_token,
"username": username})
test_case.assertEqual(response.status_code, 302)
test_case.assertEqual(response.headers["Location"], "/")
return UserClient(client, csrf_token)
def get_csrf_token(test_case: TestCase, client: httpx.Client, uri: str) -> str: