100 lines
3.1 KiB
Python
100 lines
3.1 KiB
Python
"""Unit tests for L1-related dependency guards.
|
|
|
|
Uses MagicMock user objects — no database required.
|
|
"""
|
|
|
|
from unittest.mock import MagicMock
|
|
from uuid import uuid4
|
|
|
|
import pytest
|
|
from fastapi import HTTPException
|
|
|
|
from app.api.deps import require_l1, require_l1_or_coverage, require_l1_or_above
|
|
|
|
|
|
def _make_user(account_role="engineer", is_super_admin=False, can_cover_l1=False):
|
|
user = MagicMock()
|
|
user.id = uuid4()
|
|
user.account_role = account_role
|
|
user.is_super_admin = is_super_admin
|
|
user.can_cover_l1 = can_cover_l1
|
|
return user
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# require_l1
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
async def test_require_l1_passes_for_l1_tech():
|
|
user = _make_user(account_role="l1_tech")
|
|
result = await require_l1(current_user=user)
|
|
assert result is user
|
|
|
|
|
|
async def test_require_l1_passes_for_super_admin():
|
|
user = _make_user(account_role="owner", is_super_admin=True)
|
|
result = await require_l1(current_user=user)
|
|
assert result is user
|
|
|
|
|
|
async def test_require_l1_blocks_engineer():
|
|
user = _make_user(account_role="engineer")
|
|
with pytest.raises(HTTPException) as exc:
|
|
await require_l1(current_user=user)
|
|
assert exc.value.status_code == 403
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# require_l1_or_coverage
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
async def test_require_l1_or_coverage_passes_l1_tech():
|
|
user = _make_user(account_role="l1_tech")
|
|
result = await require_l1_or_coverage(current_user=user)
|
|
assert result is user
|
|
|
|
|
|
async def test_require_l1_or_coverage_passes_engineer_with_flag():
|
|
user = _make_user(account_role="engineer", can_cover_l1=True)
|
|
result = await require_l1_or_coverage(current_user=user)
|
|
assert result is user
|
|
|
|
|
|
async def test_require_l1_or_coverage_blocks_engineer_without_flag():
|
|
user = _make_user(account_role="engineer", can_cover_l1=False)
|
|
with pytest.raises(HTTPException) as exc:
|
|
await require_l1_or_coverage(current_user=user)
|
|
assert exc.value.status_code == 403
|
|
|
|
|
|
async def test_require_l1_or_coverage_passes_owner_always():
|
|
user = _make_user(account_role="owner")
|
|
result = await require_l1_or_coverage(current_user=user)
|
|
assert result is user
|
|
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# require_l1_or_above
|
|
# ---------------------------------------------------------------------------
|
|
|
|
|
|
async def test_require_l1_or_above_passes_engineer():
|
|
user = _make_user(account_role="engineer")
|
|
result = await require_l1_or_above(current_user=user)
|
|
assert result is user
|
|
|
|
|
|
async def test_require_l1_or_above_passes_l1_tech():
|
|
user = _make_user(account_role="l1_tech")
|
|
result = await require_l1_or_above(current_user=user)
|
|
assert result is user
|
|
|
|
|
|
async def test_require_l1_or_above_blocks_viewer():
|
|
user = _make_user(account_role="viewer")
|
|
with pytest.raises(HTTPException) as exc:
|
|
await require_l1_or_above(current_user=user)
|
|
assert exc.value.status_code == 403
|