chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
c5bf0ad00e49085dbbd86ae66ce772bd1522091f
resolutionflow/backend/tests/test_target_lists.py
chihlasm adcdf39d35 fix: clean migration, cross-team isolation test, and PUT field-set fix for target_lists 
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-17 11:29:25 -05:00

154 lines
5.0 KiB
Python
Raw Blame History

"""Tests for target lists CRUD."""
import pytest
from httpx import AsyncClient
from sqlalchemy.ext.asyncio import AsyncSession
from app.models.team import Team
from app.models.user import User
from sqlalchemy import select
@pytest.fixture
async def auth_headers(client: AsyncClient, test_db: AsyncSession, test_user: dict):
"""Override auth_headers to ensure the test user has a team_id assigned."""
# Fetch the user from DB and assign a team
result = await test_db.execute(select(User).where(User.email == test_user["email"]))
user = result.scalar_one()
# Create a team and assign the user to it
team = Team(name="Test Team")
test_db.add(team)
await test_db.flush()
user.team_id = team.id
await test_db.commit()
# Re-login to get a fresh token
login_data = {
"email": test_user["email"],
"password": test_user["password"],
}
resp = await client.post("/api/v1/auth/login/json", json=login_data)
assert resp.status_code == 200
token_data = resp.json()
return {"Authorization": f"Bearer {token_data['access_token']}"}
@pytest.mark.asyncio
async def test_create_target_list(client: AsyncClient, auth_headers: dict):
resp = await client.post(
"/api/v1/target-lists/",
json={
"name": "RDS Farm A",
"description": "Production RDS servers",
"targets": [
{"label": "RDS-01", "notes": "192.168.1.10"},
{"label": "RDS-02", "notes": "192.168.1.11"},
],
},
headers=auth_headers,
)
assert resp.status_code == 201, resp.text
data = resp.json()
assert data["name"] == "RDS Farm A"
assert len(data["targets"]) == 2
@pytest.mark.asyncio
async def test_list_target_lists(client: AsyncClient, auth_headers: dict):
resp = await client.get("/api/v1/target-lists/", headers=auth_headers)
assert resp.status_code == 200
assert isinstance(resp.json(), list)
@pytest.mark.asyncio
async def test_get_target_list(client: AsyncClient, auth_headers: dict):
create = await client.post(
"/api/v1/target-lists/",
json={"name": "Get Test", "targets": [{"label": "SRV-01"}]},
headers=auth_headers,
)
list_id = create.json()["id"]
resp = await client.get(f"/api/v1/target-lists/{list_id}", headers=auth_headers)
assert resp.status_code == 200
assert resp.json()["name"] == "Get Test"
@pytest.mark.asyncio
async def test_update_target_list(client: AsyncClient, auth_headers: dict):
create = await client.post(
"/api/v1/target-lists/",
json={"name": "Old Name", "targets": [{"label": "SRV-01"}]},
headers=auth_headers,
)
list_id = create.json()["id"]
resp = await client.put(
f"/api/v1/target-lists/{list_id}",
json={"name": "New Name", "targets": [{"label": "SRV-01"}, {"label": "SRV-02"}]},
headers=auth_headers,
)
assert resp.status_code == 200
assert resp.json()["name"] == "New Name"
assert len(resp.json()["targets"]) == 2
@pytest.mark.asyncio
async def test_delete_target_list(client: AsyncClient, auth_headers: dict):
create = await client.post(
"/api/v1/target-lists/",
json={"name": "To Delete", "targets": [{"label": "X"}]},
headers=auth_headers,
)
list_id = create.json()["id"]
resp = await client.delete(f"/api/v1/target-lists/{list_id}", headers=auth_headers)
assert resp.status_code == 204
get = await client.get(f"/api/v1/target-lists/{list_id}", headers=auth_headers)
assert get.status_code == 404
@pytest.mark.asyncio
async def test_cannot_access_other_teams_list(client: AsyncClient, auth_headers: dict, test_db):
"""User from team B cannot access team A's list."""
import uuid
from app.models.team import Team
from app.models.user import User
from app.core.security import get_password_hash
# Create team A list using existing auth_headers
create = await client.post(
"/api/v1/target-lists/",
json={"name": "Team A List", "targets": [{"label": "SRV-A"}]},
headers=auth_headers,
)
assert create.status_code == 201
list_id = create.json()["id"]
# Create a separate team B with its own user
team_b = Team(name=f"Team B {uuid.uuid4()}")
test_db.add(team_b)
await test_db.flush()
user_b = User(
email=f"userb_{uuid.uuid4()}@test.com",
password_hash=get_password_hash("password123"),
name="User B",
is_active=True,
team_id=team_b.id,
role="engineer",
)
test_db.add(user_b)
await test_db.flush()
# Get auth token for user B
login = await client.post(
"/api/v1/auth/login/json",
json={"email": user_b.email, "password": "password123"},
)
assert login.status_code == 200
token_b = login.json()["access_token"]
headers_b = {"Authorization": f"Bearer {token_b}"}
# Team B cannot access Team A's list
resp = await client.get(f"/api/v1/target-lists/{list_id}", headers=headers_b)
assert resp.status_code == 404
Reference in New Issue View Git Blame Copy Permalink