mirror of
https://github.com/mealie-recipes/mealie.git
synced 2025-05-31 12:15:42 -04:00
c4540f1395
* add dependency injection for get_repositories * convert events api to controller * update generic typing * add abstract controllers * update test naming * migrate admin services to controllers * add additional admin route tests * remove print * add public shared dependencies * add types * fix typo * add static variables for recipe json keys * add coverage gutters config * update controller routers * add generic success response * add category/tag/tool tests * add token refresh test * add coverage utilities * covert comments to controller * add todo * add helper properties * delete old service * update test notes * add unit test for pretty_stats * remove dead code from post_webhooks * update group routes to use controllers * add additional group test coverage * abstract common permission checks * convert ingredient parser to controller * update recipe crud to use controller * remove dead-code * add class lifespan tracker for debugging * convert bulk export to controller * migrate tools router to controller * update recipe share to controller * move customer router to _base * ignore prints in flake8 * convert units and foods to new controllers * migrate user routes to controllers * centralize error handling * fix invalid ref * reorder fields * update routers to share common handling * update tests * remove prints * fix cookbooks delete * fix cookbook get * add controller for mealplanner * cover report routes to controller * remove __future__ imports * remove dead code * remove all base_http children and remove dead code
101 lines
3.0 KiB
Python
101 lines
3.0 KiB
Python
from uuid import uuid4
|
|
|
|
from fastapi.testclient import TestClient
|
|
|
|
from mealie.repos.repository_factory import AllRepositories
|
|
from tests.utils.factories import random_bool
|
|
from tests.utils.fixture_schemas import TestUser
|
|
|
|
|
|
class Routes:
|
|
self = "/api/groups/self"
|
|
memebers = "/api/groups/members"
|
|
permissions = "/api/groups/permissions"
|
|
|
|
|
|
def get_permissions_payload(user_id: str, can_manage=None) -> dict:
|
|
return {
|
|
"user_id": user_id,
|
|
"can_manage": random_bool() if can_manage is None else can_manage,
|
|
"can_invite": random_bool(),
|
|
"can_organize": random_bool(),
|
|
}
|
|
|
|
|
|
def test_get_group_members(api_client: TestClient, user_tuple: list[TestUser]):
|
|
usr_1, usr_2 = user_tuple
|
|
|
|
response = api_client.get(Routes.memebers, headers=usr_1.token)
|
|
assert response.status_code == 200
|
|
|
|
members = response.json()
|
|
assert len(members) >= 2
|
|
|
|
all_ids = [x["id"] for x in members]
|
|
|
|
assert str(usr_1.user_id) in all_ids
|
|
assert str(usr_2.user_id) in all_ids
|
|
|
|
|
|
def test_set_memeber_permissions(api_client: TestClient, user_tuple: list[TestUser], database: AllRepositories):
|
|
usr_1, usr_2 = user_tuple
|
|
|
|
# Set Acting User
|
|
acting_user = database.users.get_one(usr_1.user_id)
|
|
acting_user.can_manage = True
|
|
database.users.update(acting_user.id, acting_user)
|
|
|
|
payload = get_permissions_payload(str(usr_2.user_id))
|
|
|
|
# Test
|
|
response = api_client.put(Routes.permissions, json=payload, headers=usr_1.token)
|
|
assert response.status_code == 200
|
|
|
|
|
|
def test_set_memeber_permissions_unauthorized(api_client: TestClient, unique_user: TestUser, database: AllRepositories):
|
|
# Setup
|
|
user = database.users.get_one(unique_user.user_id)
|
|
user.can_manage = False
|
|
database.users.update(user.id, user)
|
|
|
|
payload = get_permissions_payload(str(user.id))
|
|
payload = {
|
|
"user_id": str(user.id),
|
|
"can_manage": True,
|
|
"can_invite": True,
|
|
"can_organize": True,
|
|
}
|
|
|
|
# Test
|
|
response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)
|
|
assert response.status_code == 403
|
|
|
|
|
|
def test_set_memeber_permissions_other_group(
|
|
api_client: TestClient,
|
|
unique_user: TestUser,
|
|
g2_user: TestUser,
|
|
database: AllRepositories,
|
|
):
|
|
user = database.users.get_one(unique_user.user_id)
|
|
user.can_manage = True
|
|
database.users.update(user.id, user)
|
|
|
|
payload = get_permissions_payload(str(g2_user.user_id))
|
|
response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)
|
|
assert response.status_code == 403
|
|
|
|
|
|
def test_set_memeber_permissions_no_user(
|
|
api_client: TestClient,
|
|
unique_user: TestUser,
|
|
database: AllRepositories,
|
|
):
|
|
user = database.users.get_one(unique_user.user_id)
|
|
user.can_manage = True
|
|
database.users.update(user.id, user)
|
|
|
|
payload = get_permissions_payload(str(uuid4()))
|
|
response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)
|
|
assert response.status_code == 404
|