|
7 | 7 | from app import crud |
8 | 8 | from app.core.config import settings |
9 | 9 | from app.core.security import verify_password |
10 | | -from app.models import User, UserCreate |
11 | | -from tests.utils.user import create_random_user |
| 10 | +from app.models import User, UserCreate, UserRole |
| 11 | +from tests.utils.user import ( |
| 12 | + create_random_user, |
| 13 | + create_user_with_role, |
| 14 | + user_authentication_headers, |
| 15 | +) |
12 | 16 | from tests.utils.utils import random_email, random_lower_string |
13 | 17 |
|
14 | 18 |
|
@@ -519,3 +523,36 @@ def test_delete_user_without_privileges( |
519 | 523 | ) |
520 | 524 | assert r.status_code == 403 |
521 | 525 | assert r.json()["detail"] == "The user doesn't have enough privileges" |
| 526 | + |
| 527 | + |
| 528 | +def test_manager_can_retrieve_users(client: TestClient, db: Session) -> None: |
| 529 | + manager, password = create_user_with_role(db=db, role=UserRole.manager) |
| 530 | + headers = user_authentication_headers( |
| 531 | + client=client, email=manager.email, password=password |
| 532 | + ) |
| 533 | + |
| 534 | + r = client.get(f"{settings.API_V1_STR}/users/", headers=headers) |
| 535 | + |
| 536 | + assert r.status_code == 200 |
| 537 | + assert "data" in r.json() |
| 538 | + |
| 539 | + |
| 540 | +def test_member_cannot_retrieve_users( |
| 541 | + client: TestClient, normal_user_token_headers: dict[str, str] |
| 542 | +) -> None: |
| 543 | + r = client.get(f"{settings.API_V1_STR}/users/", headers=normal_user_token_headers) |
| 544 | + |
| 545 | + assert r.status_code == 403 |
| 546 | + assert r.json()["detail"] == "The user doesn't have enough privileges" |
| 547 | + |
| 548 | + |
| 549 | +def test_manager_cannot_create_user(client: TestClient, db: Session) -> None: |
| 550 | + manager, password = create_user_with_role(db=db, role=UserRole.manager) |
| 551 | + headers = user_authentication_headers( |
| 552 | + client=client, email=manager.email, password=password |
| 553 | + ) |
| 554 | + data = {"email": random_email(), "password": random_lower_string()} |
| 555 | + |
| 556 | + r = client.post(f"{settings.API_V1_STR}/users/", headers=headers, json=data) |
| 557 | + |
| 558 | + assert r.status_code == 403 |
0 commit comments