Lars/shinkan-jinkendo
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 3 Wiki Activity
de939481ba
shinkan-jinkendo/backend/tests/test_account_capabilities.py
Lars 30dc30c7aa
Some checks failed
Deploy Development / deploy (push) Successful in 43s
Details
Test Suite / pytest-backend (push) Failing after 0s
Details
Test Suite / lint-backend (push) Successful in 0s
Details
Test Suite / build-frontend (push) Successful in 14s
Details
Test Suite / k6 /health Baseline (push) Failing after 4m0s
Details
Test Suite / playwright-tests (push) Failing after 3m41s
Details
Enhance Tenant Context and Access Control Features 
- Introduced `email_verified` and `account_state` attributes in the `TenantContext` to improve user state management.
- Updated the `resolve_tenant_context` function to dynamically fetch `email_verified` status from the database and determine `account_state` based on user roles and memberships.
- Implemented `assert_min_account_state` checks across various endpoints to enforce access control based on user account status.
- Incremented version to 1.1.0 in version.py to reflect these enhancements in tenant context management and access control.
2026-06-06 21:10:52 +02:00

87 lines
2.6 KiB
Python
Raw Blame History

"""Unit-Tests für Account-Lifecycle und Capability-Helfer (ohne DB)."""
import pytest
from fastapi import HTTPException
from account_lifecycle import (
account_state_satisfies,
assert_min_account_state,
resolve_account_state,
)
from capabilities import club_roles_in_club
from tenant_context import TenantContext
def test_resolve_account_state_platform_admin():
assert (
resolve_account_state(email_verified=False, global_role="superadmin", has_active_membership=False)
== "platform_admin"
)
def test_resolve_account_state_unverified():
assert (
resolve_account_state(email_verified=False, global_role="trainer", has_active_membership=True)
== "unverified"
)
def test_resolve_account_state_pending_club():
assert (
resolve_account_state(email_verified=True, global_role="user", has_active_membership=False)
== "verified_pending_club"
)
def test_resolve_account_state_active_member():
assert (
resolve_account_state(email_verified=True, global_role="trainer", has_active_membership=True)
== "active_member"
)
def test_account_state_satisfies():
assert account_state_satisfies("active_member", "active_member")
assert account_state_satisfies("active_member", "verified_pending_club")
assert not account_state_satisfies("verified_pending_club", "active_member")
assert account_state_satisfies("platform_admin", "active_member")
def test_assert_min_account_state_blocks(monkeypatch):
monkeypatch.setenv("ACCOUNT_GATE_ENFORCE", "1")
tenant = TenantContext(
profile_id=1,
global_role="user",
effective_club_id=None,
club_ids=frozenset(),
memberships=[],
account_state="verified_pending_club",
)
with pytest.raises(HTTPException) as exc:
assert_min_account_state(tenant, "active_member")
assert exc.value.status_code == 403
def test_assert_min_account_state_off(monkeypatch):
monkeypatch.setenv("ACCOUNT_GATE_ENFORCE", "0")
tenant = TenantContext(
profile_id=1,
global_role="user",
effective_club_id=None,
club_ids=frozenset(),
memberships=[],
account_state="verified_pending_club",
)
assert_min_account_state(tenant, "active_member")
def test_club_roles_in_club():
tenant = TenantContext(
profile_id=1,
global_role="trainer",
effective_club_id=5,
club_ids=frozenset({5}),
memberships=[{"id": 5, "roles": ["trainer", "club_admin"]}],
)
assert club_roles_in_club(tenant, 5) == ["trainer", "club_admin"]
assert club_roles_in_club(tenant, 99) == []
Reference in New Issue View Git Blame Copy Permalink