vitor
/
orquestrador
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
feat/self-evolving-tools-foundation
main
chore/observability-latency-markers
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '82a12ff464'
${ noResults }
orquestrador/tests/test_admin_authorization_we...

100 lines
3.8 KiB
Python
Raw Blame History

import unittest
from datetime import datetime, timezone
from fastapi.testclient import TestClient
from admin_app.api.dependencies import get_audit_service, get_current_staff_principal
from admin_app.app_factory import create_app
from admin_app.core import AuthenticatedStaffPrincipal, AdminSettings
from admin_app.db.models import AuditLog
from shared.contracts import StaffRole
class _FakeAuditService:
def list_recent(self, limit: int = 50) -> list[AuditLog]:
return [
AuditLog(
id=1,
actor_staff_account_id=10,
event_type="staff.login.succeeded",
resource_type="staff_account",
resource_id="10",
outcome="success",
message="Login administrativo concluido.",
payload_json={"session_id": 77},
ip_address="127.0.0.1",
user_agent="pytest",
created_at=datetime(2026, 3, 26, 12, 0, tzinfo=timezone.utc),
)
]
class AdminAuthorizationWebTests(unittest.TestCase):
def _build_client_with_role(self, role: StaffRole) -> tuple[TestClient, object]:
app = create_app(AdminSettings(admin_auth_token_secret="test-secret"))
app.dependency_overrides[get_current_staff_principal] = lambda: AuthenticatedStaffPrincipal(
id=10,
email="staff@empresa.com",
display_name="Equipe Interna",
role=role,
is_active=True,
)
app.dependency_overrides[get_audit_service] = lambda: _FakeAuditService()
return TestClient(app), app
def test_system_info_requires_authentication(self):
app = create_app(AdminSettings(admin_auth_token_secret="test-secret"))
client = TestClient(app)
response = client.get("/system/info")
self.assertEqual(response.status_code, 401)
self.assertEqual(response.json()["detail"], "Autenticacao administrativa obrigatoria.")
def test_viewer_can_access_system_info(self):
client, app = self._build_client_with_role(StaffRole.VIEWER)
try:
response = client.get("/system/info", headers={"Authorization": "Bearer token"})
finally:
app.dependency_overrides.clear()
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["service"], "orquestrador-admin")
def test_viewer_can_access_audit_events(self):
client, app = self._build_client_with_role(StaffRole.VIEWER)
try:
response = client.get("/audit/events", headers={"Authorization": "Bearer token"})
finally:
app.dependency_overrides.clear()
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["events"][0]["event_type"], "staff.login.succeeded")
def test_staff_cannot_access_admin_only_capability(self):
client, app = self._build_client_with_role(StaffRole.STAFF)
try:
response = client.get("/system/admin-capabilities", headers={"Authorization": "Bearer token"})
finally:
app.dependency_overrides.clear()
self.assertEqual(response.status_code, 403)
self.assertEqual(
response.json()["detail"],
"Permissao administrativa insuficiente: 'manage_settings'.",
)
def test_admin_can_access_admin_only_capability(self):
client, app = self._build_client_with_role(StaffRole.ADMIN)
try:
response = client.get("/system/admin-capabilities", headers={"Authorization": "Bearer token"})
finally:
app.dependency_overrides.clear()
self.assertEqual(response.status_code, 200)
self.assertTrue(response.json()["allowed"])
self.assertEqual(response.json()["role"], "admin")
if __name__ == "__main__":
unittest.main()
Reference in New Issue View Git Blame Copy Permalink