diff --git a/main.py b/main.py index 82e1cc4..f67391b 100644 --- a/main.py +++ b/main.py @@ -255,7 +255,10 @@ async def read_organization( params: dict = Depends(common_authenticated_parameters) ): # Get the organization only if the user is a member of it - org: Organization = params["user"].organizations.get(org_id) + org = next( + (org for org in params["user"].organizations if org.id == org_id), + None + ) if not org: raise organization.OrganizationNotFoundError() diff --git a/tests/test_organization.py b/tests/test_organization.py new file mode 100644 index 0000000..978c019 --- /dev/null +++ b/tests/test_organization.py @@ -0,0 +1,68 @@ +# test_organization.py + +from utils.models import Organization, Role +from sqlmodel import select + +def test_create_organization_success(auth_client, session, test_user): + """Test successful organization creation""" + response = auth_client.post( + "/organizations/create", + data={"name": "New Test Organization"}, + follow_redirects=False + ) + + # Check response + assert response.status_code == 303 # Redirect status code + assert "/organizations/" in response.headers["location"] + + # Verify database state + org = session.exec( + select(Organization) + .where(Organization.name == "New Test Organization") + ).first() + + assert org is not None + assert org.name == "New Test Organization" + + # Verify default roles were created + roles = session.exec( + select(Role) + .where(Role.organization_id == org.id) + ).all() + + assert len(roles) > 0 + assert any(role.name == "Owner" for role in roles) + + # Verify test_user was assigned as owner + owner_role = next(role for role in roles if role.name == "Owner") + assert test_user in owner_role.users + +def test_create_organization_empty_name(auth_client): + """Test organization creation with empty name""" + response = auth_client.post( + "/organizations/create", + data={"name": " "} # Empty or whitespace name + ) + + assert response.status_code == 400 + assert "Organization name cannot be empty" in response.text + +def test_create_organization_duplicate_name(auth_client, test_organization): + """Test organization creation with duplicate name""" + response = auth_client.post( + "/organizations/create", + data={"name": test_organization.name} + ) + + assert response.status_code == 400 + assert "Organization name already taken" in response.text + +def test_create_organization_unauthenticated(unauth_client): + """Test organization creation without authentication""" + response = unauth_client.post( + "/organizations/create", + data={"name": "Unauthorized Org"}, + follow_redirects=False + ) + + assert response.status_code == 303 # Unauthorized diff --git a/tests/test_role.py b/tests/test_role.py new file mode 100644 index 0000000..e44421b --- /dev/null +++ b/tests/test_role.py @@ -0,0 +1,111 @@ +# test_role.py + +import pytest +from utils.models import Role, Permission, ValidPermissions, User +from sqlmodel import Session, select + + +@pytest.fixture +def admin_user(session: Session, test_user: User, test_organization): + """Create an admin user with CREATE_ROLE permission""" + admin_role: Role = Role( + name="Admin", + organization_id=test_organization.id + ) + + create_role_permission: Permission | None = session.exec( + select(Permission).where(Permission.name == ValidPermissions.CREATE_ROLE) + ).first() + + if create_role_permission is None: + raise ValueError("Error during test setup: CREATE_ROLE permission not found") + + admin_role.permissions.append(create_role_permission) + session.add(admin_role) + + test_user.roles.append(admin_role) + session.commit() + + return test_user + + +def test_create_role_success(auth_client, admin_user, test_organization, session: Session): + """Test successful role creation""" + response = auth_client.post( + "/roles/create", + data={ + "name": "Test Role", + "organization_id": test_organization.id, + "permissions": [ValidPermissions.EDIT_ROLE.value] + }, + follow_redirects=False + ) + + assert response.status_code == 303 + + # Verify role was created in database + created_role = session.exec( + select(Role).where( + Role.name == "Test Role", + Role.organization_id == test_organization.id + ) + ).first() + + assert created_role is not None + assert created_role.name == "Test Role" + assert len(created_role.permissions) == 1 + assert created_role.permissions[0].name == ValidPermissions.EDIT_ROLE + + +def test_create_role_unauthorized(auth_client, test_user, test_organization): + """Test role creation without proper permissions""" + response = auth_client.post( + "/roles/create", + data={ + "name": "Test Role", + "organization_id": test_organization.id, + "permissions": [ValidPermissions.EDIT_ROLE.value] + }, + follow_redirects=False + ) + + assert response.status_code == 403 + + +def test_create_duplicate_role(auth_client, admin_user, test_organization, session: Session): + """Test creating a role with a name that already exists in the organization""" + # Create initial role + existing_role = Role( + name="Existing Role", + organization_id=test_organization.id + ) + session.add(existing_role) + session.commit() + + # Attempt to create role with same name + response = auth_client.post( + "/roles/create", + data={ + "name": "Existing Role", + "organization_id": test_organization.id, + "permissions": [ValidPermissions.EDIT_ROLE.value] + }, + follow_redirects=False + ) + + assert response.status_code == 400 + + +def test_create_role_unauthenticated(unauth_client, test_organization): + """Test role creation without authentication""" + response = unauth_client.post( + "/roles/create", + data={ + "name": "Test Role", + "organization_id": test_organization.id, + "permissions": [ValidPermissions.EDIT_ROLE.value] + }, + follow_redirects=False + ) + + assert response.status_code == 303