add pytest. pruebas de roles de usuario y permisos de acceso a los productos

Sublian · Sublian · commit ae1a4b001360 · 2025-12-08T22:44:18.000-05:00
diff --git a/pytest.ini b/pytest.ini
@@ -0,0 +1,4 @@
+[pytest]
+DJANGO_SETTINGS_MODULE = myproject.settings
+python_files = tests.py test_*.py *_tests.py
+addopts = -v -s
diff --git a/requirements.txt b/requirements.txt
@@ -2,11 +2,18 @@ asgiref==3.11.0
 Django==4.2.7
 djangorestframework==3.14.0
 djangorestframework_simplejwt==5.5.1
+factory_boy==3.3.3
 Faker==38.2.0
 gunicorn==21.2.0
+iniconfig==2.3.0
 packaging==25.0
+pluggy==1.6.0
 psycopg2-binary==2.9.9
+Pygments==2.19.2
 PyJWT==2.10.1
+pytest==9.0.2
+pytest-django==4.11.1
+pytest-mock==3.15.1
 pytz==2025.2
 sqlparse==0.5.4
 tzdata==2025.2
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -0,0 +1,42 @@
+import pytest
+from rest_framework.test import APIClient
+from django.contrib.auth import get_user_model
+from factories import AdminFactory, StaffFactory, UserFactory
+
+User = get_user_model()
+
+
+@pytest.fixture
+def api_client():
+    return APIClient()
+
+
+@pytest.fixture
+def admin_user():
+    return AdminFactory()
+
+
+@pytest.fixture
+def staff_user():
+    return StaffFactory()
+
+
+@pytest.fixture
+def client_user():
+    return UserFactory()
+
+
+@pytest.fixture
+def get_token(api_client):
+    def _get_token(user):
+        response = api_client.post(
+            "/api/login/",
+            {
+                "username": user.username,
+                "password": "123456"
+            },
+            format="json"
+        )
+        return response.data["access"]
+
+    return _get_token
diff --git a/tests/factories.py b/tests/factories.py
@@ -0,0 +1,34 @@
+import factory
+from django.contrib.auth import get_user_model
+from products.models import Product
+import random
+
+User = get_user_model()
+
+class UserFactory(factory.django.DjangoModelFactory):
+    class Meta:
+        model = User
+
+    username = factory.Sequence(lambda n: f"user{n}")
+    email = factory.LazyAttribute(lambda o: f"{o.username}@test.com")
+    password = factory.PostGenerationMethodCall('set_password', '123456')
+    role = 'CLIENTE'
+
+
+class AdminFactory(UserFactory):
+    role = 'ADMIN'
+
+
+class StaffFactory(UserFactory):
+    role = 'STAFF'
+
+
+class ProductFactory(factory.django.DjangoModelFactory):
+    class Meta:
+        model = Product
+
+    name = factory.Faker('word')
+    price = factory.Faker('pydecimal', left_digits=3, right_digits=2, positive=True)
+    stock = factory.Faker('random_int', min=1, max=100)
+    is_public = True
+    owner = factory.SubFactory(UserFactory)
diff --git a/tests/test_auth.py b/tests/test_auth.py
@@ -0,0 +1,21 @@
+import pytest
+
+@pytest.mark.django_db
+def test_jwt_login_success(api_client, client_user):
+    response = api_client.post(
+        "/api/login/",
+        {
+            "username": client_user.username,
+            "password": "123456"
+        },
+        format="json"
+    )
+
+    assert response.status_code == 200
+    assert "access" in response.data
+    assert "refresh" in response.data
+
+@pytest.mark.django_db
+def test_protected_without_token(api_client):
+    response = api_client.get("/api/protected/")
+    assert response.status_code == 401
diff --git a/tests/test_products.py b/tests/test_products.py
@@ -0,0 +1,64 @@
+import pytest
+from factories import ProductFactory
+
+
+@pytest.mark.django_db
+def test_client_cannot_create_product(api_client, client_user, get_token):
+    token = get_token(client_user)
+
+    api_client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
+
+    response = api_client.post(
+        "/api/products/",
+        {
+            "name": "Producto Prohibido",
+            "price": "100.00",
+            "stock": 10,
+            "is_public": True,
+        },
+        format="json"
+    )
+
+    assert response.status_code == 403
+
+
+@pytest.mark.django_db
+def test_staff_can_create_product(api_client, staff_user, get_token):
+    token = get_token(staff_user)
+    api_client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
+
+    response = api_client.post(
+        "/api/products/",
+        {
+            "name": "Producto Staff",
+            "price": "50.00",
+            "stock": 5,
+            "is_public": True,
+        },
+        format="json"
+    )
+
+    assert response.status_code == 201
+
+
+@pytest.mark.django_db
+def test_staff_cannot_delete_product(api_client, staff_user, get_token):
+    product = ProductFactory()
+
+    token = get_token(staff_user)
+    api_client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
+
+    response = api_client.delete(f"/api/products/{product.id}/")
+
+    assert response.status_code == 403
+
+@pytest.mark.django_db
+def test_admin_can_delete_product(api_client, admin_user, get_token):
+    product = ProductFactory()
+
+    token = get_token(admin_user)
+    api_client.credentials(HTTP_AUTHORIZATION=f"Bearer {token}")
+
+    response = api_client.delete(f"/api/products/{product.id}/")
+
+    assert response.status_code == 204
diff --git a/users/models.py b/users/models.py
@@ -28,4 +28,4 @@ class Meta:
         ordering = ['-created_at']
 
     def __str__(self):
-        return self.username
+        return f"{self.username} - {self.password}"
