28 lines
1.2 KiB
Python
28 lines
1.2 KiB
Python
import json
|
|
from mikromon import db
|
|
from mikromon.models import User, Role, RoleName, Dashboard
|
|
from mikromon.security.passwords import hash_password
|
|
|
|
def _login(client, email, password):
|
|
return client.post("/auth/login", data={"email":email,"password":password}, follow_redirects=False)
|
|
|
|
def test_api_me_requires_login(client, app):
|
|
r = client.get("/api/v1/me")
|
|
assert r.status_code in (302, 401)
|
|
|
|
def test_dashboard_acl(client, app):
|
|
with app.app_context():
|
|
user_role = Role.query.filter_by(name=RoleName.USER.value).first()
|
|
if not user_role:
|
|
user_role = Role(name=RoleName.USER.value)
|
|
db.session.add(user_role); db.session.commit()
|
|
u1 = User(email="a@example.com", password_hash=hash_password("Password123!"), role_id=user_role.id)
|
|
u2 = User(email="b@example.com", password_hash=hash_password("Password123!"), role_id=user_role.id)
|
|
db.session.add_all([u1,u2]); db.session.commit()
|
|
d = Dashboard(owner_id=u1.id, name="D1", description="")
|
|
db.session.add(d); db.session.commit()
|
|
did = d.id
|
|
_login(client, "b@example.com", "Password123!")
|
|
r = client.get(f"/api/v1/dashboards/{did}")
|
|
assert r.status_code == 403
|