diff --git a/mealie/routes/users/crud.py b/mealie/routes/users/crud.py index 35341d357..6ed4e9e6c 100644 --- a/mealie/routes/users/crud.py +++ b/mealie/routes/users/crud.py @@ -2,13 +2,13 @@ from db.database import db from db.db_setup import generate_session from fastapi import APIRouter, Depends from models.user_models import CreateUser, UserResponse -from routes.deps import manager, query_user +from routes.deps import manager from sqlalchemy.orm.session import Session router = APIRouter(prefix="/api/users", tags=["Users"]) -@router.post("/", response_model=UserResponse) +@router.post("", response_model=UserResponse, status_code=201) async def create_user( new_user: CreateUser, current_user=Depends(manager), @@ -21,11 +21,15 @@ async def create_user( return data -@router.get("/", response_model=list[UserResponse]) +@router.get("", response_model=list[UserResponse]) async def get_all_users( current_user=Depends(manager), session: Session = Depends(generate_session) ): - return db.users.get_all(session) + + if current_user.get("is_superuser"): + return db.users.get_all(session) + else: + return {"details": "user not authorized"} @router.get("/{id}", response_model=UserResponse) diff --git a/mealie/tests/conftest.py b/mealie/tests/conftest.py index 4a3c1c763..b674e903e 100644 --- a/mealie/tests/conftest.py +++ b/mealie/tests/conftest.py @@ -1,27 +1,27 @@ -from pathlib import Path +import json +import requests from app import app from app_config import SQLITE_DIR from db.db_setup import generate_session, sql_global_init +from db.init_db import init_db from fastapi.testclient import TestClient from pytest import fixture -from services.settings_services import default_settings_init -from services.theme_services import default_theme_init from tests.test_config import TEST_DATA SQLITE_FILE = SQLITE_DIR.joinpath("test.db") SQLITE_FILE.unlink(missing_ok=True) +TOKEN_URL = "/api/auth/token" TestSessionLocal = sql_global_init(SQLITE_FILE, check_thread=False) +init_db(TestSessionLocal()) def override_get_db(): try: db = TestSessionLocal() - default_theme_init() - default_settings_init() yield db finally: db.close() @@ -31,11 +31,22 @@ def override_get_db(): def api_client(): app.dependency_overrides[generate_session] = override_get_db + yield TestClient(app) - SQLITE_FILE.unlink() + # SQLITE_FILE.unlink() @fixture(scope="session") def test_image(): return TEST_DATA.joinpath("test_image.jpg") + + +@fixture(scope="session") +def token(api_client: requests): + form_data = {"username": "changeme@email.com", "password": "MyPassword"} + response = api_client.post(TOKEN_URL, form_data) + + token = json.loads(response.text).get("access_token") + + return {"Authorization": f"Bearer {token}"} diff --git a/mealie/tests/test_routes/test_settings_routes.py b/mealie/tests/test_routes/test_settings_routes.py index 56ccae369..fe4bbdf65 100644 --- a/mealie/tests/test_routes/test_settings_routes.py +++ b/mealie/tests/test_routes/test_settings_routes.py @@ -34,8 +34,6 @@ def default_theme(api_client): }, } - api_client.post(THEMES_CREATE, json=default_theme) - return default_theme diff --git a/mealie/tests/test_routes/test_user_routes.py b/mealie/tests/test_routes/test_user_routes.py new file mode 100644 index 000000000..2d6284718 --- /dev/null +++ b/mealie/tests/test_routes/test_user_routes.py @@ -0,0 +1,94 @@ +import json + +import requests +from pytest import fixture + +BASE = "/api/users" +TOKEN_URL = "/api/auth/token" + + + + + +@fixture(scope="session") +def default_user(): + return { + "id": 1, + "full_name": "Change Me", + "email": "changeme@email.com", + "family": "public", + } + + +@fixture(scope="session") +def new_user(): + return { + "id": 2, + "full_name": "My New User", + "email": "newuser@email.com", + "family": "public", + } + + +def test_superuser_login(api_client: requests): + form_data = {"username": "changeme@email.com", "password": "MyPassword"} + response = api_client.post(TOKEN_URL, form_data) + + assert response.status_code == 200 + token = json.loads(response.text).get("access_token") + + return {"Authorization": f"Bearer {token}"} + + +def test_init_superuser(api_client: requests, token, default_user): + response = api_client.get(f"{BASE}/1", headers=token) + assert response.status_code == 200 + + assert json.loads(response.text) == default_user + + +def test_create_user(api_client: requests, token, new_user): + create_data = { + "full_name": "My New User", + "email": "newuser@email.com", + "password": "MyStrongPassword", + "family": "public", + } + + response = api_client.post(f"{BASE}", json=create_data, headers=token) + + assert response.status_code == 201 + assert json.loads(response.text) == new_user + assert True + + +def test_get_all_users(api_client: requests, token, new_user, default_user): + response = api_client.get(f"{BASE}", headers=token) + + assert response.status_code == 200 + + assert json.loads(response.text) == [default_user, new_user] + + +def test_update_user(api_client: requests, token): + update_data = { + "full_name": "Updated Name", + "email": "updated@email.com", + "password": "MyStrongPassword", + "family": "public", + } + response = api_client.put(f"{BASE}/1", headers=token, json=update_data) + + assert response.status_code == 200 + assert json.loads(response.text) == { + "id": 1, + "full_name": "Updated Name", + "email": "updated@email.com", + "family": "public", + } + + +def test_delete_user(api_client: requests, token): + response = api_client.delete(f"{BASE}/2", headers=token) + + assert response.status_code == 200