hankin
815cbf9d8c
- 更新 .gitignore:全面覆盖环境变量、数据库、日志、缓存、上传文件 - 移除误跟踪的 server/venv/、crm_data.db、.env 文件 - 新增 server/.env.example 模板 - 新增合同管理、利润核算、AI教练等功能模块 - 新增 Playwright e2e 测试套件 - 前后端多项功能升级和 bug 修复
126 lines
4.8 KiB
Python
126 lines
4.8 KiB
Python
"""
|
|
系统设置模块测试 —— /api/settings
|
|
覆盖: 部门树 / 角色CRUD / 员工CRUD / 重置密码 / 权限守卫
|
|
"""
|
|
import uuid
|
|
import pytest
|
|
from httpx import AsyncClient
|
|
from tests.conftest import (
|
|
ADMIN_USER_ID, SALES_USER_ID, DEPT_ID,
|
|
ADMIN_ROLE_ID, SALES_ROLE_ID,
|
|
)
|
|
|
|
|
|
class TestDeptTree:
|
|
"""GET /api/settings/departments/tree"""
|
|
|
|
async def test_admin_get_dept_tree(self, client: AsyncClient, admin_headers):
|
|
"""管理员 → 200 + 部门树"""
|
|
resp = await client.get("/api/settings/departments/tree", headers=admin_headers)
|
|
assert resp.status_code == 200
|
|
assert isinstance(resp.json()["data"], list)
|
|
|
|
async def test_sales_get_dept_tree_forbidden(self, client: AsyncClient, sales_headers):
|
|
"""普通销售 → 403"""
|
|
resp = await client.get("/api/settings/departments/tree", headers=sales_headers)
|
|
assert resp.status_code == 403
|
|
|
|
|
|
class TestRoles:
|
|
"""/api/settings/roles"""
|
|
|
|
async def test_list_roles(self, client: AsyncClient, admin_headers):
|
|
"""角色列表 → 200"""
|
|
resp = await client.get("/api/settings/roles", headers=admin_headers)
|
|
assert resp.status_code == 200
|
|
data = resp.json()["data"]
|
|
assert len(data) >= 2 # admin + sales
|
|
|
|
async def test_create_role(self, client: AsyncClient, admin_headers):
|
|
"""新增角色 → 200"""
|
|
resp = await client.post("/api/settings/roles", headers=admin_headers, json={
|
|
"role_name": "财务主管",
|
|
"data_scope": "dept_and_sub",
|
|
"menu_keys": ["finance", "dashboard"],
|
|
"description": "财务部门主管角色",
|
|
})
|
|
assert resp.status_code == 200
|
|
assert resp.json()["data"]["role_name"] == "财务主管"
|
|
|
|
async def test_create_duplicate_role(self, client: AsyncClient, admin_headers):
|
|
"""重复角色名 → 400"""
|
|
resp = await client.post("/api/settings/roles", headers=admin_headers, json={
|
|
"role_name": "管理员", # 已存在
|
|
"data_scope": "all",
|
|
})
|
|
assert resp.status_code == 400
|
|
|
|
async def test_update_role(self, client: AsyncClient, admin_headers):
|
|
"""修改角色 → 200"""
|
|
resp = await client.put(
|
|
f"/api/settings/roles/{SALES_ROLE_ID}",
|
|
headers=admin_headers,
|
|
json={"description": "基础销售角色-已更新"}
|
|
)
|
|
assert resp.status_code == 200
|
|
|
|
async def test_sales_cannot_manage_roles(self, client: AsyncClient, sales_headers):
|
|
"""普通销售管理角色 → 403"""
|
|
resp = await client.get("/api/settings/roles", headers=sales_headers)
|
|
assert resp.status_code == 403
|
|
|
|
|
|
class TestUsers:
|
|
"""/api/settings/users"""
|
|
|
|
async def test_list_users(self, client: AsyncClient, admin_headers):
|
|
"""员工列表 → 200"""
|
|
resp = await client.get("/api/settings/users", headers=admin_headers)
|
|
assert resp.status_code == 200
|
|
data = resp.json()["data"]
|
|
assert data["total"] >= 2
|
|
|
|
async def test_create_user(self, client: AsyncClient, admin_headers):
|
|
"""开通新账号 → 200"""
|
|
resp = await client.post("/api/settings/users", headers=admin_headers, json={
|
|
"username": "newuser01",
|
|
"password": "test123456",
|
|
"real_name": "新员工",
|
|
"dept_id": str(DEPT_ID),
|
|
"role_id": str(SALES_ROLE_ID),
|
|
})
|
|
assert resp.status_code == 200
|
|
assert resp.json()["data"]["username"] == "newuser01"
|
|
|
|
async def test_create_duplicate_username(self, client: AsyncClient, admin_headers):
|
|
"""重复用户名 → 400"""
|
|
resp = await client.post("/api/settings/users", headers=admin_headers, json={
|
|
"username": "admin", # 已存在
|
|
"password": "123456",
|
|
"real_name": "重复用户",
|
|
})
|
|
assert resp.status_code == 400
|
|
|
|
async def test_update_user(self, client: AsyncClient, admin_headers):
|
|
"""编辑员工 → 200"""
|
|
resp = await client.put(
|
|
f"/api/settings/users/{SALES_USER_ID}",
|
|
headers=admin_headers,
|
|
json={"real_name": "销售01-改名", "phone": "13800000001"}
|
|
)
|
|
assert resp.status_code == 200
|
|
|
|
async def test_reset_password(self, client: AsyncClient, admin_headers):
|
|
"""重置密码 → 200"""
|
|
resp = await client.put(
|
|
f"/api/settings/users/{SALES_USER_ID}/reset-password",
|
|
headers=admin_headers,
|
|
json={"new_password": "reset999"}
|
|
)
|
|
assert resp.status_code == 200
|
|
|
|
async def test_sales_cannot_manage_users(self, client: AsyncClient, sales_headers):
|
|
"""普通销售无法管理员工 → 403"""
|
|
resp = await client.get("/api/settings/users", headers=sales_headers)
|
|
assert resp.status_code == 403
|