sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

shop product refactoring

Browse Source
This commit is contained in:
Samir Boulahtit
2025-10-04 23:38:53 +02:00
parent 4d2866af5e
commit 0114b6c46e
68 changed files with 2234 additions and 2236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/integration/security/test_authentication.py
View File

@@ -10,10 +10,10 @@ class TestAuthentication:
"""Test that protected endpoints reject unauthenticated requests"""
protected_endpoints = [
"/api/v1/admin/users",
"/api/v1/admin/shops",
"/api/v1/admin/vendors",
"/api/v1/marketplace/import-jobs",
"/api/v1/marketplace/product",
"/api/v1/shop",
"/api/v1/vendor ",
"/api/v1/stats",
"/api/v1/stock",
]

16
tests/integration/security/test_authorization.py
View File

@@ -16,7 +16,7 @@ class TestAuthorization:
"""Test that admin users can access admin endpoints"""
admin_endpoints = [
"/api/v1/admin/users",
"/api/v1/admin/shops",
"/api/v1/admin/vendors",
"/api/v1/admin/marketplace-import-jobs",
]
@@ -36,15 +36,15 @@ class TestAuthorization:
response = client.get(endpoint, headers=auth_headers)
assert response.status_code == 200 # Regular user should have access
def test_shop_owner_access_control(
self, client, auth_headers, test_shop, other_user
def test_vendor_owner_access_control(
self, client, auth_headers, test_vendor, other_user
):
"""Test that users can only access their own shops"""
# Test accessing own shop (should work)
"""Test that users can only access their own vendors"""
# Test accessing own vendor (should work)
response = client.get(
f"/api/v1/shop/{test_shop.shop_code}", headers=auth_headers
f"/api/v1/vendor /{test_vendor.vendor_code}", headers=auth_headers
)
# Response depends on your implementation - could be 200 or 404 if shop doesn't belong to user
# Response depends on your implementation - could be 200 or 404 if vendor doesn't belong to user
# The exact assertion depends on your shop access control implementation
# The exact assertion depends on your vendor access control implementation
assert response.status_code in [200, 403, 404]