sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
53dfe018c2bacd5e887909c8e66dbc5b167c835e
orion/app/modules/tenancy/tests/integration/test_merchant_routes.py
Samir Boulahtit 1dcb0e6c33
Some checks failed
CI / ruff (push) Successful in 11s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details
feat: RBAC Phase 1 — consolidate user roles into 4-value enum 
Consolidate User.role (2-value: admin/store) + User.is_super_admin (boolean)
into a single 4-value UserRole enum: super_admin, platform_admin,
merchant_owner, store_member. Drop stale StoreUser.user_type column.
Fix role="user" bug in merchant creation.

Key changes:
- Expand UserRole enum from 2 to 4 values with computed properties
  (is_admin, is_super_admin, is_platform_admin, is_merchant_owner, is_store_user)
- Add Alembic migration (tenancy_003) for data migration + column drops
- Remove is_super_admin from JWT token payload
- Update all auth dependencies, services, routes, templates, JS, and tests
- Update all RBAC documentation

66 files changed, 1219 unit tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-19 22:44:29 +01:00

234 lines
7.7 KiB
Python
Raw Blame History

# app/modules/tenancy/tests/integration/test_merchant_routes.py
"""
Integration tests for merchant portal tenancy API routes.
Tests the merchant portal endpoints at:
/api/v1/merchants/account/*
Authentication: Overrides get_merchant_for_current_user and
get_current_merchant_api with mocks that return the test merchant/user.
"""
import uuid
import pytest
from app.api.deps import get_current_merchant_api, get_merchant_for_current_user
from app.modules.tenancy.models import Merchant, Store, User
from main import app
from models.schema.auth import UserContext
# ============================================================================
# Fixtures
# ============================================================================
BASE = "/api/v1/merchants/account"
@pytest.fixture
def mt_owner(db):
"""Create a merchant owner user."""
from middleware.auth import AuthManager
auth = AuthManager()
uid = uuid.uuid4().hex[:8]
user = User(
email=f"mtowner_{uid}@test.com",
username=f"mtowner_{uid}",
hashed_password=auth.hash_password("mtpass123"),
role="merchant_owner",
is_active=True,
)
db.add(user)
db.commit()
db.refresh(user)
return user
@pytest.fixture
def mt_merchant(db, mt_owner):
"""Create a merchant owned by mt_owner."""
merchant = Merchant(
name="Merchant Portal Test",
description="A test merchant for portal routes",
owner_user_id=mt_owner.id,
contact_email=mt_owner.email,
contact_phone="+352 123 456",
website="https://example.com",
business_address="1 Rue Test, Luxembourg",
tax_number="LU12345678",
is_active=True,
is_verified=True,
)
db.add(merchant)
db.commit()
db.refresh(merchant)
return merchant
@pytest.fixture
def mt_stores(db, mt_merchant):
"""Create stores for the merchant."""
stores = []
for i in range(3):
uid = uuid.uuid4().hex[:8]
store = Store(
merchant_id=mt_merchant.id,
store_code=f"MT_{uid.upper()}",
subdomain=f"mtstore{uid}",
name=f"MT Store {i}",
is_active=i < 2, # Third store inactive
is_verified=True,
)
db.add(store) # noqa: PERF006
stores.append(store)
db.commit()
for s in stores:
db.refresh(s)
return stores
@pytest.fixture
def mt_auth(mt_owner, mt_merchant):
"""Override auth dependencies to return the test merchant/user."""
user_context = UserContext(
id=mt_owner.id,
email=mt_owner.email,
username=mt_owner.username,
role="merchant_owner",
is_active=True,
)
def _override_merchant():
return mt_merchant
def _override_user():
return user_context
app.dependency_overrides[get_merchant_for_current_user] = _override_merchant
app.dependency_overrides[get_current_merchant_api] = _override_user
yield {"Authorization": "Bearer fake-token"}
app.dependency_overrides.pop(get_merchant_for_current_user, None)
app.dependency_overrides.pop(get_current_merchant_api, None)
# ============================================================================
# Store Endpoints
# ============================================================================
class TestMerchantStoresList:
"""Tests for GET /api/v1/merchants/account/stores."""
def test_list_stores_success(self, client, mt_auth, mt_stores):
response = client.get(f"{BASE}/stores", headers=mt_auth)
assert response.status_code == 200
data = response.json()
assert "stores" in data
assert "total" in data
assert data["total"] == 3
def test_list_stores_response_shape(self, client, mt_auth, mt_stores):
response = client.get(f"{BASE}/stores", headers=mt_auth)
assert response.status_code == 200
store = response.json()["stores"][0]
assert "id" in store
assert "name" in store
assert "store_code" in store
assert "is_active" in store
assert "subdomain" in store
def test_list_stores_pagination(self, client, mt_auth, mt_stores):
response = client.get(
f"{BASE}/stores",
params={"skip": 0, "limit": 2},
headers=mt_auth,
)
assert response.status_code == 200
data = response.json()
assert len(data["stores"]) == 2
assert data["total"] == 3
assert data["skip"] == 0
assert data["limit"] == 2
def test_list_stores_empty(self, client, mt_auth, mt_merchant):
response = client.get(f"{BASE}/stores", headers=mt_auth)
assert response.status_code == 200
data = response.json()
assert data["stores"] == []
assert data["total"] == 0
# ============================================================================
# Profile Endpoints
# ============================================================================
class TestMerchantProfile:
"""Tests for GET/PUT /api/v1/merchants/account/profile."""
def test_get_profile_success(self, client, mt_auth, mt_merchant):
response = client.get(f"{BASE}/profile", headers=mt_auth)
assert response.status_code == 200
data = response.json()
assert data["id"] == mt_merchant.id
assert data["name"] == "Merchant Portal Test"
assert data["description"] == "A test merchant for portal routes"
assert data["contact_email"] == mt_merchant.contact_email
assert data["contact_phone"] == "+352 123 456"
assert data["website"] == "https://example.com"
assert data["business_address"] == "1 Rue Test, Luxembourg"
assert data["tax_number"] == "LU12345678"
assert data["is_verified"] is True
def test_get_profile_all_fields_present(self, client, mt_auth, mt_merchant):
response = client.get(f"{BASE}/profile", headers=mt_auth)
assert response.status_code == 200
data = response.json()
expected_fields = {
"id", "name", "description", "contact_email", "contact_phone",
"website", "business_address", "tax_number", "is_verified",
}
assert expected_fields.issubset(set(data.keys()))
def test_update_profile_partial(self, client, mt_auth, mt_merchant):
response = client.put(
f"{BASE}/profile",
json={"name": "Updated Merchant Name"},
headers=mt_auth,
)
assert response.status_code == 200
data = response.json()
assert data["name"] == "Updated Merchant Name"
# Other fields should remain unchanged
assert data["contact_phone"] == "+352 123 456"
def test_update_profile_email_validation(self, client, mt_auth, mt_merchant):
response = client.put(
f"{BASE}/profile",
json={"contact_email": "not-an-email"},
headers=mt_auth,
)
assert response.status_code == 422
def test_update_profile_cannot_set_admin_fields(self, client, mt_auth, mt_merchant):
"""Admin-only fields (is_active, is_verified) are not accepted."""
response = client.put(
f"{BASE}/profile",
json={"is_active": False, "is_verified": False},
headers=mt_auth,
)
# Should succeed but ignore unknown fields (Pydantic extra="ignore" by default)
assert response.status_code == 200
data = response.json()
# is_verified should remain True (not changed)
assert data["is_verified"] is True
def test_update_profile_name_too_short(self, client, mt_auth, mt_merchant):
response = client.put(
f"{BASE}/profile",
json={"name": "A"},
headers=mt_auth,
)
assert response.status_code == 422
Reference in New Issue View Git Blame Copy Permalink