""" 管理员端点集成测试 """ import pytest from httpx import AsyncClient # ==================== 认证测试 ==================== @pytest.mark.asyncio async def test_admin_requires_auth(async_client: AsyncClient): """测试管理员接口需要认证""" response = await async_client.get("/api/admin/summary") assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_requires_admin_role( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户访问管理员接口返回 403""" response = await async_client.get( "/api/admin/summary", headers=auth_headers ) assert response.status_code == 403 # ==================== 站点概况测试 ==================== @pytest.mark.asyncio async def test_admin_get_summary_success( async_client: AsyncClient, admin_headers: dict[str, str] ): """测试管理员可以获取站点概况""" response = await async_client.get( "/api/admin/summary", headers=admin_headers ) # 端点存在但未实现,可能返回 200 或其他状态 assert response.status_code in [200, 404, 501] # ==================== 用户管理测试 ==================== @pytest.mark.asyncio async def test_admin_get_user_info_requires_auth(async_client: AsyncClient): """测试获取用户信息需要认证""" response = await async_client.get("/api/admin/user/info/1") assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_get_user_info_requires_admin( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户无法获取用户信息""" response = await async_client.get( "/api/admin/user/info/1", headers=auth_headers ) assert response.status_code == 403 @pytest.mark.asyncio async def test_admin_get_user_list_requires_auth(async_client: AsyncClient): """测试获取用户列表需要认证""" response = await async_client.get("/api/admin/user/list") assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_get_user_list_success( async_client: AsyncClient, admin_headers: dict[str, str] ): """测试管理员可以获取用户列表""" response = await async_client.get( "/api/admin/user/list", headers=admin_headers ) assert response.status_code == 200 data = response.json() assert "data" in data assert isinstance(data["data"], list) @pytest.mark.asyncio async def test_admin_get_user_list_pagination( async_client: AsyncClient, admin_headers: dict[str, str] ): """测试用户列表分页""" response = await async_client.get( "/api/admin/user/list?page=1&page_size=10", headers=admin_headers ) assert response.status_code == 200 data = response.json() assert "data" in data # 应该返回不超过 page_size 的数量 assert len(data["data"]) <= 10 @pytest.mark.asyncio async def test_admin_get_user_list_contains_user_data( async_client: AsyncClient, admin_headers: dict[str, str] ): """测试用户列表包含用户数据""" response = await async_client.get( "/api/admin/user/list", headers=admin_headers ) assert response.status_code == 200 data = response.json() users = data["data"] if len(users) > 0: user = users[0] assert "id" in user assert "username" in user @pytest.mark.asyncio async def test_admin_create_user_requires_auth(async_client: AsyncClient): """测试创建用户需要认证""" response = await async_client.post( "/api/admin/user/create", json={"username": "newadminuser", "password": "pass123"} ) assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_create_user_requires_admin( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户无法创建用户""" response = await async_client.post( "/api/admin/user/create", headers=auth_headers, json={"username": "newadminuser", "password": "pass123"} ) assert response.status_code == 403 # ==================== 用户组管理测试 ==================== @pytest.mark.asyncio async def test_admin_get_groups_requires_auth(async_client: AsyncClient): """测试获取用户组列表需要认证""" response = await async_client.get("/api/admin/group/") assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_get_groups_requires_admin( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户无法获取用户组列表""" response = await async_client.get( "/api/admin/group/", headers=auth_headers ) assert response.status_code == 403 # ==================== 文件管理测试 ==================== @pytest.mark.asyncio async def test_admin_get_file_list_requires_auth(async_client: AsyncClient): """测试获取文件列表需要认证""" response = await async_client.get("/api/admin/file/list") assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_get_file_list_requires_admin( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户无法获取文件列表""" response = await async_client.get( "/api/admin/file/list", headers=auth_headers ) assert response.status_code == 403 # ==================== 设置管理测试 ==================== @pytest.mark.asyncio async def test_admin_get_settings_requires_auth(async_client: AsyncClient): """测试获取设置需要认证""" response = await async_client.get("/api/admin/settings") assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_get_settings_requires_admin( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户无法获取设置""" response = await async_client.get( "/api/admin/settings", headers=auth_headers ) assert response.status_code == 403 @pytest.mark.asyncio async def test_admin_update_settings_requires_auth(async_client: AsyncClient): """测试更新设置需要认证""" response = await async_client.patch( "/api/admin/settings", json={"siteName": "New Site Name"} ) assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_update_settings_requires_admin( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户无法更新设置""" response = await async_client.patch( "/api/admin/settings", headers=auth_headers, json={"siteName": "New Site Name"} ) assert response.status_code == 403 # ==================== 存储策略管理测试 ==================== @pytest.mark.asyncio async def test_admin_policy_list_requires_auth(async_client: AsyncClient): """测试获取存储策略列表需要认证""" response = await async_client.get("/api/admin/policy/list") assert response.status_code == 401 @pytest.mark.asyncio async def test_admin_policy_list_requires_admin( async_client: AsyncClient, auth_headers: dict[str, str] ): """测试普通用户无法获取存储策略列表""" response = await async_client.get( "/api/admin/policy/list", headers=auth_headers ) assert response.status_code == 403