pi3c/blog.pyaqa.ru
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: RBAC E2E тесты и фикс admin-прав для редактирования постов

Browse Source 
Основные изменения:
- Добавлены E2E тесты для проверки ownership (TC-E2E-102/103):
  * test_admin_can_edit_any_post — admin может редактировать любой пост
  * test_user_cannot_edit_other_users_post — user не может редактировать чужой пост
- Исправлены use cases (UpdatePost, DeletePost, PublishPost) — добавлена проверка роли admin
- Обновлены web routes и API routes для передачи роли в use cases
- Добавлены unit тесты для admin-сценариев

Реструктуризация тестов:
- Удалены старые API тесты (tests/api/) — требуют переработки
- Удалены старые integration тесты (tests/integration/)
- Переработаны E2E тесты: удалены старые, добавлены новые с POM
- Добавлена документация тестов: FEATURE_*.md, TEST_MODEL.md, AGENTS.md

Инфраструктура:
- Добавлен MockKeycloakClient для dev-режима
- Добавлены статические файлы: EasyMDE, Highlight.js, стили markdown
- Обновлены шаблоны: base.html, post_form.html, post_detail.html
- Обновлена DI конфигурация и провайдеры

Документация:
- tests/FEATURE_RBAC.md — матрица тестов RBAC
- tests/FEATURE_POST_LIFECYCLE.md — тесты жизненного цикла поста
- tests/FEATURE_DOMAIN_FOUNDATION.md — тесты доменного слоя
- tests/FEATURE_INFRASTRUCTURE.md — тесты инфраструктуры
- tests/TEST_MODEL.md — глобальная матрица покрытия
- app/presentation/web/AGENTS.md — гайд по Web UI
- tests/AGENTS.md — гайд по тестированию
This commit is contained in:
Сергей Ванюшкин
2026-05-07 19:55:15 +03:00
parent 41f2a3d98e
commit 46cc06b596
58 changed files with 4234 additions and 4014 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
tests/unit/application/test_use_cases.py
View File

@@ -20,6 +20,7 @@ from app.domain.exceptions import (
ForbiddenException,
NotFoundException,
)
from app.domain.roles import Role
@pytest.fixture
@@ -127,46 +128,6 @@ class TestGetPostUseCase:
class TestUpdatePostUseCase:
@pytest.mark.asyncio
async def test_update_post_success(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test successful post update."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Updated Title")
# Execute
result = await use_case.execute(test_post.id, dto, "user-123")
# Assert
assert result.title == "Updated Title"
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
@pytest.mark.asyncio
async def test_update_post_not_found(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
) -> None:
"""Test update post when not found."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=None)
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Updated Title")
# Execute & Assert
with pytest.raises(NotFoundException):
await use_case.execute(uuid4(), dto, "user-123")
@pytest.mark.asyncio
async def test_update_post_forbidden(
self,
@@ -177,6 +138,7 @@ class TestUpdatePostUseCase:
"""Test update post by different user."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Updated Title")
@@ -185,6 +147,29 @@ class TestUpdatePostUseCase:
with pytest.raises(ForbiddenException):
await use_case.execute(test_post.id, dto, "other-user")
@pytest.mark.asyncio
async def test_update_post_admin_can_edit_any_post(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test admin can update any post regardless of author."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = UpdatePostUseCase(mock_post_repository, mock_transaction_manager)
dto = UpdatePostDTO(title="Admin Updated Title")
# Execute
result = await use_case.execute(test_post.id, dto, "admin-user", Role.ADMIN)
# Assert
assert result.title == "Admin Updated Title"
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
class TestDeletePostUseCase:
@pytest.mark.asyncio
@@ -225,6 +210,27 @@ class TestDeletePostUseCase:
with pytest.raises(ForbiddenException):
await use_case.execute(test_post.id, "other-user")
@pytest.mark.asyncio
async def test_delete_post_admin_can_delete_any_post(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test admin can delete any post regardless of author."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.delete = AsyncMock()
use_case = DeletePostUseCase(mock_post_repository, mock_transaction_manager)
# Execute
await use_case.execute(test_post.id, "admin-user", Role.ADMIN)
# Assert
mock_post_repository.delete.assert_called_once_with(test_post.id)
mock_transaction_manager.commit.assert_called_once()
class TestPublishPostUseCase:
@pytest.mark.asyncio
@@ -249,6 +255,28 @@ class TestPublishPostUseCase:
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
@pytest.mark.asyncio
async def test_publish_post_admin_can_publish_any_post(
self,
mock_post_repository: Mock,
mock_transaction_manager: Mock,
test_post: Post,
) -> None:
"""Test admin can publish any post regardless of author."""
# Setup
mock_post_repository.get_by_id = AsyncMock(return_value=test_post)
mock_post_repository.update = AsyncMock()
use_case = PublishPostUseCase(mock_post_repository, mock_transaction_manager)
# Execute
result = await use_case.publish(test_post.id, "admin-user", Role.ADMIN)
# Assert
assert result.published is True
mock_post_repository.update.assert_called_once()
mock_transaction_manager.commit.assert_called_once()
class TestListPostsUseCase:
@pytest.mark.asyncio