backend/tests/test_users.py

import pytest
from conftest import auth_header


class TestListUsers:
    async def test_list_users_as_admin(self, client, admin_user, admin_token):
        resp = await client.get("/api/v1/users", headers=auth_header(admin_token))
        assert resp.status_code == 200
        body = resp.json()
        assert "total" in body
        assert "items" in body
        assert body["total"] >= 1

    async def test_list_users_as_visitor_forbidden(self, client, normal_user, user_token):
        resp = await client.get("/api/v1/users", headers=auth_header(user_token))
        assert resp.status_code == 403

    async def test_list_users_unauthenticated(self, client):
        resp = await client.get("/api/v1/users")
        assert resp.status_code == 401


class TestCreateUser:
    async def test_create_user_as_admin(self, client, admin_user, admin_token):
        resp = await client.post(
            "/api/v1/users",
            json={"username": "newuser", "password": "newpass123", "full_name": "New User", "role": "visitor"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 200
        body = resp.json()
        assert body["username"] == "newuser"
        assert "id" in body

    async def test_create_user_as_visitor_forbidden(self, client, normal_user, user_token):
        resp = await client.post(
            "/api/v1/users",
            json={"username": "another", "password": "pass123"},
            headers=auth_header(user_token),
        )
        assert resp.status_code == 403

    async def test_create_duplicate_user(self, client, admin_user, admin_token):
        resp = await client.post(
            "/api/v1/users",
            json={"username": "testadmin", "password": "pass123"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 400


class TestUpdateUser:
    async def test_update_user_as_admin(self, client, admin_user, normal_user, admin_token):
        resp = await client.put(
            f"/api/v1/users/{normal_user.id}",
            json={"full_name": "Updated Name"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 200

    async def test_update_nonexistent_user(self, client, admin_user, admin_token):
        resp = await client.put(
            "/api/v1/users/99999",
            json={"full_name": "Ghost"},
            headers=auth_header(admin_token),
        )
        assert resp.status_code == 404


class TestRoles:
    async def test_list_roles(self, client, admin_user, admin_token, seed_roles):
        resp = await client.get("/api/v1/users/roles", headers=auth_header(admin_token))
        assert resp.status_code == 200
        body = resp.json()
        assert isinstance(body, list)
        assert len(body) >= 1
        assert "name" in body[0]
        assert "display_name" in body[0]
ems-core v1.0.0: Standard EMS platform core Shared backend + frontend for multi-customer EMS deployments. - 12 enterprise modules: quota, cost, charging, maintenance, analysis, etc. - 120+ API endpoints, 37 database tables - Customer config mechanism (CUSTOMER env var + YAML config) - Collectors: Modbus TCP, MQTT, HTTP API, Sungrow iSolarCloud - Frontend: React 19 + Ant Design + ECharts + Three.js - Infrastructure: Redis cache, rate limiting, aggregation engine Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-04 18:14:11 +08:00			`import pytest`
			`from conftest import auth_header`


			`class TestListUsers:`
			`async def test_list_users_as_admin(self, client, admin_user, admin_token):`
			`resp = await client.get("/api/v1/users", headers=auth_header(admin_token))`
			`assert resp.status_code == 200`
			`body = resp.json()`
			`assert "total" in body`
			`assert "items" in body`
			`assert body["total"] >= 1`

			`async def test_list_users_as_visitor_forbidden(self, client, normal_user, user_token):`
			`resp = await client.get("/api/v1/users", headers=auth_header(user_token))`
			`assert resp.status_code == 403`

			`async def test_list_users_unauthenticated(self, client):`
			`resp = await client.get("/api/v1/users")`
			`assert resp.status_code == 401`


			`class TestCreateUser:`
			`async def test_create_user_as_admin(self, client, admin_user, admin_token):`
			`resp = await client.post(`
			`"/api/v1/users",`
			`json={"username": "newuser", "password": "newpass123", "full_name": "New User", "role": "visitor"},`
			`headers=auth_header(admin_token),`
			`)`
			`assert resp.status_code == 200`
			`body = resp.json()`
			`assert body["username"] == "newuser"`
			`assert "id" in body`

			`async def test_create_user_as_visitor_forbidden(self, client, normal_user, user_token):`
			`resp = await client.post(`
			`"/api/v1/users",`
			`json={"username": "another", "password": "pass123"},`
			`headers=auth_header(user_token),`
			`)`
			`assert resp.status_code == 403`

			`async def test_create_duplicate_user(self, client, admin_user, admin_token):`
			`resp = await client.post(`
			`"/api/v1/users",`
			`json={"username": "testadmin", "password": "pass123"},`
			`headers=auth_header(admin_token),`
			`)`
			`assert resp.status_code == 400`


			`class TestUpdateUser:`
			`async def test_update_user_as_admin(self, client, admin_user, normal_user, admin_token):`
			`resp = await client.put(`
			`f"/api/v1/users/{normal_user.id}",`
			`json={"full_name": "Updated Name"},`
			`headers=auth_header(admin_token),`
			`)`
			`assert resp.status_code == 200`

			`async def test_update_nonexistent_user(self, client, admin_user, admin_token):`
			`resp = await client.put(`
			`"/api/v1/users/99999",`
			`json={"full_name": "Ghost"},`
			`headers=auth_header(admin_token),`
			`)`
			`assert resp.status_code == 404`


			`class TestRoles:`
			`async def test_list_roles(self, client, admin_user, admin_token, seed_roles):`
			`resp = await client.get("/api/v1/users/roles", headers=auth_header(admin_token))`
			`assert resp.status_code == 200`
			`body = resp.json()`
			`assert isinstance(body, list)`
			`assert len(body) >= 1`
			`assert "name" in body[0]`
			`assert "display_name" in body[0]`