From 365cdeae90d955d614fbde0e4a9bde884cf3abb3 Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Sun, 28 Sep 2025 17:22:11 -0400 Subject: [PATCH 01/13] Fixed 4 test cases - rewrote serialize_course - fixed "departments" test case --- labconnect/main/routes.py | 11 +++++++---- labconnect/serializers.py | 3 ++- tests/test_departments.py | 31 ++++++++++++++++--------------- 3 files changed, 25 insertions(+), 20 deletions(-) diff --git a/labconnect/main/routes.py b/labconnect/main/routes.py index 8160d65d..df9454c3 100644 --- a/labconnect/main/routes.py +++ b/labconnect/main/routes.py @@ -27,13 +27,16 @@ def index() -> dict[str, str]: @main_blueprint.get("/departments") def departmentCards(): data = db.session.execute( - db.select(RPIDepartments.name, RPIDepartments.school_id, RPIDepartments.id) + db.select(RPIDepartments.name, RPIDepartments.school_id, RPIDepartments.id, + RPIDepartments.description, RPIDepartments.website) ).all() results = [ { - "title": department.name, - "department_id": department.id, - "school": department.school_id, + "name": department.name, + "description": department.description, + "id": department.id, + "school_id": department.school_id, + "website": department.website, "image": "https://cdn-icons-png.flaticon.com/512/5310/5310672.png", } for department in data diff --git a/labconnect/serializers.py b/labconnect/serializers.py index 0a7b28a2..97ba9d9d 100644 --- a/labconnect/serializers.py +++ b/labconnect/serializers.py @@ -3,7 +3,8 @@ def serialize_course(course: Courses) -> str: - return f"{course.code} {course.name}" + course = {'code': course.code, 'name': course.name} + return course def serialize_opportunity( diff --git a/tests/test_departments.py b/tests/test_departments.py index a8397be1..ac83f6e4 100644 --- a/tests/test_departments.py +++ b/tests/test_departments.py @@ -21,20 +21,21 @@ "Computer Science", "Biology", "Materials Engineering", - "Math", "Environmental Engineering", + "Math", "Aerospace Engineering", - "Areonautical Engineering", + "Aeronautical Engineering", + "Mechanical, Aerospace, and Nuclear Engineering" ], }, { "field": "description", "values": [ - "DS", - "life", + "DS is rough", + "life science", "also pretty cool", + "water stuff", "quick maths", - "water", "space, the final frontier", "flying, need for speed", ], @@ -42,18 +43,18 @@ { "field": "school_id", "values": [ - "School of science", - "School of science", - "School of engineering", - "School of science", - "School of engineering", - "School of engineering", - "School of engineering", + "School of Science", + "School of Science", + "School of Engineering", + "School of Science", + "School of Engineering", + "School of Engineering", + "School of Engineering", ], }, { "field": "id", - "values": ["CSCI", "BIOL", "MTLE", "MATH", "ENVI", "MANE", "MANE"], + "values": ["CSCI", "BIOL", "MTLE", "MATH", "ENVE", "MANE"], }, { "field": "image", @@ -62,7 +63,7 @@ ] * 7, }, - {"field": "webcite", "values": ["https://www.rpi.edu"] * 7}, + {"field": "website", "values": ["https://www.rpi.edu"] * 7}, ], ), ( @@ -80,7 +81,7 @@ "https://cdn-icons-png.flaticon.com/512/5310/5310672.png" ], }, - {"field": "webcite", "values": ["https://www.rpi.edu"]}, + {"field": "website", "values": ["https://www.rpi.edu"]}, { "field": "professors", "subfields": [ From 63233e96b567c249a43f794dceedb4cd7705e677 Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Fri, 10 Oct 2025 17:00:12 -0400 Subject: [PATCH 02/13] Fixed Test and Registration - started lab manager registration route - fixed a general test case --- labconnect/main/auth_routes.py | 12 ++++++++++++ tests/test_general.py | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index 630b80ba..ff2c7259 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -23,6 +23,7 @@ UserCourses, UserDepartments, UserMajors, + LabManager ) from . import main_blueprint @@ -194,6 +195,17 @@ def registerUser() -> Response: db.session.commit() return make_response({"msg": "New user added"}) +# work on code that registers a Lab Manager + +@main_blueprint.post("/registerLabManager") +def registerLabManager() -> Response: + json_data = request.json + if not json_data: + abort(400) + manager = LabManager() + id = json_data.get("id") + + @main_blueprint.get("/metadata/") def metadataRoute() -> Response: diff --git a/tests/test_general.py b/tests/test_general.py index e712e647..1329e997 100644 --- a/tests/test_general.py +++ b/tests/test_general.py @@ -108,7 +108,7 @@ def test_years_route(test_client: FlaskClient) -> None: response = test_client.get("/years") assert response.status_code == 200 - assert [2024, 2025, 2026, 2027, 2028, 2029, 2030, 2031] == json.loads(response.data) + assert [2025, 2026, 2027, 2028, 2029, 2030, 2031] == json.loads(response.data) def test_professor_profile(test_client: FlaskClient) -> None: From 1a5e7d5718847a2e6c69da68addd883881bf41a4 Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Fri, 24 Oct 2025 13:38:54 -0400 Subject: [PATCH 03/13] start lab manager registration --- labconnect/main/auth_routes.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index ff2c7259..b76f8b2f 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -197,13 +197,31 @@ def registerUser() -> Response: # work on code that registers a Lab Manager -@main_blueprint.post("/registerLabManager") +@main_blueprint.post("/register-manager") def registerLabManager() -> Response: json_data = request.json if not json_data: abort(400) manager = LabManager() - id = json_data.get("id") + manager.id = json_data.get("id") + manager.email = json_data.get("email") + manager.first_name = json_data.get("first_name") + manager.last_name = json_data.get("last_name") + manager.preferred_name = json_data.get("preferred_name", "") + manager.class_year = json_data.get("class_year", "") + manager.profile_picture = json_data.get( + "profile_picture", "https://www.svgrepo.com/show/206842/professor.svg" + ) + manager.website = json_data.get("website", "") + manager.description = json_data.get("description", "") + + management_permissions = ManagementPermissions() + management_permissions.user_id = manager.id + + + return make_response({"msg": "Lab Manager added"}) + + From c1db9d94df20f8c952fdf425e514f1d9c717ae0d Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Fri, 31 Oct 2025 16:46:39 -0400 Subject: [PATCH 04/13] Changed registration - still need to test --- labconnect/main/auth_routes.py | 43 +++++++++++++++++----------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index b76f8b2f..eb273aa1 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -195,34 +195,35 @@ def registerUser() -> Response: db.session.commit() return make_response({"msg": "New user added"}) -# work on code that registers a Lab Manager - -@main_blueprint.post("/register-manager") -def registerLabManager() -> Response: +# promotes User to a Lab Manager +# requires a super admin to promote +@main_blueprint.patch("/users//permissions") +@jwt_required() +def promoteUser(rcsid: str) -> Response: json_data = request.json if not json_data: abort(400) - manager = LabManager() - manager.id = json_data.get("id") - manager.email = json_data.get("email") - manager.first_name = json_data.get("first_name") - manager.last_name = json_data.get("last_name") - manager.preferred_name = json_data.get("preferred_name", "") - manager.class_year = json_data.get("class_year", "") - manager.profile_picture = json_data.get( - "profile_picture", "https://www.svgrepo.com/show/206842/professor.svg" - ) - manager.website = json_data.get("website", "") - manager.description = json_data.get("description", "") + + # if user accessing doesn't have the right perms then they can't assign perms + promoter_id = get_jwt_identity() + promoter_perms = ManagementPermissions() + promoter_perms.user_id = promoter_id + if not promoter_perms.super_admin: + return make_response({"msg": "Missing permissions"}, 401) + + # look for the user that will be promoted + manager = db.session.query(User).filter_by(email=rcsid) + if not manager: + return make_response({"msg": "No user matches RCS ID"}, 500) management_permissions = ManagementPermissions() management_permissions.user_id = manager.id - - - return make_response({"msg": "Lab Manager added"}) - - + management_permissions.admin = True + + db.session.commit() + return make_response({"msg": "User promoted to Lab Manager"}, 200) + @main_blueprint.get("/metadata/") From 63053fb81ede1fbb28b6a522f0e120a320167f53 Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Thu, 6 Nov 2025 15:37:38 -0500 Subject: [PATCH 05/13] basic test cases --- labconnect/main/auth_routes.py | 4 +- tests/test_authentication.py | 89 +++++++++++++++++++++++++++++++++- 2 files changed, 89 insertions(+), 4 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index eb273aa1..e5218678 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -206,8 +206,8 @@ def promoteUser(rcsid: str) -> Response: # if user accessing doesn't have the right perms then they can't assign perms promoter_id = get_jwt_identity() - promoter_perms = ManagementPermissions() - promoter_perms.user_id = promoter_id + promoter_perms = ManagementPermissions() + promoter_perms.user_id = promoter_id if not promoter_perms.super_admin: return make_response({"msg": "Missing permissions"}, 401) diff --git a/tests/test_authentication.py b/tests/test_authentication.py index 73610cea..5a3166fc 100644 --- a/tests/test_authentication.py +++ b/tests/test_authentication.py @@ -2,8 +2,9 @@ Test authentication routes """ -# from flask import json -# from flask.testing import FlaskClient +from flask import json +from flask.testing import FlaskClient +import pytest # def test_login_route_one(test_client: FlaskClient) -> None: @@ -159,3 +160,87 @@ # response = test_client.post("/login") # assert response.status_code == 400 + +""" +Test Lab Manager promotion route (/users//permissions) +""" + +@pytest.mark.parametrize( + "rcsid, client_fixture, expected_status, expected_msg", + [ + # Scenario 1: Successful Promotion by Super Admin + ( + "target_rcsid@rpi.edu", # Target user exists and is ready to be promoted + "super_admin_client", + 200, + "User promoted to Lab Manager", + ), + # Scenario 2: Promotion Attempt by Non-Admin/Student (Permission Failure) + ( + "target_rcsid@rpi.edu", + "student_client", # Client lacks super_admin=True + 401, + "Missing permissions", + ), + # Scenario 3: Target User Not Found + ( + "non_existent_rcsid@rpi.edu", # User does not exist in the DB + "super_admin_client", + 500, # Based on your route returning 500 for 'No user matches RCS ID' + "No user matches RCS ID", + ), + ], +) +def test_promote_user_permissions( + rcsid: str, + client_fixture: str, + expected_status: int, + expected_msg: str, + request, # Used to dynamically access the client fixture + db, # Used for pre-test setup and post-test verification +) -> None: + """ + GIVEN a Flask application and various authenticated test clients + WHEN a PATCH request is made to the /users//permissions endpoint + THEN check that the response status and the user's permissions are updated correctly. + """ + # Dynamically retrieve the correct test client fixture (super_admin_client or student_client) + test_client: FlaskClient = request.getfixturevalue(client_fixture) + + # 1. SETUP: Ensure a target user exists if we are testing promotion/permission issues + # NOTE: You must implement a fixture that creates the users (e.g., target_rcsid@rpi.edu) + # before this test runs, otherwise the target user won't exist in the DB. + # We will assume 'setup_users' fixture handles this. + + # 2. ACT: Send the PATCH request + endpoint = f"/users/{rcsid}/permissions" + response = test_client.patch( + endpoint, + json={"is_admin": True} # Payload doesn't matter much here, but should be included + ) + + # 3. ASSERT: Check Status Code and Response Message + assert response.status_code == expected_status + json_data = json.loads(response.data) + assert json_data.get("msg") == expected_msg + + # 4. ASSERT (Conditional): Check Database state for successful promotion + if expected_status == 200: + # Find the target user in the DB + User = db.get_model('User') # Assuming a helper function to get model classes + ManagementPermissions = db.get_model('ManagementPermissions') + + promoted_user = db.session.query(User).filter_by(email=rcsid).one_or_none() + + # Ensure the user was found and promoted + assert promoted_user is not None + + # Check the ManagementPermissions record for the promoted user + perms = db.session.query(ManagementPermissions).filter_by(user_id=promoted_user.id).one_or_none() + + # The permission should be True after a successful promotion + assert perms is not None + assert perms.admin is True + # Ensure super_admin wasn't accidentally set (assuming promotion only sets 'admin') + assert perms.super_admin is False + From 7e740c74219bdcf64b42402096b1551cf6634ebe Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Fri, 14 Nov 2025 17:04:04 -0500 Subject: [PATCH 06/13] Test fixes --- labconnect/main/auth_routes.py | 10 ++-- tests/test_authentication.py | 85 +--------------------------------- tests/test_departments.py | 4 +- tests/test_general.py | 12 +++-- 4 files changed, 15 insertions(+), 96 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index e5218678..38baadb3 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -206,18 +206,16 @@ def promoteUser(rcsid: str) -> Response: # if user accessing doesn't have the right perms then they can't assign perms promoter_id = get_jwt_identity() - promoter_perms = ManagementPermissions() - promoter_perms.user_id = promoter_id - if not promoter_perms.super_admin: + promoter_perms = db.session.query(ManagementPermissions).filter_by(user_id=promoter_id).first() + if not promoter_perms or not promoter_perms.super_admin: return make_response({"msg": "Missing permissions"}, 401) # look for the user that will be promoted - manager = db.session.query(User).filter_by(email=rcsid) + manager = db.session.query(User).filter_by(email=rcsid).first() if not manager: return make_response({"msg": "No user matches RCS ID"}, 500) - management_permissions = ManagementPermissions() - management_permissions.user_id = manager.id + management_permissions = db.session.query(ManagementPermissions).filter_by(user_id=manager.id).first() management_permissions.admin = True db.session.commit() diff --git a/tests/test_authentication.py b/tests/test_authentication.py index 5a3166fc..e9076e9f 100644 --- a/tests/test_authentication.py +++ b/tests/test_authentication.py @@ -161,86 +161,5 @@ # assert response.status_code == 400 -""" -Test Lab Manager promotion route (/users//permissions) -""" - -@pytest.mark.parametrize( - "rcsid, client_fixture, expected_status, expected_msg", - [ - # Scenario 1: Successful Promotion by Super Admin - ( - "target_rcsid@rpi.edu", # Target user exists and is ready to be promoted - "super_admin_client", - 200, - "User promoted to Lab Manager", - ), - # Scenario 2: Promotion Attempt by Non-Admin/Student (Permission Failure) - ( - "target_rcsid@rpi.edu", - "student_client", # Client lacks super_admin=True - 401, - "Missing permissions", - ), - # Scenario 3: Target User Not Found - ( - "non_existent_rcsid@rpi.edu", # User does not exist in the DB - "super_admin_client", - 500, # Based on your route returning 500 for 'No user matches RCS ID' - "No user matches RCS ID", - ), - ], -) -def test_promote_user_permissions( - rcsid: str, - client_fixture: str, - expected_status: int, - expected_msg: str, - request, # Used to dynamically access the client fixture - db, # Used for pre-test setup and post-test verification -) -> None: - """ - GIVEN a Flask application and various authenticated test clients - WHEN a PATCH request is made to the /users//permissions endpoint - THEN check that the response status and the user's permissions are updated correctly. - """ - # Dynamically retrieve the correct test client fixture (super_admin_client or student_client) - test_client: FlaskClient = request.getfixturevalue(client_fixture) - - # 1. SETUP: Ensure a target user exists if we are testing promotion/permission issues - # NOTE: You must implement a fixture that creates the users (e.g., target_rcsid@rpi.edu) - # before this test runs, otherwise the target user won't exist in the DB. - # We will assume 'setup_users' fixture handles this. - - # 2. ACT: Send the PATCH request - endpoint = f"/users/{rcsid}/permissions" - response = test_client.patch( - endpoint, - json={"is_admin": True} # Payload doesn't matter much here, but should be included - ) - - # 3. ASSERT: Check Status Code and Response Message - assert response.status_code == expected_status - json_data = json.loads(response.data) - assert json_data.get("msg") == expected_msg - - # 4. ASSERT (Conditional): Check Database state for successful promotion - if expected_status == 200: - # Find the target user in the DB - User = db.get_model('User') # Assuming a helper function to get model classes - ManagementPermissions = db.get_model('ManagementPermissions') - - promoted_user = db.session.query(User).filter_by(email=rcsid).one_or_none() - - # Ensure the user was found and promoted - assert promoted_user is not None - - # Check the ManagementPermissions record for the promoted user - perms = db.session.query(ManagementPermissions).filter_by(user_id=promoted_user.id).one_or_none() - - # The permission should be True after a successful promotion - assert perms is not None - assert perms.admin is True - # Ensure super_admin wasn't accidentally set (assuming promotion only sets 'admin') - assert perms.super_admin is False - +# def test_promotion(test_client: FlaskClient) -> None: + \ No newline at end of file diff --git a/tests/test_departments.py b/tests/test_departments.py index ac83f6e4..3818e524 100644 --- a/tests/test_departments.py +++ b/tests/test_departments.py @@ -67,8 +67,8 @@ ], ), ( - "/department", - {"department": "Computer Science"}, + "/departments/CSCI", + None, 200, [ {"field": "name", "values": ["Computer Science"]}, diff --git a/tests/test_general.py b/tests/test_general.py index 1329e997..05e48d26 100644 --- a/tests/test_general.py +++ b/tests/test_general.py @@ -18,16 +18,16 @@ def test_home_page(test_client: FlaskClient) -> None: assert response.status_code == 200 assert {"Hello": "There"} == json.loads(response.data) - -def test_discover_route(test_client: FlaskClient) -> None: +# there is no discover page +# def test_discover_route(test_client: FlaskClient) -> None: """ GIVEN a Flask application configured for testing WHEN the '/discover' page is requested (GET) THEN check that the response is valid """ - response = test_client.get("/discover") + # response = test_client.get("/discover") - assert response.status_code == 200 + # assert response.status_code == 200 # Uncomment and modify the following line with expected response data # data = json.loads(response.data.decode("utf-8")) # assert data["data"][0] == { @@ -57,6 +57,8 @@ def test_profile_page(test_client: FlaskClient, input_id, expected_profile) -> N WHEN the '/profile/' page is requested (GET) THEN check that the response is valid """ + login_response = test_client.post("/login", json={"username": "test_user", "password": "password123"}) + response = test_client.get("/profile", json={"id": input_id}) assert response.status_code == 200 @@ -117,7 +119,7 @@ def test_professor_profile(test_client: FlaskClient) -> None: WHEN the '/getProfessorProfile/' page is requested (GET) THEN check that the response is valid """ - response = test_client.get("/getProfessorProfile/1") + response = test_client.get("/staff/cenzar") assert response.status_code == 200 From dd30d97619fc04f0c6568dec6164d64a2940f792 Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Thu, 20 Nov 2025 18:34:07 -0500 Subject: [PATCH 07/13] added tests for lab manager promotion - tests run successfully! --- labconnect/main/auth_routes.py | 4 +- tests/conftest.py | 2 +- tests/test_general.py | 40 +++--- tests/test_manager_promotion.py | 209 ++++++++++++++++++++++++++++++++ 4 files changed, 228 insertions(+), 27 deletions(-) create mode 100644 tests/test_manager_promotion.py diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index 38baadb3..bb56458e 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -199,7 +199,7 @@ def registerUser() -> Response: # requires a super admin to promote @main_blueprint.patch("/users//permissions") @jwt_required() -def promoteUser(rcsid: str) -> Response: +def promoteUser(email: str) -> Response: json_data = request.json if not json_data: abort(400) @@ -211,7 +211,7 @@ def promoteUser(rcsid: str) -> Response: return make_response({"msg": "Missing permissions"}, 401) # look for the user that will be promoted - manager = db.session.query(User).filter_by(email=rcsid).first() + manager = db.session.query(User).filter_by(email=email).first() if not manager: return make_response({"msg": "No user matches RCS ID"}, 500) diff --git a/tests/conftest.py b/tests/conftest.py index 6106dd40..6ff11a5d 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -17,7 +17,7 @@ def test_client(): # Set the Testing configuration prior to creating the Flask application flask_app = create_app() - flask_app.config.update({"TESTING": True, "DEBUG": True}) + flask_app.config.update({"TESTING": True, "DEBUG": True, "JWT_COOKIE_CSRF_PROTECT": False}) # Create a test client using the Flask application configured for testing with flask_app.test_client() as testing_client: diff --git a/tests/test_general.py b/tests/test_general.py index 05e48d26..719efd35 100644 --- a/tests/test_general.py +++ b/tests/test_general.py @@ -5,6 +5,7 @@ import pytest from flask import json from flask.testing import FlaskClient +from flask_jwt_extended import create_access_token def test_home_page(test_client: FlaskClient) -> None: @@ -18,25 +19,6 @@ def test_home_page(test_client: FlaskClient) -> None: assert response.status_code == 200 assert {"Hello": "There"} == json.loads(response.data) -# there is no discover page -# def test_discover_route(test_client: FlaskClient) -> None: - """ - GIVEN a Flask application configured for testing - WHEN the '/discover' page is requested (GET) - THEN check that the response is valid - """ - # response = test_client.get("/discover") - - # assert response.status_code == 200 - # Uncomment and modify the following line with expected response data - # data = json.loads(response.data.decode("utf-8")) - # assert data["data"][0] == { - # "title": "Nelson", - # "major": "CS", - # "attributes": ["Competitive Pay", "Four Credits", "Three Credits"], - # "pay": 9000.0, - # } - @pytest.mark.parametrize( "input_id, expected_profile", @@ -46,7 +28,7 @@ def test_home_page(test_client: FlaskClient) -> None: { "id": "cenzar", "first_name": "Rafael", - "opportunities": [...], # Replace with expected opportunities data + "opportunities": ["opportunity1"], # Replace with expected opportunities data }, ) ], @@ -57,10 +39,20 @@ def test_profile_page(test_client: FlaskClient, input_id, expected_profile) -> N WHEN the '/profile/' page is requested (GET) THEN check that the response is valid """ - login_response = test_client.post("/login", json={"username": "test_user", "password": "password123"}) - - response = test_client.get("/profile", json={"id": input_id}) - + # login_response = test_client.post("/login", json={"username": "test_user", "password": "password123"}) + # login_data = json.loads(login_response.data) + with test_client.application.app_context(): + access_token = create_access_token(identity='cenzar@rpi.edu') + + # response = test_client.get("/profile", json={"id": input_id}) + # Make the request with the JWT token + response = test_client.get( + "/profile", + json={"id": input_id}, + headers={'Authorization': f'Bearer {access_token}'} + ) + + print(response.data) assert response.status_code == 200 json_data = json.loads(response.data) diff --git a/tests/test_manager_promotion.py b/tests/test_manager_promotion.py new file mode 100644 index 00000000..b79be7a8 --- /dev/null +++ b/tests/test_manager_promotion.py @@ -0,0 +1,209 @@ +import pytest +from flask import Flask +from labconnect.models import User, ManagementPermissions +from labconnect import db + + +@pytest.fixture +def setup_database(test_client): + """Set up and tear down database for each test""" + # rollback database for upcoming test + db.session.rollback() + db.session.remove() + + # Clean up existing data + db.session.execute(db.text("TRUNCATE TABLE management_permissions CASCADE")) + db.session.execute(db.text("TRUNCATE TABLE \"user\" CASCADE")) + db.session.commit() + + yield + + +@pytest.fixture +def setup_users(test_client, setup_database): + """Set up test users and permissions""" + # add super admin user + super_admin = User( + id="superadm1", + email="superadmin@example.com", + first_name="Super", + last_name="Admin" + ) + db.session.add(super_admin) + db.session.flush() + + super_admin_perms = ManagementPermissions( + user_id=super_admin.id, + super_admin=True, + admin=False + ) + db.session.add(super_admin_perms) + + # add promotable user + regular_user = User( + id="regular01", + email="regular@example.com", + first_name="Regular", + last_name="User" + ) + db.session.add(regular_user) + db.session.flush() + + regular_user_perms = ManagementPermissions( + user_id=regular_user.id, + super_admin=False, + admin=False + ) + db.session.add(regular_user_perms) + + # add non-super-admin user + non_admin = User( + id="nonadmin1", + email="nonadmin@example.com", + first_name="Non", + last_name="Admin" + ) + db.session.add(non_admin) + db.session.flush() + + non_admin_perms = ManagementPermissions( + user_id=non_admin.id, + super_admin=False, + admin=True + ) + db.session.add(non_admin_perms) + + db.session.commit() + + yield { + "super_admin": super_admin, + "regular_user": regular_user, + "non_admin": non_admin + } + + +@pytest.fixture +def create_access_token_for_user(): + """Create a real JWT access token for testing""" + from flask_jwt_extended import create_access_token + + def _create_token(user_id): + return create_access_token(identity=user_id) + + return _create_token + + +def test_promote_user_success(test_client, setup_users, create_access_token_for_user): + """Test successful user promotion by super admin""" + users = setup_users + access_token = create_access_token_for_user(users["super_admin"].id) + + # set the JWT token as a cookie + test_client.set_cookie('access_token', access_token) + + response = test_client.patch( + f"/users/{users['regular_user'].email}/permissions", + json={"promote": True} + ) + + assert response.status_code == 200 + assert response.json["msg"] == "User promoted to Lab Manager" + + # verify the user was actually promoted + promoted_perms = db.session.query(ManagementPermissions).filter_by( + user_id=users["regular_user"].id + ).first() + assert promoted_perms.admin is True + + +def test_promote_user_no_json_data(test_client, setup_users, create_access_token_for_user): + """Test promotion fails when no JSON data is provided""" + users = setup_users + access_token = create_access_token_for_user(users["super_admin"].id) + + # set the JWT token as a cookie + test_client.set_cookie('access_token', access_token) + + response = test_client.patch( + f"/users/{users['regular_user'].email}/permissions", + content_type='application/json' + ) + + assert response.status_code == 400 + + +def test_promote_user_no_super_admin_perms(test_client, setup_users, create_access_token_for_user): + """Test promotion fails when promoter is not a super admin""" + users = setup_users + access_token = create_access_token_for_user(users["non_admin"].id) + + # set the JWT token as a cookie + test_client.set_cookie('access_token', access_token) + + response = test_client.patch( + f"/users/{users['regular_user'].email}/permissions", + json={"promote": True} + ) + + assert response.status_code == 401 + assert response.json["msg"] == "Missing permissions" + + +def test_promote_user_promoter_has_no_perms_record(test_client, setup_users, create_access_token_for_user): + """Test promotion fails when promoter has no permissions record""" + users = setup_users + + # add user with no perms + user_no_perms = User( + id="noperms01", + email="noperms@example.com", + first_name="No", + last_name="Perms" + ) + db.session.add(user_no_perms) + db.session.commit() + + access_token = create_access_token_for_user(user_no_perms.id) + + # set the JWT token as a cookie + test_client.set_cookie('access_token', access_token) + + response = test_client.patch( + f"/users/{users['regular_user'].email}/permissions", + json={"promote": True} + ) + + assert response.status_code == 401 + assert response.json["msg"] == "Missing permissions" + + +def test_promote_user_target_not_found(test_client, setup_users, create_access_token_for_user): + """Test promotion fails when target user doesn't exist""" + users = setup_users + access_token = create_access_token_for_user(users["super_admin"].id) + + # set the JWT token as a cookie + test_client.set_cookie('access_token', access_token) + + response = test_client.patch( + "/users/nonexistent@example.com/permissions", + json={"promote": True} + ) + + assert response.status_code == 500 + assert response.json["msg"] == "No user matches RCS ID" + + +def test_promote_user_no_jwt_token(test_client, setup_users): + """Test promotion fails when no JWT token is provided""" + users = setup_users + + # clear existing cookies + test_client.delete_cookie('access_token') + + response = test_client.patch( + f"/users/{users['regular_user'].email}/permissions", + json={"promote": True} + ) + + assert response.status_code == 401 \ No newline at end of file From e88935a2a6991e42bb19f07aac419dcd42ba7bdd Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Fri, 21 Nov 2025 13:28:02 -0500 Subject: [PATCH 08/13] improve readability and consistency --- labconnect/main/auth_routes.py | 2 +- tests/test_manager_promotion.py | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index bb56458e..3ac1a3c7 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -201,7 +201,7 @@ def registerUser() -> Response: @jwt_required() def promoteUser(email: str) -> Response: json_data = request.json - if not json_data: + if not json_data or not json_data.get("promote"): abort(400) # if user accessing doesn't have the right perms then they can't assign perms diff --git a/tests/test_manager_promotion.py b/tests/test_manager_promotion.py index b79be7a8..25d3e2ce 100644 --- a/tests/test_manager_promotion.py +++ b/tests/test_manager_promotion.py @@ -2,6 +2,8 @@ from flask import Flask from labconnect.models import User, ManagementPermissions from labconnect import db +from flask_jwt_extended import create_access_token + @pytest.fixture @@ -30,7 +32,7 @@ def setup_users(test_client, setup_database): last_name="Admin" ) db.session.add(super_admin) - db.session.flush() + db.session.commit() super_admin_perms = ManagementPermissions( user_id=super_admin.id, @@ -47,7 +49,7 @@ def setup_users(test_client, setup_database): last_name="User" ) db.session.add(regular_user) - db.session.flush() + db.session.commit() regular_user_perms = ManagementPermissions( user_id=regular_user.id, @@ -64,7 +66,7 @@ def setup_users(test_client, setup_database): last_name="Admin" ) db.session.add(non_admin) - db.session.flush() + db.session.commit() non_admin_perms = ManagementPermissions( user_id=non_admin.id, @@ -85,7 +87,6 @@ def setup_users(test_client, setup_database): @pytest.fixture def create_access_token_for_user(): """Create a real JWT access token for testing""" - from flask_jwt_extended import create_access_token def _create_token(user_id): return create_access_token(identity=user_id) From 31612433d5fb6a80b79a593ca1c73424bf3a7569 Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Thu, 4 Dec 2025 18:08:45 -0500 Subject: [PATCH 09/13] Remove bloat --- config.py | 1 + labconnect/main/auth_routes.py | 7 ++++++- tests/conftest.py | 3 ++- tests/test_authentication.py | 11 ++++------- tests/test_general.py | 1 - tests/test_manager_promotion.py | 5 ++++- 6 files changed, 17 insertions(+), 11 deletions(-) diff --git a/config.py b/config.py index d973c9c5..a2c3f752 100644 --- a/config.py +++ b/config.py @@ -36,6 +36,7 @@ class Config: JWT_TOKEN_LOCATION = ["cookies"] JWT_COOKIE_CSRF_PROTECT = True JWT_CSRF_CHECK_FORM = True + JWT_CSRF_HEADER = "X-CSRFToken" JWT_COOKIE_SECURE = True JWT_COOKIE_SAMESITE = "Strict" JWT_ACCESS_COOKIE_NAME = "access_token" diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index 3ac1a3c7..7bda1c18 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -216,7 +216,12 @@ def promoteUser(email: str) -> Response: return make_response({"msg": "No user matches RCS ID"}, 500) management_permissions = db.session.query(ManagementPermissions).filter_by(user_id=manager.id).first() - management_permissions.admin = True + + if management_permissions is None: + management_permissions = ManagementPermissions(user_id=manager.id, admin=True) + db.session.add(management_permissions) + else: + management_permissions.admin = True db.session.commit() diff --git a/tests/conftest.py b/tests/conftest.py index 6ff11a5d..da5601cd 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -17,7 +17,8 @@ def test_client(): # Set the Testing configuration prior to creating the Flask application flask_app = create_app() - flask_app.config.update({"TESTING": True, "DEBUG": True, "JWT_COOKIE_CSRF_PROTECT": False}) + flask_app.config.update({"TESTING": True, "DEBUG": True}) + # Create a test client using the Flask application configured for testing with flask_app.test_client() as testing_client: diff --git a/tests/test_authentication.py b/tests/test_authentication.py index e9076e9f..c1e141ae 100644 --- a/tests/test_authentication.py +++ b/tests/test_authentication.py @@ -2,9 +2,9 @@ Test authentication routes """ -from flask import json -from flask.testing import FlaskClient -import pytest +# from flask import json +# from flask.testing import FlaskClient +# import pytest # def test_login_route_one(test_client: FlaskClient) -> None: @@ -159,7 +159,4 @@ # response = test_client.post("/login") -# assert response.status_code == 400 - -# def test_promotion(test_client: FlaskClient) -> None: - \ No newline at end of file +# assert response.status_code == 400 \ No newline at end of file diff --git a/tests/test_general.py b/tests/test_general.py index 719efd35..6e440786 100644 --- a/tests/test_general.py +++ b/tests/test_general.py @@ -52,7 +52,6 @@ def test_profile_page(test_client: FlaskClient, input_id, expected_profile) -> N headers={'Authorization': f'Bearer {access_token}'} ) - print(response.data) assert response.status_code == 200 json_data = json.loads(response.data) diff --git a/tests/test_manager_promotion.py b/tests/test_manager_promotion.py index 25d3e2ce..c9c4353c 100644 --- a/tests/test_manager_promotion.py +++ b/tests/test_manager_promotion.py @@ -1,5 +1,4 @@ import pytest -from flask import Flask from labconnect.models import User, ManagementPermissions from labconnect import db from flask_jwt_extended import create_access_token @@ -99,11 +98,14 @@ def test_promote_user_success(test_client, setup_users, create_access_token_for_ users = setup_users access_token = create_access_token_for_user(users["super_admin"].id) + # set the JWT token as a cookie test_client.set_cookie('access_token', access_token) response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", + # get csrf token and then set it in the headers + # headers=["X-CSRFToken":], json={"promote": True} ) @@ -141,6 +143,7 @@ def test_promote_user_no_super_admin_perms(test_client, setup_users, create_acce # set the JWT token as a cookie test_client.set_cookie('access_token', access_token) + response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", json={"promote": True} From 2b099911123d0fdc66b8d7371136a7fc85eb30eb Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Fri, 5 Dec 2025 16:42:06 -0500 Subject: [PATCH 10/13] Testing fixes - used bearer tokens to help authenticate tests along with cookies - ruff fixes - TODO: try to simulate csrf token for testing --- config.py | 1 - labconnect/main/auth_routes.py | 9 ++++--- labconnect/serializers.py | 2 +- tests/conftest.py | 7 +++++- tests/test_general.py | 6 +++-- tests/test_manager_promotion.py | 43 ++++++++++++++------------------- 6 files changed, 35 insertions(+), 33 deletions(-) diff --git a/config.py b/config.py index a2c3f752..d973c9c5 100644 --- a/config.py +++ b/config.py @@ -36,7 +36,6 @@ class Config: JWT_TOKEN_LOCATION = ["cookies"] JWT_COOKIE_CSRF_PROTECT = True JWT_CSRF_CHECK_FORM = True - JWT_CSRF_HEADER = "X-CSRFToken" JWT_COOKIE_SECURE = True JWT_COOKIE_SAMESITE = "Strict" JWT_ACCESS_COOKIE_NAME = "access_token" diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index 7bda1c18..6ffb3f27 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -23,7 +23,6 @@ UserCourses, UserDepartments, UserMajors, - LabManager ) from . import main_blueprint @@ -206,7 +205,9 @@ def promoteUser(email: str) -> Response: # if user accessing doesn't have the right perms then they can't assign perms promoter_id = get_jwt_identity() - promoter_perms = db.session.query(ManagementPermissions).filter_by(user_id=promoter_id).first() + promoter_perms = db.session.query(ManagementPermissions).filter_by( + user_id=promoter_id + ).first() if not promoter_perms or not promoter_perms.super_admin: return make_response({"msg": "Missing permissions"}, 401) @@ -215,7 +216,9 @@ def promoteUser(email: str) -> Response: if not manager: return make_response({"msg": "No user matches RCS ID"}, 500) - management_permissions = db.session.query(ManagementPermissions).filter_by(user_id=manager.id).first() + management_permissions = db.session.query(ManagementPermissions).filter_by( + user_id=manager.id + ).first() if management_permissions is None: management_permissions = ManagementPermissions(user_id=manager.id, admin=True) diff --git a/labconnect/serializers.py b/labconnect/serializers.py index 97ba9d9d..f4081da6 100644 --- a/labconnect/serializers.py +++ b/labconnect/serializers.py @@ -2,7 +2,7 @@ from labconnect.models import Courses, Opportunities -def serialize_course(course: Courses) -> str: +def serialize_course(course: Courses) -> dict: course = {'code': course.code, 'name': course.name} return course diff --git a/tests/conftest.py b/tests/conftest.py index da5601cd..eeeae20c 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -17,7 +17,12 @@ def test_client(): # Set the Testing configuration prior to creating the Flask application flask_app = create_app() - flask_app.config.update({"TESTING": True, "DEBUG": True}) + flask_app.config.update({ + "TESTING": True, + "DEBUG": True, + 'JWT_TOKEN_LOCATION': ['cookies', 'headers'], + 'JWT_COOKIE_CSRF_PROTECT': True + }) # Create a test client using the Flask application configured for testing diff --git a/tests/test_general.py b/tests/test_general.py index 6e440786..680ce754 100644 --- a/tests/test_general.py +++ b/tests/test_general.py @@ -28,7 +28,8 @@ def test_home_page(test_client: FlaskClient) -> None: { "id": "cenzar", "first_name": "Rafael", - "opportunities": ["opportunity1"], # Replace with expected opportunities data + "opportunities": ["opportunity1"], + # Replace with expected opportunities data }, ) ], @@ -39,7 +40,8 @@ def test_profile_page(test_client: FlaskClient, input_id, expected_profile) -> N WHEN the '/profile/' page is requested (GET) THEN check that the response is valid """ - # login_response = test_client.post("/login", json={"username": "test_user", "password": "password123"}) + # login_response = test_client.post("/login", + # json={"username": "test_user", "password": "password123"}) # login_data = json.loads(login_response.data) with test_client.application.app_context(): access_token = create_access_token(identity='cenzar@rpi.edu') diff --git a/tests/test_manager_promotion.py b/tests/test_manager_promotion.py index c9c4353c..f788a844 100644 --- a/tests/test_manager_promotion.py +++ b/tests/test_manager_promotion.py @@ -1,8 +1,8 @@ import pytest -from labconnect.models import User, ManagementPermissions -from labconnect import db from flask_jwt_extended import create_access_token +from labconnect import db +from labconnect.models import ManagementPermissions, User @pytest.fixture @@ -84,7 +84,7 @@ def setup_users(test_client, setup_database): @pytest.fixture -def create_access_token_for_user(): +def create_access_token_for_user(test_client): """Create a real JWT access token for testing""" def _create_token(user_id): @@ -98,15 +98,11 @@ def test_promote_user_success(test_client, setup_users, create_access_token_for_ users = setup_users access_token = create_access_token_for_user(users["super_admin"].id) - - # set the JWT token as a cookie - test_client.set_cookie('access_token', access_token) - + # make the request with url to ensure cookies work response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", - # get csrf token and then set it in the headers - # headers=["X-CSRFToken":], - json={"promote": True} + headers={"Authorization": f"Bearer {access_token}"}, + json={"promote": True}, ) assert response.status_code == 200 @@ -119,33 +115,32 @@ def test_promote_user_success(test_client, setup_users, create_access_token_for_ assert promoted_perms.admin is True -def test_promote_user_no_json_data(test_client, setup_users, create_access_token_for_user): +def test_promote_user_no_json_data(test_client, setup_users, + create_access_token_for_user): """Test promotion fails when no JSON data is provided""" users = setup_users access_token = create_access_token_for_user(users["super_admin"].id) - # set the JWT token as a cookie - test_client.set_cookie('access_token', access_token) - response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", + headers={"Authorization": f"Bearer {access_token}"}, content_type='application/json' ) assert response.status_code == 400 -def test_promote_user_no_super_admin_perms(test_client, setup_users, create_access_token_for_user): +def test_promote_user_no_super_admin_perms(test_client, setup_users, + create_access_token_for_user): """Test promotion fails when promoter is not a super admin""" users = setup_users access_token = create_access_token_for_user(users["non_admin"].id) - # set the JWT token as a cookie - test_client.set_cookie('access_token', access_token) response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", + headers={"Authorization": f"Bearer {access_token}"}, json={"promote": True} ) @@ -153,7 +148,8 @@ def test_promote_user_no_super_admin_perms(test_client, setup_users, create_acce assert response.json["msg"] == "Missing permissions" -def test_promote_user_promoter_has_no_perms_record(test_client, setup_users, create_access_token_for_user): +def test_promote_user_promoter_has_no_perms_record(test_client, setup_users, + create_access_token_for_user): """Test promotion fails when promoter has no permissions record""" users = setup_users @@ -169,11 +165,9 @@ def test_promote_user_promoter_has_no_perms_record(test_client, setup_users, cre access_token = create_access_token_for_user(user_no_perms.id) - # set the JWT token as a cookie - test_client.set_cookie('access_token', access_token) - response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", + headers={"Authorization": f"Bearer {access_token}"}, json={"promote": True} ) @@ -181,16 +175,15 @@ def test_promote_user_promoter_has_no_perms_record(test_client, setup_users, cre assert response.json["msg"] == "Missing permissions" -def test_promote_user_target_not_found(test_client, setup_users, create_access_token_for_user): +def test_promote_user_target_not_found(test_client, setup_users, + create_access_token_for_user): """Test promotion fails when target user doesn't exist""" users = setup_users access_token = create_access_token_for_user(users["super_admin"].id) - # set the JWT token as a cookie - test_client.set_cookie('access_token', access_token) - response = test_client.patch( "/users/nonexistent@example.com/permissions", + headers={"Authorization": f"Bearer {access_token}"}, json={"promote": True} ) From 0f993d2b87c992f37bffd2805661cd144ab773fa Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Tue, 9 Dec 2025 16:56:30 -0500 Subject: [PATCH 11/13] add demotion feature --- labconnect/main/auth_routes.py | 14 +++++++---- tests/test_manager_promotion.py | 41 ++++++++++++++++++++++++++++++++- 2 files changed, 49 insertions(+), 6 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index 6ffb3f27..3981bbe4 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -194,13 +194,13 @@ def registerUser() -> Response: db.session.commit() return make_response({"msg": "New user added"}) -# promotes User to a Lab Manager +# promotes/demotes User to a Lab Manager # requires a super admin to promote @main_blueprint.patch("/users//permissions") @jwt_required() def promoteUser(email: str) -> Response: json_data = request.json - if not json_data or not json_data.get("promote"): + if not json_data or not json_data.get("promote") or not json_data.get("demote"): abort(400) # if user accessing doesn't have the right perms then they can't assign perms @@ -220,15 +220,19 @@ def promoteUser(email: str) -> Response: user_id=manager.id ).first() + if management_permissions.admin == True: + management_permissions.admin = False + + if management_permissions.admin == False: + management_permissions.admin = True + if management_permissions is None: management_permissions = ManagementPermissions(user_id=manager.id, admin=True) db.session.add(management_permissions) - else: - management_permissions.admin = True db.session.commit() - return make_response({"msg": "User promoted to Lab Manager"}, 200) + return make_response({"msg": "User Lab Manager permissions changed!"}, 200) diff --git a/tests/test_manager_promotion.py b/tests/test_manager_promotion.py index f788a844..f25bffb8 100644 --- a/tests/test_manager_promotion.py +++ b/tests/test_manager_promotion.py @@ -56,6 +56,23 @@ def setup_users(test_client, setup_database): admin=False ) db.session.add(regular_user_perms) + + # add demotable user + regular_user2 = User( + id="regular02", + email="regular2@example.com", + first_name="Regular2", + last_name="User2" + ) + db.session.add(regular_user2) + db.session.commit() + + regular_user2_perms = ManagementPermissions( + user_id=regular_user2.id, + super_admin=False, + admin=True + ) + db.session.add(regular_user2_perms) # add non-super-admin user non_admin = User( @@ -79,6 +96,7 @@ def setup_users(test_client, setup_database): yield { "super_admin": super_admin, "regular_user": regular_user, + "regular_user2": regular_user2, "non_admin": non_admin } @@ -106,7 +124,7 @@ def test_promote_user_success(test_client, setup_users, create_access_token_for_ ) assert response.status_code == 200 - assert response.json["msg"] == "User promoted to Lab Manager" + assert response.json["msg"] == "User Lab Manager permissions changed!" # verify the user was actually promoted promoted_perms = db.session.query(ManagementPermissions).filter_by( @@ -114,6 +132,27 @@ def test_promote_user_success(test_client, setup_users, create_access_token_for_ ).first() assert promoted_perms.admin is True +def test_demote_user_success(test_client, setup_users, create_access_token_for_user): + """Test successful user demotion by super admin""" + users = setup_users + access_token = create_access_token_for_user(users["super_admin"].id) + + # demote user + response = test_client.patch( + f"/users/{users['regular_user2'].email}/permissions", + headers={"Authorization": f"Bearer {access_token}"}, + json={"demote": True}, + ) + + assert response.status_code == 200 + assert response.json["msg"] == "User Lab Manager permissions changed!" + + # verify the user was actually promoted + demoted_perms = db.session.query(ManagementPermissions).filter_by( + user_id=users["regular_user2"].id + ).first() + assert demoted_perms.admin is False + def test_promote_user_no_json_data(test_client, setup_users, create_access_token_for_user): From a6e303320286a315c9f0205d871a72f062f0e1b6 Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Tue, 9 Dec 2025 17:12:57 -0500 Subject: [PATCH 12/13] fix and update demote --- labconnect/main/auth_routes.py | 5 ++--- tests/test_manager_promotion.py | 13 ++++++------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index 3981bbe4..b256f85c 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -200,7 +200,7 @@ def registerUser() -> Response: @jwt_required() def promoteUser(email: str) -> Response: json_data = request.json - if not json_data or not json_data.get("promote") or not json_data.get("demote"): + if not json_data or not json_data.get("change_status"): abort(400) # if user accessing doesn't have the right perms then they can't assign perms @@ -222,8 +222,7 @@ def promoteUser(email: str) -> Response: if management_permissions.admin == True: management_permissions.admin = False - - if management_permissions.admin == False: + elif management_permissions.admin == False: management_permissions.admin = True if management_permissions is None: diff --git a/tests/test_manager_promotion.py b/tests/test_manager_promotion.py index f25bffb8..62771d4e 100644 --- a/tests/test_manager_promotion.py +++ b/tests/test_manager_promotion.py @@ -120,7 +120,7 @@ def test_promote_user_success(test_client, setup_users, create_access_token_for_ response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", headers={"Authorization": f"Bearer {access_token}"}, - json={"promote": True}, + json={"change_status": True}, ) assert response.status_code == 200 @@ -141,7 +141,7 @@ def test_demote_user_success(test_client, setup_users, create_access_token_for_u response = test_client.patch( f"/users/{users['regular_user2'].email}/permissions", headers={"Authorization": f"Bearer {access_token}"}, - json={"demote": True}, + json={"change_status": True}, ) assert response.status_code == 200 @@ -153,7 +153,6 @@ def test_demote_user_success(test_client, setup_users, create_access_token_for_u ).first() assert demoted_perms.admin is False - def test_promote_user_no_json_data(test_client, setup_users, create_access_token_for_user): """Test promotion fails when no JSON data is provided""" @@ -180,7 +179,7 @@ def test_promote_user_no_super_admin_perms(test_client, setup_users, response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", headers={"Authorization": f"Bearer {access_token}"}, - json={"promote": True} + json={"change_status": True} ) assert response.status_code == 401 @@ -207,7 +206,7 @@ def test_promote_user_promoter_has_no_perms_record(test_client, setup_users, response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", headers={"Authorization": f"Bearer {access_token}"}, - json={"promote": True} + json={"change_status": True} ) assert response.status_code == 401 @@ -223,7 +222,7 @@ def test_promote_user_target_not_found(test_client, setup_users, response = test_client.patch( "/users/nonexistent@example.com/permissions", headers={"Authorization": f"Bearer {access_token}"}, - json={"promote": True} + json={"change_status": True} ) assert response.status_code == 500 @@ -239,7 +238,7 @@ def test_promote_user_no_jwt_token(test_client, setup_users): response = test_client.patch( f"/users/{users['regular_user'].email}/permissions", - json={"promote": True} + json={"change_status": True} ) assert response.status_code == 401 \ No newline at end of file From 2009d3617567abc748b6a55820b938988b7d873f Mon Sep 17 00:00:00 2001 From: aniket132123 Date: Wed, 10 Dec 2025 21:36:02 -0500 Subject: [PATCH 13/13] Ruff lint changes --- labconnect/main/auth_routes.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/labconnect/main/auth_routes.py b/labconnect/main/auth_routes.py index b256f85c..84d98876 100644 --- a/labconnect/main/auth_routes.py +++ b/labconnect/main/auth_routes.py @@ -220,9 +220,9 @@ def promoteUser(email: str) -> Response: user_id=manager.id ).first() - if management_permissions.admin == True: + if management_permissions.admin: management_permissions.admin = False - elif management_permissions.admin == False: + elif not management_permissions.admin: management_permissions.admin = True if management_permissions is None: