Spaces:
Runtime error
Runtime error
| #!/usr/bin/env python3 | |
| """ | |
| Test script to verify merchant settings access control functionality | |
| """ | |
| import asyncio | |
| import httpx | |
| import json | |
| BASE_URL = "http://127.0.0.1:8001" | |
| async def test_access_control(): | |
| """Test merchant settings access control with different users""" | |
| async with httpx.AsyncClient() as client: | |
| print("π Testing Merchant Settings Access Control") | |
| print("=" * 50) | |
| # Test 1: Login with superadmin | |
| print("\n1οΈβ£ Testing SuperAdmin Access") | |
| try: | |
| login_response = await client.post( | |
| f"{BASE_URL}/auth/login", | |
| json={ | |
| "email_or_phone": "superadmin", | |
| "password": "SuperAdmin@123" | |
| } | |
| ) | |
| print(f"SuperAdmin login status: {login_response.status_code}") | |
| if login_response.status_code == 200: | |
| superadmin_token = login_response.json()["access_token"] | |
| print("β SuperAdmin login successful") | |
| # Test superadmin can see all merchant settings | |
| headers = {"Authorization": f"Bearer {superadmin_token}"} | |
| settings_response = await client.get(f"{BASE_URL}/merchant-settings", headers=headers) | |
| print(f"SuperAdmin merchant settings access: {settings_response.status_code}") | |
| if settings_response.status_code == 200: | |
| settings_data = settings_response.json() | |
| print(f"β SuperAdmin can see {len(settings_data)} merchant settings") | |
| else: | |
| print(f"β SuperAdmin settings access failed: {settings_response.text}") | |
| else: | |
| print(f"β SuperAdmin login failed: {login_response.text}") | |
| except Exception as e: | |
| print(f"β SuperAdmin test failed: {e}") | |
| # Test 2: Login with regular admin | |
| print("\n2οΈβ£ Testing Regular Admin Access") | |
| try: | |
| login_response = await client.post( | |
| f"{BASE_URL}/auth/login", | |
| json={ | |
| "email_or_phone": "admin@cuatrolabs.com", | |
| "password": "CompanyAdmin@123" | |
| } | |
| ) | |
| print(f"Admin login status: {login_response.status_code}") | |
| if login_response.status_code == 200: | |
| admin_token = login_response.json()["access_token"] | |
| print("β Admin login successful") | |
| # Test admin can see their merchant settings | |
| headers = {"Authorization": f"Bearer {admin_token}"} | |
| settings_response = await client.get(f"{BASE_URL}/merchant-settings", headers=headers) | |
| print(f"Admin merchant settings access: {settings_response.status_code}") | |
| if settings_response.status_code == 200: | |
| settings_data = settings_response.json() | |
| print(f"β Admin can see {len(settings_data)} merchant settings") | |
| else: | |
| print(f"β Admin settings access failed: {settings_response.text}") | |
| # Test /my-settings endpoint | |
| my_settings_response = await client.get(f"{BASE_URL}/merchant-settings/my-settings", headers=headers) | |
| print(f"Admin /my-settings access: {my_settings_response.status_code}") | |
| if my_settings_response.status_code == 200: | |
| print("β Admin can access /my-settings endpoint") | |
| else: | |
| print(f"β Admin /my-settings failed: {my_settings_response.text}") | |
| else: | |
| print(f"β Admin login failed: {login_response.text}") | |
| except Exception as e: | |
| print(f"β Admin test failed: {e}") | |
| # Test 3: Try to access without authentication | |
| print("\n3οΈβ£ Testing Unauthenticated Access") | |
| try: | |
| settings_response = await client.get(f"{BASE_URL}/merchant-settings") | |
| print(f"Unauthenticated access status: {settings_response.status_code}") | |
| if settings_response.status_code == 403: | |
| print("β Unauthenticated access properly blocked") | |
| else: | |
| print(f"β Unauthenticated access should be blocked: {settings_response.text}") | |
| except Exception as e: | |
| print(f"β Unauthenticated test failed: {e}") | |
| print("\n" + "=" * 50) | |
| print("π― Access Control Test Complete") | |
| if __name__ == "__main__": | |
| asyncio.run(test_access_control()) |