Hugging Face's logo

Spaces:
cuatrolabs
/
cuatrolabs-scm-ms
Runtime error

App Files Community
cuatrolabs-scm-ms / tests /test_access_control.sh
MukeshKapoor25's picture
MukeshKapoor25
backup
1dcf965
raw
history blame contribute delete
4.19 kB
#!/bin/bash
# Test script to verify merchant settings access control functionality
echo "πŸ” Testing Merchant Settings Access Control"
echo "=================================================="
BASE_URL="http://127.0.0.1:8001"
echo ""
echo "1️⃣ Testing Unauthenticated Access (Should be blocked)"
echo "----------------------------------------------------"
response=$(curl -s -w "HTTP_CODE:%{http_code}" "$BASE_URL/merchant-settings")
http_code=$(echo "$response" | grep -o "HTTP_CODE:[0-9]*" | cut -d: -f2)
if [ "$http_code" = "403" ]; then
 echo "βœ… Unauthenticated access properly blocked (403)"
else
 echo "❌ Expected 403, got $http_code"
fi
echo ""
echo "2️⃣ Testing SuperAdmin Login"
echo "-----------------------------"
superadmin_response=$(curl -s -X POST "$BASE_URL/auth/login" \
 -H "Content-Type: application/json" \
 -d '{"email_or_phone": "superadmin", "password": "SuperAdmin@123"}')
if echo "$superadmin_response" | grep -q "access_token"; then
 echo "βœ… SuperAdmin login successful"
 superadmin_token=$(echo "$superadmin_response" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)
echo ""
 echo "3️⃣ Testing SuperAdmin Access to Merchant Settings"
 echo "--------------------------------------------------"
 settings_response=$(curl -s -w "HTTP_CODE:%{http_code}" \
 -H "Authorization: Bearer $superadmin_token" \
 "$BASE_URL/merchant-settings")
http_code=$(echo "$settings_response" | grep -o "HTTP_CODE:[0-9]*" | cut -d: -f2)
 if [ "$http_code" = "200" ]; then
 echo "βœ… SuperAdmin can access merchant settings (200)"
 # Count merchant settings returned
 settings_count=$(echo "$settings_response" | grep -o '"merchant_id"' | wc -l | tr -d ' ')
 echo "πŸ“Š SuperAdmin can see $settings_count merchant settings"
 else
 echo "❌ SuperAdmin access failed with code $http_code"
 fi
else
 echo "❌ SuperAdmin login failed:"
 echo "$superadmin_response"
fi
echo ""
echo "4️⃣ Testing Regular Admin Login"
echo "-------------------------------"
admin_response=$(curl -s -X POST "$BASE_URL/auth/login" \
 -H "Content-Type: application/json" \
 -d '{"email_or_phone": "admin@cuatrolabs.com", "password": "CompanyAdmin@123"}')
if echo "$admin_response" | grep -q "access_token"; then
 echo "βœ… Regular Admin login successful"
 admin_token=$(echo "$admin_response" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)
echo ""
 echo "5️⃣ Testing Admin Access to Merchant Settings"
 echo "---------------------------------------------"
 admin_settings_response=$(curl -s -w "HTTP_CODE:%{http_code}" \
 -H "Authorization: Bearer $admin_token" \
 "$BASE_URL/merchant-settings")
http_code=$(echo "$admin_settings_response" | grep -o "HTTP_CODE:[0-9]*" | cut -d: -f2)
 if [ "$http_code" = "200" ]; then
 echo "βœ… Admin can access merchant settings (200)"
 # Count merchant settings returned for admin
 admin_settings_count=$(echo "$admin_settings_response" | grep -o '"merchant_id"' | wc -l | tr -d ' ')
 echo "πŸ“Š Admin can see $admin_settings_count merchant settings"
 else
 echo "❌ Admin access failed with code $http_code"
 echo "Response: $admin_settings_response"
 fi
echo ""
 echo "6️⃣ Testing Admin /my-settings Endpoint"
 echo "--------------------------------------"
 my_settings_response=$(curl -s -w "HTTP_CODE:%{http_code}" \
 -H "Authorization: Bearer $admin_token" \
 "$BASE_URL/merchant-settings/my-settings")
http_code=$(echo "$my_settings_response" | grep -o "HTTP_CODE:[0-9]*" | cut -d: -f2)
 if [ "$http_code" = "200" ]; then
 echo "βœ… Admin can access /my-settings endpoint (200)"
 else
 echo "❌ Admin /my-settings access failed with code $http_code"
 echo "Response: $my_settings_response"
 fi
else
 echo "❌ Regular Admin login failed:"
 echo "$admin_response"
fi
echo ""
echo "=================================================="
echo "🎯 Access Control Test Complete"
echo "=================================================="