#!/usr/bin/env python3 """ Test script for the new simplified 4-tier permission system """ import sys import os sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'app')) from permissions_simple import check_access, validate_user_modules, get_user_accessible_pages def test_permission_system(): """Test the new permission system with various scenarios""" print("Testing Simplified 4-Tier Permission System") print("=" * 50) # Test cases: (role, modules, page, expected_result) test_cases = [ # Superadmin tests ('superadmin', [], 'dashboard', True), ('superadmin', [], 'role_permissions', True), ('superadmin', [], 'quality', True), ('superadmin', [], 'warehouse', True), # Admin tests ('admin', [], 'dashboard', True), ('admin', [], 'role_permissions', False), # Restricted for admin ('admin', [], 'download_extension', False), # Restricted for admin ('admin', [], 'quality', True), ('admin', [], 'warehouse', True), # Manager tests ('manager', ['quality'], 'quality', True), ('manager', ['quality'], 'quality_reports', True), ('manager', ['quality'], 'warehouse', False), # No warehouse module ('manager', ['warehouse'], 'warehouse', True), ('manager', ['warehouse'], 'quality', False), # No quality module ('manager', ['quality', 'warehouse'], 'quality', True), # Multiple modules ('manager', ['quality', 'warehouse'], 'warehouse', True), # Worker tests ('worker', ['quality'], 'quality', True), ('worker', ['quality'], 'quality_reports', False), # Workers can't access reports ('worker', ['quality'], 'warehouse', False), # No warehouse module ('worker', ['warehouse'], 'move_orders', True), ('worker', ['warehouse'], 'create_locations', False), # Workers can't create locations # Invalid role test ('invalid_role', ['quality'], 'quality', False), ] print("Testing access control:") print("-" * 30) passed = 0 failed = 0 for role, modules, page, expected in test_cases: result = check_access(role, modules, page) status = "PASS" if result == expected else "FAIL" print(f"{status}: {role:12} {str(modules):20} {page:18} -> {result} (expected {expected})") if result == expected: passed += 1 else: failed += 1 print(f"\nResults: {passed} passed, {failed} failed") # Test module validation print("\nTesting module validation:") print("-" * 30) validation_tests = [ ('superadmin', ['quality'], True), # Superadmin can have any modules ('admin', ['warehouse'], True), # Admin can have any modules ('manager', ['quality'], True), # Manager can have one module ('manager', ['quality', 'warehouse'], True), # Manager can have multiple modules ('manager', [], False), # Manager must have at least one module ('worker', ['quality'], True), # Worker can have one module ('worker', ['quality', 'warehouse'], False), # Worker cannot have multiple modules ('worker', [], False), # Worker must have exactly one module ('invalid_role', ['quality'], False), # Invalid role ] for role, modules, expected in validation_tests: is_valid, error_msg = validate_user_modules(role, modules) status = "PASS" if is_valid == expected else "FAIL" print(f"{status}: {role:12} {str(modules):20} -> {is_valid} (expected {expected})") if error_msg: print(f" Error: {error_msg}") # Test accessible pages for different users print("\nTesting accessible pages:") print("-" * 30) user_tests = [ ('superadmin', []), ('admin', []), ('manager', ['quality']), ('manager', ['warehouse']), ('worker', ['quality']), ('worker', ['warehouse']), ] for role, modules in user_tests: accessible_pages = get_user_accessible_pages(role, modules) print(f"{role:12} {str(modules):20} -> {len(accessible_pages)} pages: {', '.join(accessible_pages[:5])}{'...' if len(accessible_pages) > 5 else ''}") if __name__ == "__main__": test_permission_system()