átlagos kiegészítséek jó sok

2026-03-22 11:02:05 +00:00
parent f53e0b53df
commit 5d44339f21
249 changed files with 20922 additions and 2253 deletions
--- a/backend/app/tests/e2e/test_admin_security.py
+++ b/backend/app/tests/e2e/test_admin_security.py
@@ -0,0 +1,85 @@
+"""
+E2E teszt az admin végpontok biztonsági ellenőrzéséhez.
+Ellenőrzi, hogy normál felhasználó nem fér hozzá admin végponthoz.
+"""
+import pytest
+from fastapi.testclient import TestClient
+from app.main import app
+from app.models.identity import User, UserRole
+from app.api.deps import get_current_user
+
+
+def test_normal_user_cannot_access_admin_ping():
+    """
+    Normál felhasználó nem fér hozzá a GET /api/v1/admin/ping végponthoz.
+    Elvárt: 403 Forbidden.
+    """
+    # Mock a normal user (non-admin)
+    mock_user = User(
+        id=999,
+        email="normal@example.com",
+        role=UserRole.user,
+        is_active=True,
+        is_deleted=False,
+        subscription_plan="FREE",
+        preferred_language="hu",
+        region_code="HU",
+        preferred_currency="HUF",
+        scope_level="individual",
+        custom_permissions={}
+    )
+    
+    # Override get_current_user to return normal user
+    async def mock_get_current_user():
+        return mock_user
+    
+    app.dependency_overrides[get_current_user] = mock_get_current_user
+    
+    client = TestClient(app)
+    response = client.get("/api/v1/admin/ping")
+    
+    # Clean up
+    app.dependency_overrides.clear()
+    
+    # Assert
+    assert response.status_code == 403
+    assert "detail" in response.json()
+    print(f"Response detail: {response.json()['detail']}")
+
+
+def test_admin_user_can_access_admin_ping():
+    """
+    Admin felhasználóval a ping végpont 200-at ad vissza.
+    """
+    mock_admin = User(
+        id=1000,
+        email="admin@example.com",
+        role=UserRole.admin,
+        is_active=True,
+        is_deleted=False,
+        subscription_plan="PREMIUM",
+        preferred_language="en",
+        region_code="HU",
+        preferred_currency="EUR",
+        scope_level="global",
+        custom_permissions={}
+    )
+    
+    async def mock_get_current_user():
+        return mock_admin
+    
+    app.dependency_overrides[get_current_user] = mock_get_current_user
+    
+    client = TestClient(app)
+    response = client.get("/api/v1/admin/ping")
+    
+    app.dependency_overrides.clear()
+    
+    assert response.status_code == 200
+    data = response.json()
+    assert data["message"] == "Admin felület aktív"
+    assert data["role"] == "admin"
+
+
+if __name__ == "__main__":
+    pytest.main([__file__, "-v"])