89 lines
4.1 KiB
Python
89 lines
4.1 KiB
Python
"""CMS 医院管理员 - 人员管理(用户范围)测试:CMS-HUSER-1~3。
|
|
|
|
医院管理员只能管理本院的医生/学生;机构强制本院、角色受限。
|
|
"""
|
|
from rest_framework.test import APIClient
|
|
|
|
from apps.user.models import User
|
|
from .conftest import CacheTestCase, create_test_user, get_auth_client, ensure_institution
|
|
|
|
CMS_USER_URL = '/api/cms/users/'
|
|
|
|
|
|
def u_detail(pk):
|
|
return f'/api/cms/users/{pk}/'
|
|
|
|
|
|
class HospitalAdminUserScopeTest(CacheTestCase):
|
|
def setUp(self):
|
|
super().setUp()
|
|
self.inst = ensure_institution(name='本院', code='HU-A')
|
|
self.other = ensure_institution(name='他院', code='HU-B')
|
|
self.admin = create_test_user(phone='13931000001', role_type='hospital_admin',
|
|
institution=self.inst)
|
|
self.client = get_auth_client(self.admin)
|
|
# 本院医生、学生;他院学生
|
|
self.doc = create_test_user(phone='13931000002', role_type='doctor', institution=self.inst)
|
|
self.stu = create_test_user(phone='13931000003', role_type='student', institution=self.inst)
|
|
self.other_stu = create_test_user(phone='13931000004', role_type='student', institution=self.other)
|
|
|
|
def test_list_scoped_to_own_doctor_student(self):
|
|
resp = self.client.get(CMS_USER_URL)
|
|
self.assertEqual(resp.status_code, 200, resp.content)
|
|
ids = {u['id'] for u in resp.json()['results']}
|
|
self.assertIn(self.doc.id, ids)
|
|
self.assertIn(self.stu.id, ids)
|
|
self.assertNotIn(self.other_stu.id, ids) # 他院不可见
|
|
self.assertNotIn(self.admin.id, ids) # 医院管理员自己(role=hospital_admin)不在 doctor/student 范围
|
|
|
|
def test_create_forces_own_institution(self):
|
|
# 传了他院机构,仍落本院
|
|
resp = self.client.post(CMS_USER_URL, {
|
|
'phone': '13931000010', 'real_name': '新医生', 'role_type': 'doctor',
|
|
'institution': self.other.id,
|
|
})
|
|
self.assertEqual(resp.status_code, 201, resp.content)
|
|
u = User.objects.get(phone='13931000010')
|
|
self.assertEqual(u.institution_id, self.inst.id) # 强制本院
|
|
|
|
def test_create_content_admin_allowed(self):
|
|
# 医院管理员可给本院授予内容管理员权限
|
|
resp = self.client.post(CMS_USER_URL, {
|
|
'phone': '13931000011', 'real_name': '内容员', 'role_type': 'content_admin',
|
|
})
|
|
self.assertEqual(resp.status_code, 201, resp.content)
|
|
u = User.objects.get(phone='13931000011')
|
|
self.assertEqual(u.role_type, 'content_admin')
|
|
self.assertEqual(u.institution_id, self.inst.id) # 强制本院
|
|
|
|
def test_create_role_restricted(self):
|
|
# 医院管理员不能建 hospital_admin / super_admin
|
|
for role in ('hospital_admin', 'super_admin'):
|
|
resp = self.client.post(CMS_USER_URL, {
|
|
'phone': '13931000012', 'real_name': 'x', 'role_type': role,
|
|
})
|
|
self.assertEqual(resp.status_code, 403, f'{role}: {resp.content}')
|
|
self.assertEqual(resp.json()['code'], 'CMS_ROLE_NOT_ALLOWED')
|
|
|
|
def test_cannot_touch_other_institution_user(self):
|
|
# 他院学生不在 queryset → 404
|
|
self.assertEqual(self.client.get(u_detail(self.other_stu.id)).status_code, 404)
|
|
self.assertEqual(self.client.delete(u_detail(self.other_stu.id)).status_code, 404)
|
|
|
|
def test_soft_delete_own_student(self):
|
|
resp = self.client.delete(u_detail(self.stu.id))
|
|
self.assertEqual(resp.status_code, 204, resp.content)
|
|
self.assertFalse(User.objects.filter(id=self.stu.id).exists())
|
|
|
|
def test_reset_password_own(self):
|
|
resp = self.client.post(f'/api/cms/users/{self.doc.id}/reset-password/', {})
|
|
self.assertEqual(resp.status_code, 200, resp.content)
|
|
self.assertEqual(resp.json()['password'], 'Pass13931000002')
|
|
|
|
def test_filter_by_role(self):
|
|
# 医生管理页 ?role_type=doctor
|
|
resp = self.client.get(CMS_USER_URL, {'role_type': 'doctor'})
|
|
self.assertEqual(resp.status_code, 200)
|
|
roles = {u['role_type'] for u in resp.json()['results']}
|
|
self.assertEqual(roles, {'doctor'})
|