alphax/tests/test_paper_trading_admin_access.py

from datetime import datetime, timedelta

from fastapi.testclient import TestClient

from app.db import auth_db
from app.web import web_server


def _login_user(email: str, password: str = "StrongPass123", admin: bool = False) -> str:
    reg = auth_db.register_user(email, password)
    auth_db.verify_email(email, reg["verification_code"])
    user = auth_db.get_user_by_email(email)
    auth_db.claim_free_trial(user["id"])
    if admin:
        auth_db.set_user_admin(email, True)
    return auth_db.login_user(email, password)["token"]


def test_paper_trading_page_requires_admin_for_normal_subscriber():
    token = _login_user("normal-paper@example.com")
    client = TestClient(web_server.app)
    client.cookies.set("altcoin_session", token)

    resp = client.get("/paper-trading")

    assert resp.status_code == 403
    assert "需要管理员权限" in resp.text


def test_paper_trading_api_requires_admin_for_normal_subscriber():
    token = _login_user("normal-api-paper@example.com")
    client = TestClient(web_server.app)
    client.cookies.set("altcoin_session", token)

    summary = client.get("/api/paper-trading/summary")
    trades = client.get("/api/paper-trading/trades")

    assert summary.status_code == 403
    assert trades.status_code == 403


def test_paper_trading_admin_can_access_page_and_api():
    token = _login_user("admin-paper@example.com", admin=True)
    client = TestClient(web_server.app)
    client.cookies.set("altcoin_session", token)

    page = client.get("/paper-trading")
    summary = client.get("/api/paper-trading/summary")

    assert page.status_code == 200
    assert "策略交易" in page.text
    assert summary.status_code == 200
    assert "account_equity_usdt" in summary.json()


def test_sidebar_hides_paper_trading_with_admin_link_class():
    client = TestClient(web_server.app)
    resp = client.get("/app")

    assert resp.status_code == 200
    assert 'href="/paper-trading" style="display:none"' in resp.text
    assert 'admin-link' in resp.text