feat(5.12): modal editare + cont obligatoriu la import; design.md + PRD 5.13 revizuit (/autoplan)
5.12 (livrat): editare in modal a randurilor de preview, cont obligatoriu inainte de import, formular editare extras (_form_editare, _editare_preview_modal), plus suita de teste aferenta (preview edit/compact, mapare op, form editare, signup, admin panel). Design + planificare: - docs/design.md: sistem de design (tokeni, breakpoints, scara control, componente, a11y). - docs/prd/prd-5.12-* si prd-5.13-* (5.13 cu raport /autoplan: CEO+Design+Eng, audit trail). Curatare: sterse PNG-urile de test/mockup temporare din radacina. Nota: implementarea CSS 5.13 (responsive compact + sistem butoane) NU e inca facuta — planul revizuit cere refactorul testelor fragile din test_web_responsive.py INAINTE de CSS. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -55,9 +55,11 @@ def _get_csrf(client: TestClient, url: str) -> str:
|
||||
|
||||
def _signup(client: TestClient, name: str, email: str, password: str = "parola_test_001") -> int:
|
||||
"""Creeaza cont via POST /signup si intoarce account_id."""
|
||||
from tests.conftest import make_test_cui
|
||||
token = _get_csrf(client, "/signup")
|
||||
resp = client.post("/signup", data={
|
||||
"name": name,
|
||||
"cui": make_test_cui(email),
|
||||
"email": email,
|
||||
"parola": password,
|
||||
"csrf_token": token,
|
||||
@@ -211,3 +213,51 @@ def test_activate_fara_csrf_403(client):
|
||||
assert resp.status_code == 403, (
|
||||
f"POST fara CSRF trebuia 403, got {resp.status_code}"
|
||||
)
|
||||
|
||||
|
||||
def test_activare_cont_incomplet_refuzata(client):
|
||||
"""Admin nu poate activa un cont incomplet (fara email/CUI) — contul ramane pending.
|
||||
|
||||
Gate pe account_is_complete: un cont fara companie+email+CUI nu poate fi activat
|
||||
de admin (buton dezactivat in UI + server refuza activarea).
|
||||
"""
|
||||
# Cream cont pending INCOMPLET direct prin create_account (fara email/CUI)
|
||||
from app.accounts import create_account
|
||||
from app.users import create_user
|
||||
from app.db import get_connection
|
||||
|
||||
conn = get_connection()
|
||||
try:
|
||||
incomplete_id = create_account(conn, "Firma Incompleta SRL", active=False)
|
||||
create_user(conn, incomplete_id, "incompleta@test.ro", "parola_test_001")
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
# Admin
|
||||
admin_id = _signup(client, "Admin Gate SA", "admin_gate@test.ro")
|
||||
_make_admin(admin_id)
|
||||
_login(client, "admin_gate@test.ro")
|
||||
|
||||
# Obtine CSRF din /admin
|
||||
resp = client.get("/admin")
|
||||
assert resp.status_code == 200
|
||||
m = re.search(r'name="csrf_token"\s+value="([^"]+)"', resp.text)
|
||||
if not m:
|
||||
m = re.search(r'value="([^"]+)"\s+name="csrf_token"', resp.text)
|
||||
assert m, "csrf_token negasit in /admin"
|
||||
csrf = m.group(1)
|
||||
|
||||
# Incearca sa activeze contul incomplet
|
||||
resp2 = client.post("/admin/activate", data={
|
||||
"account_id": str(incomplete_id),
|
||||
"csrf_token": csrf,
|
||||
})
|
||||
# Fie 303 redirect, fie pagina cu eroare — important: contul NU e activat
|
||||
assert resp2.status_code in (200, 303, 422), (
|
||||
f"Raspuns neasteptat: {resp2.status_code}"
|
||||
)
|
||||
|
||||
# Verifica in DB: contul ramane pending (neactivat)
|
||||
assert not _get_account_active(incomplete_id), (
|
||||
"Contul incomplet (fara email/CUI) a fost activat — gate pe account_is_complete nu functioneaza"
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user