#!/usr/bin/env python3 import requests import json # Test regular user (zhangsan) applications access to ensure they only see their own login_data = { 'username': 'zhangsan', 'password': '123456' } try: # Login as zhangsan user login_response = requests.post('http://localhost:8000/api/v1/auth/login', json=login_data) if login_response.status_code == 200: login_result = login_response.json() if login_result.get('code') == 0: token = login_result['data']['access_token'] print('✅ Zhangsan user login successful') # Get user profile to check roles headers = {'Authorization': f'Bearer {token}'} profile_response = requests.get('http://localhost:8000/api/v1/users/profile', headers=headers) if profile_response.status_code == 200: profile_result = profile_response.json() if profile_result.get('code') == 0: profile = profile_result['data'] print(f'👤 Zhangsan roles: {profile.get("roles", [])}') # Get applications list apps_response = requests.get('http://localhost:8000/api/v1/apps', headers=headers) if apps_response.status_code == 200: apps_result = apps_response.json() if apps_result.get('code') == 0: apps_data = apps_result['data'] apps = apps_data.get('items', []) total = apps_data.get('total', 0) print(f'✅ Zhangsan can access applications API') print(f'📱 Zhangsan sees {len(apps)} applications (total: {total})') if apps: for app in apps: print(f' App: {app["name"]} (Key: {app["app_key"]})') print(f' Description: {app.get("description", "N/A")}') print() print('⚠️ Regular user should only see their own applications!') else: print('✅ Regular user sees no applications (correct - they have not created any)') else: print(f'❌ Applications API error: {apps_result.get("message")}') else: print(f'❌ Applications API HTTP error: {apps_response.status_code}') else: print(f'❌ Login error: {login_result.get("message")}') else: print(f'❌ Login HTTP error: {login_response.status_code}') except Exception as e: print(f'❌ Request error: {e}')