-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Test object-less models and fix validation
- Loading branch information
1 parent
2c59096
commit 94ba079
Showing
7 changed files
with
120 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
test_app/tests/rbac/features/test_object_roles_disabled.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
import pytest | ||
from django.contrib.contenttypes.models import ContentType | ||
from rest_framework.exceptions import ValidationError | ||
from rest_framework.reverse import reverse | ||
|
||
from ansible_base.rbac.models import DABPermission, RoleDefinition | ||
from ansible_base.rbac.validators import permissions_allowed_for_role, validate_permissions_for_model | ||
from test_app.models import MemberGuide | ||
|
||
|
||
@pytest.fixture | ||
def member_guide(organization): | ||
return MemberGuide.objects.create(name='Beginner stuff', article='This is where you file a ticket: https://foo.invalid', organization=organization) | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_org_admin_access(rando, organization, member_guide): | ||
assert not rando.has_obj_perm(member_guide, 'change') | ||
RoleDefinition.objects.managed.org_admin.give_permission(rando, organization) | ||
assert rando.has_obj_perm(member_guide, 'change') | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_no_permissions_allowed_for_model(): | ||
assert permissions_allowed_for_role(MemberGuide) == {} | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_role_definition_validation_error(): | ||
mg_ct = ContentType.objects.get_for_model(MemberGuide) | ||
permissions = [DABPermission.objects.get(codename='view_memberguide')] | ||
with pytest.raises(ValidationError) as exc: | ||
validate_permissions_for_model(permissions, mg_ct) | ||
assert 'Creating roles for the member guide model is disabled' in str(exc) | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_custom_role_denied_elegantly(admin_api_client): | ||
url = reverse('roledefinition-list') | ||
data = {'name': 'MemberGuide object role', 'permissions': ['local.view_memberguide'], 'content_type': 'local.memberguide'} | ||
response = admin_api_client.post(url, data=data, format='json') | ||
assert response.status_code == 400, response.data | ||
assert 'Creating roles for the member guide model is disabled' in str(response.data['content_type']) | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_role_metadata_without_object_roles(user_api_client): | ||
url = reverse('role-metadata') | ||
response = user_api_client.get(url) | ||
assert 'allowed_permissions' in response.data | ||
allowed_permissions = response.data['allowed_permissions'] | ||
assert 'shared.organization' in allowed_permissions.keys() # sanity | ||
assert 'memberguide' not in str(allowed_permissions.keys()) | ||
assert 'aap.change_memberguide' in allowed_permissions['shared.organization'] | ||
|
||
|
||
@pytest.mark.django_db | ||
def test_custom_role_for_organization(admin_api_client, rando, member_guide, organization): | ||
url = reverse('roledefinition-list') | ||
data = {'name': 'MemberGuide view', 'permissions': ['local.view_memberguide'], 'content_type': 'local.organization'} | ||
response = admin_api_client.post(url, data=data, format='json') | ||
assert response.status_code == 201, response.data | ||
|
||
assert not rando.has_obj_perm(member_guide, 'view') | ||
rd = RoleDefinition.objects.get(id=response.data['id']) | ||
rd.give_permission(rando, organization) | ||
assert rando.has_obj_perm(member_guide, 'view') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters