0001-WIP-add-role-creation-API-20706.patch
| src/authentic2/api_views.py | ||
|---|---|---|
| 444 | 444 |
exclude = ('date_joined', 'user_permissions', 'groups', 'last_login')
|
| 445 | 445 | |
| 446 | 446 | |
| 447 |
class RoleSerializer(serializers.ModelSerializer): |
|
| 448 |
ou = serializers.SlugRelatedField( |
|
| 449 |
many=False, |
|
| 450 |
required=True, |
|
| 451 |
queryset=get_ou_model().objects.all(), |
|
| 452 |
slug_field='slug') |
|
| 453 | ||
| 454 |
def check_perm(self, perm, ou=None): |
|
| 455 |
self.context['view'].check_perm(perm, ou) |
|
| 456 | ||
| 457 |
def create(self, validated_data): |
|
| 458 |
if self.check_perm('a2_rbac.add_role', validated_data.get('ou')):
|
|
| 459 |
return super(RoleSerializer, self).create(validated_data) |
|
| 460 | ||
| 461 |
def update(self, instance, validated_data): |
|
| 462 |
if self.check_perm('a2_rbac.change_role', validated_data.get('ou')):
|
|
| 463 |
return super(RoleSerializer, self).update(instance, validated_data) |
|
| 464 | ||
| 465 |
class Meta: |
|
| 466 |
model = get_role_model() |
|
| 467 |
exclude = ('service', 'admin_scope_id', 'admin_scope_ct',)
|
|
| 468 |
extra_kwargs = {'uuid': {'read_only': True}}
|
|
| 469 | ||
| 470 | ||
| 447 | 471 |
class UsersFilter(FilterSet): |
| 448 | 472 |
class Meta: |
| 449 | 473 |
model = get_user_model() |
| ... | ... | |
| 576 | 600 |
return Response({'result': 1})
|
| 577 | 601 | |
| 578 | 602 | |
| 603 |
class RolesAPI(ExceptionHandlerMixin, ModelViewSet): |
|
| 604 |
permission_classes = (permissions.IsAuthenticated,) |
|
| 605 |
serializer_class = RoleSerializer |
|
| 606 |
lookup_field = 'slug' |
|
| 607 |
queryset = get_role_model().objects.all() |
|
| 608 | ||
| 609 |
def check_perm(self, perm, ou=None): |
|
| 610 |
if ou: |
|
| 611 |
if not self.request.user.has_ou_perm(perm, ou): |
|
| 612 |
raise PermissionDenied(u'User %s does not have permission %s in %s' % (user, perm, ou)) |
|
| 613 |
else: |
|
| 614 |
if not self.request.user.has_perm(perm): |
|
| 615 |
raise PermissionDenied(u'User %s do not have permission %s' % (user, perm)) |
|
| 616 | ||
| 617 | ||
| 579 | 618 |
class RoleMembershipsAPI(ExceptionHandlerMixin, APIView): |
| 580 | 619 |
permission_classes = (permissions.IsAuthenticated,) |
| 581 | 620 | |
| ... | ... | |
| 620 | 659 |
router = SimpleRouter() |
| 621 | 660 |
router.register(r'users', UsersAPI, base_name='a2-api-users') |
| 622 | 661 |
router.register(r'ous', OrganizationalUnitAPI, base_name='a2-api-ous') |
| 662 |
router.register(r'roles', RolesAPI, base_name='a2-api-roles') |
|
| 623 | 663 | |
| 624 | 664 | |
| 625 | 665 |
class CheckPasswordSerializer(serializers.Serializer): |
| tests/test_api.py | ||
|---|---|---|
| 30 | 30 |
assert 'username' in resp.json |
| 31 | 31 | |
| 32 | 32 | |
| 33 |
def test_api_post_role_simple(app, superuser): |
|
| 34 |
app.authorization = ('Basic', (superuser.username, superuser.username))
|
|
| 35 | ||
| 36 |
role_data = {
|
|
| 37 |
'slug': 'coffee-manager', |
|
| 38 |
'name': 'Coffee Manager', |
|
| 39 |
'ou': 'ou1' |
|
| 40 |
} |
|
| 41 | ||
| 42 |
resp = app.post_json('/api/roles/', params=role_data)
|
|
| 43 |
assert isinstance(resp.json, dict) |
|
| 44 |
Role = get_role_model() |
|
| 45 | ||
| 46 |
# Check attribute values against the server's response: |
|
| 47 |
for key, value in role_data.items(): |
|
| 48 |
assert key in resp.json.keys() |
|
| 49 |
assert value in resp.json.values() |
|
| 50 | ||
| 51 |
# Check attributes values against the DB: |
|
| 52 |
posted_role = Role.objects.get(slug='coffee-manager') |
|
| 53 |
assert posted_role.slug == role_data['slug'] |
|
| 54 |
assert posted_role.name == role_data['name'] |
|
| 55 |
assert posted_role.ou.slug == 'ou1' |
|
| 56 | ||
| 57 | ||
| 58 |
def test_api_get_role_description(app, user): |
|
| 59 |
app.authorization = ('Basic', (user.username, user.username))
|
|
| 60 |
resp = app.get('/api/roles/rando/')
|
|
| 61 | ||
| 62 |
assert resp.json['slug'] == 'rando' |
|
| 63 |
assert resp.json['ou'] == 'ou_rando' |
|
| 64 | ||
| 65 | ||
| 66 |
def test_api_get_role_list(app, user): |
|
| 67 |
app.authorization = ('Basic', (user.username, user.username))
|
|
| 68 |
resp = app.get('/api/roles/')
|
|
| 69 | ||
| 70 |
role_fields = ['slug', 'uuid', 'name', 'ou'] |
|
| 71 | ||
| 72 |
assert len(resp.json['results']) |
|
| 73 | ||
| 74 |
for role_dict in resp.json['results']: |
|
| 75 |
for field in role_fields: |
|
| 76 |
assert field in role_dict |
|
| 77 | ||
| 78 | ||
| 33 | 79 |
def test_api_user(client): |
| 34 | 80 |
# create an user, an ou role, a service and a service role |
| 35 | 81 |
ou = get_default_ou() |
| 36 |
- |
|