0001-WIP-add-role-creation-API-20706.patch
src/authentic2/api_views.py | ||
---|---|---|
444 | 444 |
exclude = ('date_joined', 'user_permissions', 'groups', 'last_login') |
445 | 445 | |
446 | 446 | |
447 |
class RoleSerializer(serializers.ModelSerializer): |
|
448 |
ou = serializers.SlugRelatedField( |
|
449 |
many=False, |
|
450 |
required=True, |
|
451 |
queryset=get_ou_model().objects.all(), |
|
452 |
slug_field='slug') |
|
453 | ||
454 |
def check_perm(self, perm, ou=None): |
|
455 |
self.context['view'].check_perm(perm, ou) |
|
456 | ||
457 |
def create(self, validated_data): |
|
458 |
if self.check_perm('a2_rbac.add_role', validated_data.get('ou')): |
|
459 |
return super(RoleSerializer, self).create(validated_data) |
|
460 | ||
461 |
def update(self, instance, validated_data): |
|
462 |
if self.check_perm('a2_rbac.change_role', validated_data.get('ou')): |
|
463 |
return super(RoleSerializer, self).update(instance, validated_data) |
|
464 | ||
465 |
class Meta: |
|
466 |
model = get_role_model() |
|
467 |
exclude = ('service', 'admin_scope_id', 'admin_scope_ct',) |
|
468 |
extra_kwargs = {'uuid': {'read_only': True}} |
|
469 | ||
470 | ||
447 | 471 |
class UsersFilter(FilterSet): |
448 | 472 |
class Meta: |
449 | 473 |
model = get_user_model() |
... | ... | |
576 | 600 |
return Response({'result': 1}) |
577 | 601 | |
578 | 602 | |
603 |
class RolesAPI(ExceptionHandlerMixin, ModelViewSet): |
|
604 |
permission_classes = (permissions.IsAuthenticated,) |
|
605 |
serializer_class = RoleSerializer |
|
606 |
lookup_field = 'slug' |
|
607 |
queryset = get_role_model().objects.all() |
|
608 | ||
609 |
def check_perm(self, perm, ou=None): |
|
610 |
if ou: |
|
611 |
if not self.request.user.has_ou_perm(perm, ou): |
|
612 |
raise PermissionDenied(u'User %s does not have permission %s in %s' % (user, perm, ou)) |
|
613 |
else: |
|
614 |
if not self.request.user.has_perm(perm): |
|
615 |
raise PermissionDenied(u'User %s do not have permission %s' % (user, perm)) |
|
616 | ||
617 | ||
579 | 618 |
class RoleMembershipsAPI(ExceptionHandlerMixin, APIView): |
580 | 619 |
permission_classes = (permissions.IsAuthenticated,) |
581 | 620 | |
... | ... | |
620 | 659 |
router = SimpleRouter() |
621 | 660 |
router.register(r'users', UsersAPI, base_name='a2-api-users') |
622 | 661 |
router.register(r'ous', OrganizationalUnitAPI, base_name='a2-api-ous') |
662 |
router.register(r'roles', RolesAPI, base_name='a2-api-roles') |
|
623 | 663 | |
624 | 664 | |
625 | 665 |
class CheckPasswordSerializer(serializers.Serializer): |
tests/test_api.py | ||
---|---|---|
30 | 30 |
assert 'username' in resp.json |
31 | 31 | |
32 | 32 | |
33 |
def test_api_post_role_simple(app, superuser): |
|
34 |
app.authorization = ('Basic', (superuser.username, superuser.username)) |
|
35 | ||
36 |
role_data = { |
|
37 |
'slug': 'coffee-manager', |
|
38 |
'name': 'Coffee Manager', |
|
39 |
'ou': 'ou1' |
|
40 |
} |
|
41 | ||
42 |
resp = app.post_json('/api/roles/', params=role_data) |
|
43 |
assert isinstance(resp.json, dict) |
|
44 |
Role = get_role_model() |
|
45 | ||
46 |
# Check attribute values against the server's response: |
|
47 |
for key, value in role_data.items(): |
|
48 |
assert key in resp.json.keys() |
|
49 |
assert value in resp.json.values() |
|
50 | ||
51 |
# Check attributes values against the DB: |
|
52 |
posted_role = Role.objects.get(slug='coffee-manager') |
|
53 |
assert posted_role.slug == role_data['slug'] |
|
54 |
assert posted_role.name == role_data['name'] |
|
55 |
assert posted_role.ou.slug == 'ou1' |
|
56 | ||
57 | ||
58 |
def test_api_get_role_description(app, user): |
|
59 |
app.authorization = ('Basic', (user.username, user.username)) |
|
60 |
resp = app.get('/api/roles/rando/') |
|
61 | ||
62 |
assert resp.json['slug'] == 'rando' |
|
63 |
assert resp.json['ou'] == 'ou_rando' |
|
64 | ||
65 | ||
66 |
def test_api_get_role_list(app, user): |
|
67 |
app.authorization = ('Basic', (user.username, user.username)) |
|
68 |
resp = app.get('/api/roles/') |
|
69 | ||
70 |
role_fields = ['slug', 'uuid', 'name', 'ou'] |
|
71 | ||
72 |
assert len(resp.json['results']) |
|
73 | ||
74 |
for role_dict in resp.json['results']: |
|
75 |
for field in role_fields: |
|
76 |
assert field in role_dict |
|
77 | ||
78 | ||
33 | 79 |
def test_api_user(client): |
34 | 80 |
# create an user, an ou role, a service and a service role |
35 | 81 |
ou = get_default_ou() |
36 |
- |