17 |
17 |
import pytest
|
18 |
18 |
|
19 |
19 |
from django.contrib.contenttypes.models import ContentType
|
|
20 |
from django.core.management import call_command
|
20 |
21 |
from django_rbac.utils import get_permission_model
|
21 |
22 |
from django_rbac.models import Operation
|
|
23 |
|
22 |
24 |
from authentic2.a2_rbac.models import Role, OrganizationalUnit as OU, RoleAttribute
|
|
25 |
from authentic2.a2_rbac.utils import get_default_ou
|
23 |
26 |
from authentic2.models import Service
|
24 |
27 |
from authentic2.utils import get_hex_uuid
|
25 |
28 |
|
26 |
29 |
|
|
30 |
|
27 |
31 |
def test_role_natural_key(db):
|
28 |
32 |
ou = OU.objects.create(name='ou1', slug='ou1')
|
29 |
33 |
s1 = Service.objects.create(name='s1', slug='s1')
|
... | ... | |
196 |
200 |
assert ou_dict['email_is_unique'] == ou.email_is_unique
|
197 |
201 |
assert ou_dict['default'] == ou.default
|
198 |
202 |
assert ou_dict['validate_emails'] == ou.validate_emails
|
|
203 |
|
|
204 |
|
|
205 |
def test_no_managed_ct(transactional_db, settings):
|
|
206 |
from django.core.management.sql import emit_post_migrate_signal
|
|
207 |
|
|
208 |
call_command('flush', verbosity=0, interactive=False,
|
|
209 |
database='default', reset_sequences=False)
|
|
210 |
assert Role.objects.count() == 5
|
|
211 |
OU.objects.create(name='OU1', slug='ou1')
|
|
212 |
emit_post_migrate_signal(verbosity=0, interactive=False, db='default')
|
|
213 |
assert Role.objects.count() == 5 + 4 + 4
|
|
214 |
settings.A2_RBAC_MANAGED_CONTENT_TYPES = ()
|
|
215 |
call_command('flush', verbosity=0, interactive=False,
|
|
216 |
database='default', reset_sequences=False)
|
|
217 |
assert Role.objects.count() == 0
|
|
218 |
# create ou
|
|
219 |
OU.objects.create(name='OU1', slug='ou1')
|
|
220 |
emit_post_migrate_signal(verbosity=0, interactive=False, db='default')
|
|
221 |
assert Role.objects.count() == 0
|
|
222 |
|
|
223 |
|
|
224 |
def test_global_manager_roles(db):
|
|
225 |
manager = Role.objects.get(ou__isnull=True, slug='_a2-manager')
|
|
226 |
ou_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-organizational-units')
|
|
227 |
user_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-users')
|
|
228 |
role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles')
|
|
229 |
service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services')
|
|
230 |
assert ou_manager in manager.parents()
|
|
231 |
assert user_manager in manager.parents()
|
|
232 |
assert role_manager in manager.parents()
|
|
233 |
assert service_manager in manager.parents()
|
|
234 |
assert manager.parents(include_self=False).count() == 4
|
|
235 |
assert Role.objects.count() == 5
|
|
236 |
assert OU.objects.count() == 1
|
|
237 |
|
|
238 |
|
|
239 |
def test_manager_roles_multi_ou(db, ou1):
|
|
240 |
manager = Role.objects.get(ou__isnull=True, slug='_a2-manager')
|
|
241 |
ou_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-organizational-units')
|
|
242 |
user_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-users')
|
|
243 |
role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles')
|
|
244 |
service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services')
|
|
245 |
assert ou_manager in manager.parents()
|
|
246 |
assert user_manager in manager.parents()
|
|
247 |
assert role_manager in manager.parents()
|
|
248 |
assert service_manager in manager.parents()
|
|
249 |
assert manager.parents(include_self=False).count() == 4
|
|
250 |
|
|
251 |
for ou in [get_default_ou(), ou1]:
|
|
252 |
manager = Role.objects.get(ou__isnull=True,
|
|
253 |
slug='_a2-managers-of-{ou.slug}'.format(ou=ou))
|
|
254 |
user_manager = Role.objects.get(ou=ou,
|
|
255 |
slug='_a2-manager-of-users-{ou.slug}'.format(ou=ou))
|
|
256 |
role_manager = Role.objects.get(ou=ou,
|
|
257 |
slug='_a2-manager-of-roles-{ou.slug}'.format(ou=ou))
|
|
258 |
service_manager = Role.objects.get(ou=ou,
|
|
259 |
slug='_a2-manager-of-services-{ou.slug}'.format(ou=ou))
|
|
260 |
|
|
261 |
assert user_manager in manager.parents()
|
|
262 |
assert role_manager in manager.parents()
|
|
263 |
assert service_manager in manager.parents()
|
|
264 |
assert manager.parents(include_self=False).count() == 3
|
|
265 |
|
|
266 |
# 5 global roles and 4 ou roles for both ous
|
|
267 |
assert Role.objects.count() == 5 + 4 + 4
|
199 |
|
-
|