25 |
25 |
from django_rbac.models import Operation
|
26 |
26 |
from authentic2.custom_user.models import User
|
27 |
27 |
from authentic2.models import Service
|
|
28 |
from django.core.management import call_command
|
|
29 |
|
|
30 |
from authentic2.a2_rbac.models import Role, OrganizationalUnit as OU, RoleAttribute
|
|
31 |
from authentic2.a2_rbac.utils import get_default_ou
|
28 |
32 |
from authentic2.a2_rbac.models import (
|
29 |
33 |
Role,
|
30 |
34 |
Permission,
|
... | ... | |
38 |
42 |
|
39 |
43 |
def test_update_rbac(db):
|
40 |
44 |
# 3 content types managers and 1 global manager
|
41 |
|
assert Role.objects.count() == 4
|
|
45 |
assert Role.objects.count() == 5
|
42 |
46 |
# 3 content type global permissions, 1 role administration permissions (for the main manager
|
43 |
47 |
# role which is self-administered)
|
44 |
48 |
# and 1 user view permission (for the role administrator)
|
45 |
49 |
# and 1 ou view permission (for the user and role administrators)
|
46 |
|
assert Permission.objects.count() == 6
|
|
50 |
assert Permission.objects.count() == 7
|
47 |
51 |
|
48 |
52 |
|
49 |
53 |
def test_delete_role(db):
|
... | ... | |
424 |
428 |
assert select2_response.json['more'] is False
|
425 |
429 |
assert (set(result['id'] for result in select2_response.json['results'])
|
426 |
430 |
== set([user_ou1.id]))
|
|
431 |
|
|
432 |
|
|
433 |
def test_no_managed_ct(transactional_db, settings):
|
|
434 |
from django.core.management.sql import emit_post_migrate_signal
|
|
435 |
|
|
436 |
call_command('flush', verbosity=0, interactive=False,
|
|
437 |
database='default', reset_sequences=False)
|
|
438 |
assert Role.objects.count() == 5
|
|
439 |
OU.objects.create(name='OU1', slug='ou1')
|
|
440 |
emit_post_migrate_signal(verbosity=0, interactive=False, db='default')
|
|
441 |
assert Role.objects.count() == 5 + 4 + 4
|
|
442 |
settings.A2_RBAC_MANAGED_CONTENT_TYPES = ()
|
|
443 |
call_command('flush', verbosity=0, interactive=False,
|
|
444 |
database='default', reset_sequences=False)
|
|
445 |
assert Role.objects.count() == 0
|
|
446 |
# create ou
|
|
447 |
OU.objects.create(name='OU1', slug='ou1')
|
|
448 |
emit_post_migrate_signal(verbosity=0, interactive=False, db='default')
|
|
449 |
assert Role.objects.count() == 0
|
|
450 |
|
|
451 |
|
|
452 |
def test_global_manager_roles(db):
|
|
453 |
manager = Role.objects.get(ou__isnull=True, slug='_a2-manager')
|
|
454 |
ou_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-organizational-units')
|
|
455 |
user_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-users')
|
|
456 |
role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles')
|
|
457 |
service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services')
|
|
458 |
assert ou_manager in manager.parents()
|
|
459 |
assert user_manager in manager.parents()
|
|
460 |
assert role_manager in manager.parents()
|
|
461 |
assert service_manager in manager.parents()
|
|
462 |
assert manager.parents(include_self=False).count() == 4
|
|
463 |
assert Role.objects.count() == 5
|
|
464 |
assert OU.objects.count() == 1
|
|
465 |
|
|
466 |
|
|
467 |
def test_manager_roles_multi_ou(db, ou1):
|
|
468 |
manager = Role.objects.get(ou__isnull=True, slug='_a2-manager')
|
|
469 |
ou_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-organizational-units')
|
|
470 |
user_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-users')
|
|
471 |
role_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-roles')
|
|
472 |
service_manager = Role.objects.get(ou__isnull=True, slug='_a2-manager-of-services')
|
|
473 |
assert ou_manager in manager.parents()
|
|
474 |
assert user_manager in manager.parents()
|
|
475 |
assert role_manager in manager.parents()
|
|
476 |
assert service_manager in manager.parents()
|
|
477 |
assert manager.parents(include_self=False).count() == 4
|
|
478 |
|
|
479 |
for ou in [get_default_ou(), ou1]:
|
|
480 |
manager = Role.objects.get(ou__isnull=True,
|
|
481 |
slug='_a2-managers-of-{ou.slug}'.format(ou=ou))
|
|
482 |
user_manager = Role.objects.get(ou=ou,
|
|
483 |
slug='_a2-manager-of-users-{ou.slug}'.format(ou=ou))
|
|
484 |
role_manager = Role.objects.get(ou=ou,
|
|
485 |
slug='_a2-manager-of-roles-{ou.slug}'.format(ou=ou))
|
|
486 |
service_manager = Role.objects.get(ou=ou,
|
|
487 |
slug='_a2-manager-of-services-{ou.slug}'.format(ou=ou))
|
|
488 |
|
|
489 |
assert user_manager in manager.parents()
|
|
490 |
assert role_manager in manager.parents()
|
|
491 |
assert service_manager in manager.parents()
|
|
492 |
assert manager.parents(include_self=False).count() == 3
|
|
493 |
|
|
494 |
# 5 global roles and 4 ou roles for both ous
|
|
495 |
assert Role.objects.count() == 5 + 4 + 4
|
427 |
|
-
|