Project

General

Profile

0001-models-add-ou-field-to-api-clients-71275.patch

Paul Marillonnet, 07 December 2022 04:28 PM

Download (8.41 KB)

View differences: 

Subject: [PATCH 1/2] models: add ou field to api clients (#71275)


 .../migrations/0044_apiclient_ou.py           | 26 +++++++++++++++++++
 src/authentic2/models.py                      |  8 ++++++
 tests/test_a2_rbac.py                         | 10 ++++---
 tests/test_api_client.py                      | 16 ++++++++++++
 tests/test_manager.py                         | 24 +++++++++++++----
 tests/test_role_manager.py                    |  4 ++-
 6 files changed, 78 insertions(+), 10 deletions(-)
 create mode 100644 src/authentic2/migrations/0044_apiclient_ou.py
src/authentic2/migrations/0044_apiclient_ou.py
# Generated by Django 2.2.26 on 2022-11-17 09:11
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('a2_rbac', '0033_remove_old_operation_fk'),
('authentic2', '0043_api_client_description'),
]
operations = [
migrations.AddField(
model_name='apiclient',
name='ou',
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
to='a2_rbac.OrganizationalUnit',
verbose_name='organizational unit',
),
),
]
src/authentic2/models.py
related_name='apiclients',
blank=True,
)
ou = models.ForeignKey(
verbose_name=_('organizational unit'),
to='a2_rbac.OrganizationalUnit',
swappable=False,
on_delete=models.CASCADE,
blank=True,
null=True,
)
class Meta:
verbose_name = _('APIClient')
tests/test_a2_rbac.py
assert Role.objects.count() == 7
OU.objects.create(name='OU1', slug='ou1')
emit_post_migrate_signal(verbosity=0, interactive=False, db='default', created_models=[])
assert Role.objects.count() == 7 + 5 + 5
assert Role.objects.count() == 7 + 6 + 6
settings.A2_RBAC_MANAGED_CONTENT_TYPES = ()
call_command('flush', verbosity=0, interactive=False, database='default', reset_sequences=False)
assert Role.objects.count() == 0
......
role_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-roles-{ou.slug}')
service_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-services-{ou.slug}')
authenticator_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-authenticators-{ou.slug}')
apiclients_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-api-clients-{ou.slug}')
assert user_manager in manager.parents()
assert role_manager in manager.parents()
assert service_manager in manager.parents()
assert authenticator_manager in manager.parents()
assert manager.parents(include_self=False).count() == 4
assert apiclients_manager in manager.parents()
assert manager.parents(include_self=False).count() == 5
# 7 global roles and 5 ou roles for both ous (api clients aren't ou-managed yet)
assert Role.objects.count() == 7 + 5 + 5
# 7 global roles and 6 ou roles for both ous
assert Role.objects.count() == 7 + 6 + 6
@pytest.mark.parametrize(
tests/test_api_client.py
assert api_client.has_perm('a2_rbac.add_role')
def test_has_perm_ou(api_client, ou1):
role_ct = ContentType.objects.get_for_model(Role)
role_admin_role = Role.objects.get_admin_role(role_ct, 'admin %s' % role_ct, 'admin-role')
api_client = APIClient.objects.create(name='foo', ou=ou1)
assert not api_client.has_ou_perm('a2_rbac.change_role', ou1)
assert not api_client.has_ou_perm('a2_rbac.view_role', ou1)
assert not api_client.has_ou_perm('a2_rbac.delete_role', ou1)
assert not api_client.has_ou_perm('a2_rbac.add_role', ou1)
role_admin_role.apiclients.add(api_client)
del api_client._rbac_perms_cache
assert api_client.has_ou_perm('a2_rbac.change_role', ou1)
assert api_client.has_ou_perm('a2_rbac.view_role', ou1)
assert api_client.has_ou_perm('a2_rbac.delete_role', ou1)
assert api_client.has_ou_perm('a2_rbac.add_role', ou1)
def test_api_users_list(app, api_client):
User.objects.create(username='user1')
tests/test_manager.py
response.form.set('search-internals', True)
response = response.form.submit()
q = response.pyquery.remove_namespaces()
assert len(q('table tbody tr')) == 19
assert len(q('table tbody tr')) == 21
for elt in q('table tbody td.name a'):
assert (
'OU1' in elt.text
......
response.form.set('search-internals', True)
response = response.form.submit()
q = response.pyquery.remove_namespaces()
assert len(q('table tbody tr')) == 5
assert len(q('table tbody tr')) == 6
names = {elt.text for elt in q('table tbody td.name a')}
assert names == {'Roles - OU1', 'Users - OU1', 'Services - OU1', 'role_ou1', 'Authenticators - OU1'}
assert names == {
'Roles - OU1',
'Users - OU1',
'Services - OU1',
'role_ou1',
'Authenticators - OU1',
'API clients - OU1',
}
# test role listing
response = app.get('/manage/roles/')
......
response.form.set('search-internals', True)
response = response.form.submit()
q = response.pyquery.remove_namespaces()
assert len(q('table tbody tr')) == 5
assert len(q('table tbody tr')) == 6
names = {elt.text for elt in q('table tbody td.name a')}
assert names == {'Roles - OU1', 'Users - OU1', 'Services - OU1', 'role_ou1', 'Authenticators - OU1'}
assert names == {
'Roles - OU1',
'Users - OU1',
'Services - OU1',
'role_ou1',
'Authenticators - OU1',
'API clients - OU1',
}
test_user_listing_ou_admin(admin_ou1)
tests/test_role_manager.py
assert select2_json['more'] is True
select2_json = request_select2(app, resp, fetch_all=True)
assert len(select2_json['results']) == 21
assert len(select2_json['results']) == 23
choices = [x['text'] for x in select2_json['results']]
assert choices == [
'Default organizational unit - API clients - Default organizational unit',
'Default organizational unit - Authenticators - Default organizational unit',
'Default organizational unit - Managers of role "simple role"',
'Default organizational unit - Roles - Default organizational unit',
'Default organizational unit - Services - Default organizational unit',
'Default organizational unit - Users - Default organizational unit',
'OU1 - API clients - OU1',
'OU1 - Authenticators - OU1',
'OU1 - role_ou1',
'OU1 - Roles - OU1',