0001-models-add-ou-field-to-api-clients-71275.patch
src/authentic2/migrations/0044_apiclient_ou.py | ||
---|---|---|
1 |
# Generated by Django 2.2.26 on 2022-11-17 09:11 |
|
2 | ||
3 |
import django.db.models.deletion |
|
4 |
from django.db import migrations, models |
|
5 | ||
6 | ||
7 |
class Migration(migrations.Migration): |
|
8 | ||
9 |
dependencies = [ |
|
10 |
('a2_rbac', '0033_remove_old_operation_fk'), |
|
11 |
('authentic2', '0043_api_client_description'), |
|
12 |
] |
|
13 | ||
14 |
operations = [ |
|
15 |
migrations.AddField( |
|
16 |
model_name='apiclient', |
|
17 |
name='ou', |
|
18 |
field=models.ForeignKey( |
|
19 |
blank=True, |
|
20 |
null=True, |
|
21 |
on_delete=django.db.models.deletion.CASCADE, |
|
22 |
to='a2_rbac.OrganizationalUnit', |
|
23 |
verbose_name='organizational unit', |
|
24 |
), |
|
25 |
), |
|
26 |
] |
src/authentic2/models.py | ||
---|---|---|
652 | 652 |
related_name='apiclients', |
653 | 653 |
blank=True, |
654 | 654 |
) |
655 |
ou = models.ForeignKey( |
|
656 |
verbose_name=_('organizational unit'), |
|
657 |
to='a2_rbac.OrganizationalUnit', |
|
658 |
swappable=False, |
|
659 |
on_delete=models.CASCADE, |
|
660 |
blank=True, |
|
661 |
null=True, |
|
662 |
) |
|
655 | 663 | |
656 | 664 |
class Meta: |
657 | 665 |
verbose_name = _('APIClient') |
tests/test_a2_rbac.py | ||
---|---|---|
408 | 408 |
assert Role.objects.count() == 7 |
409 | 409 |
OU.objects.create(name='OU1', slug='ou1') |
410 | 410 |
emit_post_migrate_signal(verbosity=0, interactive=False, db='default', created_models=[]) |
411 |
assert Role.objects.count() == 7 + 5 + 5
|
|
411 |
assert Role.objects.count() == 7 + 6 + 6
|
|
412 | 412 |
settings.A2_RBAC_MANAGED_CONTENT_TYPES = () |
413 | 413 |
call_command('flush', verbosity=0, interactive=False, database='default', reset_sequences=False) |
414 | 414 |
assert Role.objects.count() == 0 |
... | ... | |
459 | 459 |
role_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-roles-{ou.slug}') |
460 | 460 |
service_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-services-{ou.slug}') |
461 | 461 |
authenticator_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-authenticators-{ou.slug}') |
462 |
apiclients_manager = Role.objects.get(ou=ou, slug=f'_a2-manager-of-api-clients-{ou.slug}') |
|
462 | 463 | |
463 | 464 |
assert user_manager in manager.parents() |
464 | 465 |
assert role_manager in manager.parents() |
465 | 466 |
assert service_manager in manager.parents() |
466 | 467 |
assert authenticator_manager in manager.parents() |
467 |
assert manager.parents(include_self=False).count() == 4 |
|
468 |
assert apiclients_manager in manager.parents() |
|
469 |
assert manager.parents(include_self=False).count() == 5 |
|
468 | 470 | |
469 |
# 7 global roles and 5 ou roles for both ous (api clients aren't ou-managed yet)
|
|
470 |
assert Role.objects.count() == 7 + 5 + 5
|
|
471 |
# 7 global roles and 6 ou roles for both ous
|
|
472 |
assert Role.objects.count() == 7 + 6 + 6
|
|
471 | 473 | |
472 | 474 | |
473 | 475 |
@pytest.mark.parametrize( |
tests/test_api_client.py | ||
---|---|---|
34 | 34 |
assert api_client.has_perm('a2_rbac.add_role') |
35 | 35 | |
36 | 36 | |
37 |
def test_has_perm_ou(api_client, ou1): |
|
38 |
role_ct = ContentType.objects.get_for_model(Role) |
|
39 |
role_admin_role = Role.objects.get_admin_role(role_ct, 'admin %s' % role_ct, 'admin-role') |
|
40 |
api_client = APIClient.objects.create(name='foo', ou=ou1) |
|
41 |
assert not api_client.has_ou_perm('a2_rbac.change_role', ou1) |
|
42 |
assert not api_client.has_ou_perm('a2_rbac.view_role', ou1) |
|
43 |
assert not api_client.has_ou_perm('a2_rbac.delete_role', ou1) |
|
44 |
assert not api_client.has_ou_perm('a2_rbac.add_role', ou1) |
|
45 |
role_admin_role.apiclients.add(api_client) |
|
46 |
del api_client._rbac_perms_cache |
|
47 |
assert api_client.has_ou_perm('a2_rbac.change_role', ou1) |
|
48 |
assert api_client.has_ou_perm('a2_rbac.view_role', ou1) |
|
49 |
assert api_client.has_ou_perm('a2_rbac.delete_role', ou1) |
|
50 |
assert api_client.has_ou_perm('a2_rbac.add_role', ou1) |
|
51 | ||
52 | ||
37 | 53 |
def test_api_users_list(app, api_client): |
38 | 54 |
User.objects.create(username='user1') |
39 | 55 |
tests/test_manager.py | ||
---|---|---|
592 | 592 |
response.form.set('search-internals', True) |
593 | 593 |
response = response.form.submit() |
594 | 594 |
q = response.pyquery.remove_namespaces() |
595 |
assert len(q('table tbody tr')) == 19
|
|
595 |
assert len(q('table tbody tr')) == 21
|
|
596 | 596 |
for elt in q('table tbody td.name a'): |
597 | 597 |
assert ( |
598 | 598 |
'OU1' in elt.text |
... | ... | |
653 | 653 |
response.form.set('search-internals', True) |
654 | 654 |
response = response.form.submit() |
655 | 655 |
q = response.pyquery.remove_namespaces() |
656 |
assert len(q('table tbody tr')) == 5
|
|
656 |
assert len(q('table tbody tr')) == 6
|
|
657 | 657 |
names = {elt.text for elt in q('table tbody td.name a')} |
658 |
assert names == {'Roles - OU1', 'Users - OU1', 'Services - OU1', 'role_ou1', 'Authenticators - OU1'} |
|
658 |
assert names == { |
|
659 |
'Roles - OU1', |
|
660 |
'Users - OU1', |
|
661 |
'Services - OU1', |
|
662 |
'role_ou1', |
|
663 |
'Authenticators - OU1', |
|
664 |
'API clients - OU1', |
|
665 |
} |
|
659 | 666 | |
660 | 667 |
# test role listing |
661 | 668 |
response = app.get('/manage/roles/') |
... | ... | |
674 | 681 |
response.form.set('search-internals', True) |
675 | 682 |
response = response.form.submit() |
676 | 683 |
q = response.pyquery.remove_namespaces() |
677 |
assert len(q('table tbody tr')) == 5
|
|
684 |
assert len(q('table tbody tr')) == 6
|
|
678 | 685 |
names = {elt.text for elt in q('table tbody td.name a')} |
679 |
assert names == {'Roles - OU1', 'Users - OU1', 'Services - OU1', 'role_ou1', 'Authenticators - OU1'} |
|
686 |
assert names == { |
|
687 |
'Roles - OU1', |
|
688 |
'Users - OU1', |
|
689 |
'Services - OU1', |
|
690 |
'role_ou1', |
|
691 |
'Authenticators - OU1', |
|
692 |
'API clients - OU1', |
|
693 |
} |
|
680 | 694 | |
681 | 695 |
test_user_listing_ou_admin(admin_ou1) |
682 | 696 |
tests/test_role_manager.py | ||
---|---|---|
524 | 524 |
assert select2_json['more'] is True |
525 | 525 | |
526 | 526 |
select2_json = request_select2(app, resp, fetch_all=True) |
527 |
assert len(select2_json['results']) == 21
|
|
527 |
assert len(select2_json['results']) == 23
|
|
528 | 528 |
choices = [x['text'] for x in select2_json['results']] |
529 | 529 |
assert choices == [ |
530 |
'Default organizational unit - API clients - Default organizational unit', |
|
530 | 531 |
'Default organizational unit - Authenticators - Default organizational unit', |
531 | 532 |
'Default organizational unit - Managers of role "simple role"', |
532 | 533 |
'Default organizational unit - Roles - Default organizational unit', |
533 | 534 |
'Default organizational unit - Services - Default organizational unit', |
534 | 535 |
'Default organizational unit - Users - Default organizational unit', |
536 |
'OU1 - API clients - OU1', |
|
535 | 537 |
'OU1 - Authenticators - OU1', |
536 | 538 |
'OU1 - role_ou1', |
537 | 539 |
'OU1 - Roles - OU1', |
538 |
- |