0002-improving-role-api-tests-8234.patch
src/authentic2/api_views.py | ||
---|---|---|
330 | 330 | |
331 | 331 |
class RolesAPI(APIView): |
332 | 332 |
authentication_class = (authentication.BasicAuthentication) |
333 |
permission_classes = (permissions.IsAuthenticated, HasUserAddPermission)
|
|
333 |
permission_classes = (permissions.IsAuthenticated,) |
|
334 | 334 | |
335 | 335 |
def initial(self, request, *args, **kwargs): |
336 | 336 |
super(RolesAPI, self).initial(request, *args, **kwargs) |
337 |
Role = get_role_model() |
|
338 | 337 |
perm = 'a2_rbac.change_role' |
339 |
authorized = request.user.has_perm(perm, obj=Role)
|
|
338 |
authorized = request.user.has_perm(perm, obj=self.role)
|
|
340 | 339 |
if not authorized: |
341 | 340 |
raise PermissionDenied(u'User not allowed to change role') |
342 | 341 |
tests/conftest.py | ||
---|---|---|
35 | 35 |
OU = get_ou_model() |
36 | 36 |
return OU.objects.create(name='OU2', slug='ou2') |
37 | 37 | |
38 |
@pytest.fixture |
|
39 |
def ou_rando(db): |
|
40 |
OU = get_ou_model() |
|
41 |
return OU.objects.create(name='ou_rando', slug='ou_rando') |
|
42 | ||
38 | 43 |
def create_user(**kwargs): |
39 | 44 |
User = get_user_model() |
40 | 45 |
password = kwargs.pop('password', None) or kwargs['username'] |
... | ... | |
80 | 85 |
return user |
81 | 86 | |
82 | 87 |
@pytest.fixture |
83 |
def admin_rando_role(db, role_random): |
|
88 |
def admin_rando_role(db, role_random, ou_rando):
|
|
84 | 89 |
user = create_user(username='admin_rando', first_name='admin', last_name='rando', |
85 |
email='admin.rando@weird.com') |
|
90 |
email='admin.rando@weird.com', ou=ou_rando)
|
|
86 | 91 |
user.roles.add(role_random.get_admin_role()) |
87 | 92 |
return user |
88 | 93 | |
... | ... | |
95 | 100 |
return utils.login(app, user) |
96 | 101 | |
97 | 102 |
@pytest.fixture |
98 |
def role_random(db): |
|
99 |
return Role.objects.create(name='rando', slug='rando') |
|
103 |
def role_random(db, ou_rando):
|
|
104 |
return Role.objects.create(name='rando', slug='rando', ou=ou_rando)
|
|
100 | 105 | |
101 | 106 |
@pytest.fixture |
102 | 107 |
def role_ou1(db, ou1): |
tests/test_api.py | ||
---|---|---|
17 | 17 |
assert resp.json['previous'] is None |
18 | 18 |
assert resp.json['next'] is None |
19 | 19 |
if user.is_superuser: |
20 |
count = 5
|
|
20 |
count = 6
|
|
21 | 21 |
elif user.roles.exists(): |
22 | 22 |
count = 2 |
23 | 23 |
else: |
... | ... | |
77 | 77 |
'role_member': member.uuid |
78 | 78 |
} |
79 | 79 | |
80 |
authorized = user.is_superuser or user.has_perm('a2_rbac.change_role', role) |
|
81 | ||
80 | 82 |
if member.username == 'fake' or role.name == 'fake': |
81 | 83 |
status = 404 |
82 |
elif user.is_superuser or role.members.filter(uuid=member.uuid):
|
|
84 |
elif authorized :
|
|
83 | 85 |
status = 201 |
84 | 86 |
else: |
85 | 87 |
status = 403 |
... | ... | |
87 | 89 |
resp = app.post_json('/api/roles/{0}/members/{1}/'.format(role.uuid, member.uuid), payload, status=status) |
88 | 90 |
if status == 404: |
89 | 91 |
pass |
90 |
elif user.is_superuser:
|
|
92 |
elif authorized :
|
|
91 | 93 |
assert resp.json['detail'] == 'User successfully added to role' |
92 | 94 |
else: |
93 |
assert resp.json['detail'] == 'Vous n\'avez pas la permission d\'effectuer cette action.' or resp.json['detail'] == 'User not allowed to change role'
|
|
95 |
assert resp.json['detail'] == 'User not allowed to change role' |
|
94 | 96 | |
95 | 97 |
def test_api_role_remove_member(app, user, role, member): |
96 | 98 |
app.authorization = ('Basic', (user.username, user.username)) |
97 | 99 | |
100 |
authorized = user.is_superuser or user.has_perm('a2_rbac.change_role', role) |
|
101 |
|
|
98 | 102 |
if member.username == 'fake' or role.name == 'fake': |
99 | 103 |
status = 404 |
100 |
elif user.is_superuser or role.members.filter(uuid=member.uuid):
|
|
104 |
elif authorized :
|
|
101 | 105 |
status = 200 |
102 | 106 |
else: |
103 | 107 |
status = 403 |
... | ... | |
106 | 110 |
|
107 | 111 |
if status == 404: |
108 | 112 |
pass |
109 |
elif user.is_superuser:
|
|
113 |
elif authorized :
|
|
110 | 114 |
assert resp.json['detail'] == 'User successfully removed from role' |
111 | 115 |
else: |
112 |
assert (resp.json['detail'] == 'Vous n\'avez pas la permission d\'effectuer cette action.' or resp.json['detail'] == 'User not allowed to change role') |
|
116 |
assert resp.json['detail'] == 'User not allowed to change role' |
|
113 |
- |