Projet

Général

Profil

0002-improving-role-api-tests-8234.patch

Josué Kouka, 01 décembre 2015 10:12

Télécharger (4,79 ko)

Voir les différences: 

Subject: [PATCH 2/2] improving role api tests #8234


 src/authentic2/api_views.py |  5 ++---
 tests/conftest.py           | 13 +++++++++----
 tests/test_api.py           | 18 +++++++++++-------
 3 files changed, 22 insertions(+), 14 deletions(-)
src/authentic2/api_views.py
330 330 

  		




  331
  331
  
    
class RolesAPI(APIView):

  		




  332
  332
  
    
    authentication_class = (authentication.BasicAuthentication)

  		




  333
  
  
    
    permission_classes = (permissions.IsAuthenticated, HasUserAddPermission)

  		




  
  333
  
    
    permission_classes = (permissions.IsAuthenticated,)

  		




  334
  334
  
    

  		




  335
  335
  
    
    def initial(self, request, *args, **kwargs):

  		




  336
  336
  
    
        super(RolesAPI, self).initial(request, *args, **kwargs)

  		




  337
  
  
    
        Role = get_role_model()

  		




  338
  337
  
    
        perm = 'a2_rbac.change_role'

  		




  339
  
  
    
        authorized = request.user.has_perm(perm, obj=Role)

  		




  
  338
  
    
        authorized = request.user.has_perm(perm, obj=self.role)

  		




  340
  339
  
    
        if not authorized:

  		




  341
  340
  
    
            raise PermissionDenied(u'User not allowed to change role') 

  		




  342
  341
  
    

  		












  

    
      tests/conftest.py
    
  





  35
  35
  
    
    OU = get_ou_model()

  		




  36
  36
  
    
    return OU.objects.create(name='OU2', slug='ou2')

  		




  37
  37
  
    

  		




  
  38
  
    
@pytest.fixture

  		




  
  39
  
    
def ou_rando(db):

  		




  
  40
  
    
    OU = get_ou_model()

  		




  
  41
  
    
    return OU.objects.create(name='ou_rando', slug='ou_rando')

  		




  
  42
  
    

  		




  38
  43
  
    
def create_user(**kwargs):

  		




  39
  44
  
    
    User = get_user_model()

  		




  40
  45
  
    
    password = kwargs.pop('password', None) or kwargs['username']

  		




  ......




  80
  85
  
    
    return user

  		




  81
  86
  
    

  		




  82
  87
  
    
@pytest.fixture

  		




  83
  
  
    
def admin_rando_role(db, role_random):

  		




  
  88
  
    
def admin_rando_role(db, role_random, ou_rando):

  		




  84
  89
  
    
    user = create_user(username='admin_rando', first_name='admin', last_name='rando',

  		




  85
  
  
    
           email='admin.rando@weird.com')

  		




  
  90
  
    
           email='admin.rando@weird.com', ou=ou_rando)

  		




  86
  91
  
    
    user.roles.add(role_random.get_admin_role())

  		




  87
  92
  
    
    return user

  		




  88
  93
  
    

  		




  ......




  95
  100
  
    
    return utils.login(app, user)

  		




  96
  101
  
    

  		




  97
  102
  
    
@pytest.fixture

  		




  98
  
  
    
def role_random(db):

  		




  99
  
  
    
    return Role.objects.create(name='rando', slug='rando')

  		




  
  103
  
    
def role_random(db, ou_rando):

  		




  
  104
  
    
    return Role.objects.create(name='rando', slug='rando',  ou=ou_rando)

  		




  100
  105
  
    

  		




  101
  106
  
    
@pytest.fixture

  		




  102
  107
  
    
def role_ou1(db, ou1):

  		












  

    
      tests/test_api.py
    
  





  17
  17
  
    
    assert resp.json['previous'] is None

  		




  18
  18
  
    
    assert resp.json['next'] is None

  		




  19
  19
  
    
    if user.is_superuser:

  		




  20
  
  
    
        count = 5

  		




  
  20
  
    
        count = 6

  		




  21
  21
  
    
    elif user.roles.exists():

  		




  22
  22
  
    
        count = 2

  		




  23
  23
  
    
    else:

  		




  ......




  77
  77
  
    
        'role_member': member.uuid

  		




  78
  78
  
    
    }

  		




  79
  79
  
    

  		




  
  80
  
    
    authorized = user.is_superuser or user.has_perm('a2_rbac.change_role', role)

  		




  
  81
  
    

  		




  80
  82
  
    
    if member.username == 'fake' or role.name == 'fake':

  		




  81
  83
  
    
        status = 404

  		




  82
  
  
    
    elif user.is_superuser or role.members.filter(uuid=member.uuid):

  		




  
  84
  
    
    elif authorized :

  		




  83
  85
  
    
        status = 201

  		




  84
  86
  
    
    else:

  		




  85
  87
  
    
        status = 403

  		




  ......




  87
  89
  
    
    resp = app.post_json('/api/roles/{0}/members/{1}/'.format(role.uuid, member.uuid), payload, status=status)

  		




  88
  90
  
    
    if status == 404:

  		




  89
  91
  
    
        pass

  		




  90
  
  
    
    elif user.is_superuser:

  		




  
  92
  
    
    elif authorized :

  		




  91
  93
  
    
        assert resp.json['detail'] == 'User successfully added to role'

  		




  92
  94
  
    
    else:

  		




  93
  
  
    
        assert resp.json['detail'] == 'Vous n\'avez pas la permission d\'effectuer cette action.' or resp.json['detail'] == 'User not allowed to change role'

  		




  
  95
  
    
        assert resp.json['detail'] == 'User not allowed to change role'

  		




  94
  96
  
    

  		




  95
  97
  
    
def test_api_role_remove_member(app, user, role, member):

  		




  96
  98
  
    
    app.authorization = ('Basic', (user.username, user.username))

  		




  97
  99
  
    

  		




  
  100
  
    
    authorized = user.is_superuser or user.has_perm('a2_rbac.change_role', role)

  		




  
  101
  
    
    

  		




  98
  102
  
    
    if member.username == 'fake' or role.name == 'fake':

  		




  99
  103
  
    
        status = 404

  		




  100
  
  
    
    elif user.is_superuser or role.members.filter(uuid=member.uuid):

  		




  
  104
  
    
    elif authorized :

  		




  101
  105
  
    
        status = 200

  		




  102
  106
  
    
    else:

  		




  103
  107
  
    
        status = 403

  		




  ......




  106
  110
  
    
  

  		




  107
  111
  
    
    if status == 404:

  		




  108
  112
  
    
        pass

  		




  109
  
  
    
    elif user.is_superuser:

  		




  
  113
  
    
    elif authorized :

  		




  110
  114
  
    
        assert resp.json['detail'] == 'User successfully removed from role'

  		




  111
  115
  
    
    else:

  		




  112
  
  
    
        assert (resp.json['detail'] == 'Vous n\'avez pas la permission d\'effectuer cette action.' or resp.json['detail'] == 'User not allowed to change role')

  		




  
  116
  
    
        assert resp.json['detail'] == 'User not allowed to change role'

  		




  113
  
  
    
-