From 6e84d7f935dd819a8ea54a7bd024b6786270e73b Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 2 Sep 2019 10:10:47 +0200
Subject: [PATCH 3/5] a2_rbac: move tests (#35391)

---
 src/authentic2/a2_rbac/tests.py | 118 --------------------------------
 tests/test_a2_rbac.py           | 104 +++++++++++++++++++++++++++-
 2 files changed, 101 insertions(+), 121 deletions(-)
 delete mode 100644 src/authentic2/a2_rbac/tests.py

diff --git a/src/authentic2/a2_rbac/tests.py b/src/authentic2/a2_rbac/tests.py
deleted file mode 100644
index b82898a4..00000000
--- a/src/authentic2/a2_rbac/tests.py
+++ /dev/null
@@ -1,118 +0,0 @@
-# authentic2 - versatile identity manager
-# Copyright (C) 2010-2019 Entr'ouvert
-#
-# This program is free software: you can redistribute it and/or modify it
-# under the terms of the GNU Affero General Public License as published
-# by the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-from django.test import TestCase
-from django.contrib.contenttypes.models import ContentType
-from django.contrib.auth import get_user_model
-from django.core.exceptions import ValidationError
-
-from django_rbac.utils import get_permission_model, get_role_model
-
-Permission = get_permission_model()
-Role = get_role_model()
-User = get_user_model()
-
-
-class A2RBACTestCase(TestCase):
-    def test_update_rbac(self):
-        # 3 content types managers and 1 global manager
-        self.assertEquals(Role.objects.count(), 4)
-        # 3 content type global permissions, 1 role administration permissions (for the main manager
-        # role which is self-administered)
-        # and 1 user view permission (for the role administrator)
-        # and 1 ou view permission (for the user and role administrators)
-        self.assertEquals(Permission.objects.count(), 6)
-
-    def test_delete_role(self):
-        rcount = Role.objects.count()
-        pcount = Permission.objects.count()
-        new_role = Role.objects.create(name='Coucou')
-        admin_role = new_role.get_admin_role()
-
-        # There should two more roles, the role and its admin counterpart
-        self.assertEquals(Role.objects.count(), rcount+2)
-
-        # There should be two more permissions the admin permission on the role
-        # and the admin permission on the admin role
-        admin_perm = Permission.objects.by_target(new_role) \
-            .get(operation__slug='admin')
-        admin_role = Role.objects.get(
-            admin_scope_ct=ContentType.objects.get_for_model(admin_perm),
-            admin_scope_id=admin_perm.pk)
-        admin_admin_perm = Permission.objects.by_target(admin_role) \
-            .get(operation__slug='change')
-        self.assertEquals(Permission.objects.count(), pcount+2)
-        new_role.delete()
-        with self.assertRaises(Permission.DoesNotExist):
-            Permission.objects.get(pk=admin_perm.pk)
-        with self.assertRaises(Role.DoesNotExist):
-            Role.objects.get(pk=admin_role.pk)
-        with self.assertRaises(Permission.DoesNotExist):
-            Permission.objects.get(pk=admin_admin_perm.pk)
-        self.assertEquals(Role.objects.count(), rcount)
-        self.assertEquals(Permission.objects.count(), pcount)
-
-    def test_access_control(self):
-        role_ct = ContentType.objects.get_for_model(Role)
-        role_admin_role = Role.objects.get_admin_role(
-            role_ct, 'admin %s' % role_ct, 'admin-role')
-        user1 = User.objects.create(username='john.doe')
-        self.assertTrue(not user1.has_perm('a2_rbac.change_role'))
-        self.assertTrue(not user1.has_perm('a2_rbac.view_role'))
-        self.assertTrue(not user1.has_perm('a2_rbac.delete_role'))
-        self.assertTrue(not user1.has_perm('a2_rbac.add_role'))
-        role_admin_role.members.add(user1)
-        del user1._rbac_perms_cache
-        self.assertTrue(user1.has_perm('a2_rbac.change_role'))
-        self.assertTrue(user1.has_perm('a2_rbac.view_role'))
-        self.assertTrue(user1.has_perm('a2_rbac.delete_role'))
-        self.assertTrue(user1.has_perm('a2_rbac.add_role'))
-
-    def test_admin_roles_startswith_a2(self):
-        coin = Role.objects.create(name='Coin', slug='coin')
-        coin.get_admin_role()
-        for role in Role.objects.filter(admin_scope_ct__isnull=False):
-            self.assertTrue(role.slug.startswith('_a2'), u'role %s slug must '
-                            'start with _a2: %s' % (role.name, role.slug))
-
-    def test_admin_roles_update_slug(self):
-        user = User.objects.create(username='john.doe')
-        name1 = 'Can manage john.doe'
-        slug1 = 'can-manage-john-doe'
-        admin_role1 = Role.objects.get_admin_role(user, name1, slug1)
-        self.assertEqual(admin_role1.name, name1)
-        self.assertEqual(admin_role1.slug, slug1)
-        name2 = 'Should manage john.doe'
-        slug2 = 'should-manage-john-doe'
-        admin_role2 = Role.objects.get_admin_role(user, name2, slug2, update_slug=True)
-        self.assertEqual(admin_role2.name, name1)
-        self.assertEqual(admin_role2.slug, slug2)
-        admin_role3 = Role.objects.get_admin_role(user, name2, slug2, update_name=True)
-        self.assertEqual(admin_role3.name, name2)
-        self.assertEqual(admin_role3.slug, slug2)
-
-    def test_role_clean(self):
-        coin = Role(name=u'Coin')
-        coin.clean()
-        coin.save()
-        self.assertEqual(coin.slug, 'coin')
-        with self.assertRaises(ValidationError):
-            Role(name='Coin2', slug='coin').clean()
-        with self.assertRaises(ValidationError):
-            Role(name='Coin', slug='coin2').clean()
-        with self.assertRaises(ValidationError):
-            Role(name='Coin', slug='_coin').clean()
-            Role(name='Coin', slug='_coin').clean()
diff --git a/tests/test_a2_rbac.py b/tests/test_a2_rbac.py
index f8e74682..1a40e8dc 100644
--- a/tests/test_a2_rbac.py
+++ b/tests/test_a2_rbac.py
@@ -16,20 +16,117 @@
 
 import pytest
 
-from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import ValidationError
 from django.core.management import call_command
 
+from django.contrib.contenttypes.models import ContentType
+
 from django_rbac.utils import get_permission_model
 from django_rbac.models import Operation
+from authentic2.custom_user.models import User
+from authentic2.models import Service
 from authentic2.a2_rbac.models import (
     Role,
     Permission,
     OrganizationalUnit as OU,
     RoleAttribute)
-from authentic2.models import Service
 from authentic2.utils import get_hex_uuid
 
 
+def test_update_rbac(db):
+    # 3 content types managers and 1 global manager
+    assert Role.objects.count() == 4
+    # 3 content type global permissions, 1 role administration permissions (for the main manager
+    # role which is self-administered)
+    # and 1 user view permission (for the role administrator)
+    # and 1 ou view permission (for the user and role administrators)
+    assert Permission.objects.count() == 6
+
+
+def test_delete_role(db):
+    rcount = Role.objects.count()
+    pcount = Permission.objects.count()
+    new_role = Role.objects.create(name='Coucou')
+    admin_role = new_role.get_admin_role()
+
+    # There should two more roles, the role and its admin counterpart
+    assert Role.objects.count() == rcount + 2
+
+    # There should be two more permissions the admin permission on the role
+    # and the admin permission on the admin role
+    admin_perm = Permission.objects.by_target(new_role) \
+        .get(operation__slug='admin')
+    admin_role = Role.objects.get(
+        admin_scope_ct=ContentType.objects.get_for_model(admin_perm),
+        admin_scope_id=admin_perm.pk)
+    admin_admin_perm = Permission.objects.by_target(admin_role) \
+        .get(operation__slug='change')
+    assert Permission.objects.count() == pcount + 2
+    new_role.delete()
+    with pytest.raises(Permission.DoesNotExist):
+        Permission.objects.get(pk=admin_perm.pk)
+    with pytest.raises(Role.DoesNotExist):
+        Role.objects.get(pk=admin_role.pk)
+    with pytest.raises(Permission.DoesNotExist):
+        Permission.objects.get(pk=admin_admin_perm.pk)
+    assert Role.objects.count() == rcount
+    assert Permission.objects.count() == pcount
+
+
+def test_access_control(db):
+    role_ct = ContentType.objects.get_for_model(Role)
+    role_admin_role = Role.objects.get_admin_role(
+        role_ct, 'admin %s' % role_ct, 'admin-role')
+    user1 = User.objects.create(username='john.doe')
+    assert not user1.has_perm('a2_rbac.change_role')
+    assert not user1.has_perm('a2_rbac.view_role')
+    assert not user1.has_perm('a2_rbac.delete_role')
+    assert not user1.has_perm('a2_rbac.add_role')
+    role_admin_role.members.add(user1)
+    del user1._rbac_perms_cache
+    assert user1.has_perm('a2_rbac.change_role')
+    assert user1.has_perm('a2_rbac.view_role')
+    assert user1.has_perm('a2_rbac.delete_role')
+    assert user1.has_perm('a2_rbac.add_role')
+
+
+def test_admin_roles_startswith_a2(db):
+    coin = Role.objects.create(name='Coin', slug='coin')
+    coin.get_admin_role()
+    for role in Role.objects.filter(admin_scope_ct__isnull=False):
+        assert role.slug.startswith('_a2'), u'role %s slug must start with _a2: %s' % (role.name, role.slug)
+
+
+def test_admin_roles_update_slug(db):
+    user = User.objects.create(username='john.doe')
+    name1 = 'Can manage john.doe'
+    slug1 = 'can-manage-john-doe'
+    admin_role1 = Role.objects.get_admin_role(user, name1, slug1)
+    assert admin_role1.name == name1
+    assert admin_role1.slug == slug1
+    name2 = 'Should manage john.doe'
+    slug2 = 'should-manage-john-doe'
+    admin_role2 = Role.objects.get_admin_role(user, name2, slug2, update_slug=True)
+    assert admin_role2.name == name1
+    assert admin_role2.slug == slug2
+    admin_role3 = Role.objects.get_admin_role(user, name2, slug2, update_name=True)
+    assert admin_role3.name == name2
+    assert admin_role3.slug == slug2
+
+
+def test_role_clean(db):
+    coin = Role(name=u'Coin')
+    coin.clean()
+    coin.save()
+    assert coin.slug == 'coin'
+    with pytest.raises(ValidationError) as exc_info:
+        Role(name='Coin2', slug='coin').full_clean()
+    assert 'slug' in exc_info.value.error_dict
+    with pytest.raises(ValidationError) as exc_info:
+        Role(name='Coin', slug='coin2').full_clean()
+    assert 'name' in exc_info.value.error_dict
+
+
 def test_role_natural_key(db):
     ou = OU.objects.create(name='ou1', slug='ou1')
     s1 = Service.objects.create(name='s1', slug='s1')
@@ -85,7 +182,8 @@ def test_role_with_service_with_ou_export_json(db):
     role = Role.objects.create(name='some role', service=service)
     role_dict = role.export_json()
     assert role_dict['service'] == {
-        'slug': service.slug, 'ou': {'uuid': ou.uuid, 'slug': 'ou', 'name': 'ou'}}
+        'slug': service.slug,
+        'ou': {'uuid': ou.uuid, 'slug': 'ou', 'name': 'ou'}}
 
 
 def test_role_with_attributes_export_json(db):
-- 
2.23.0.rc1