From c8b1a1cbf2a7a84f5b7ef2f986123d1cffb9eb80 Mon Sep 17 00:00:00 2001
From: Valentin Deniaud <vdeniaud@entrouvert.com>
Date: Tue, 4 Oct 2022 15:44:40 +0200
Subject: [PATCH 1/4] tests_rbac: make some assertions more specific (#58696)

---
 tests_rbac/test_rbac.py | 127 ++++++++++++++++++++++------------------
 1 file changed, 71 insertions(+), 56 deletions(-)

diff --git a/tests_rbac/test_rbac.py b/tests_rbac/test_rbac.py
index edc614cb4..50c8a7679 100644
--- a/tests_rbac/test_rbac.py
+++ b/tests_rbac/test_rbac.py
@@ -20,6 +20,7 @@ import pytest
 from django.contrib.auth import get_user_model
 from django.contrib.contenttypes.models import ContentType
 from django.db import connection
+from django.db.models import Q
 from django.test.utils import CaptureQueriesContext
 
 from django_rbac import backends, models, utils
@@ -36,14 +37,15 @@ def test_role_parenting(db):
     ou = OrganizationalUnit.objects.create(name='ou')
     roles = []
     for i in range(10):
-        roles.append(Role.objects.create(name='r%d' % i, ou=ou))
+        roles.append(Role.objects.create(name='test-role-%d' % i, ou=ou))
 
-    assert Role.objects.count() == 10
-    assert RoleParenting.objects.count() == 0
+    assert Role.objects.filter(name__startswith='test-role-').count() == 10
+    role_parenting_qs = RoleParenting.objects.filter(Q(parent__in=roles) | Q(child__in=roles))
+    assert role_parenting_qs.count() == 0
     for i in range(1, 3):
         RoleParenting.objects.soft_create(parent=roles[i - 1], child=roles[i])
-    assert RoleParenting.objects.filter(direct=True).count() == 2
-    assert RoleParenting.objects.filter(direct=False).count() == 1
+    assert role_parenting_qs.filter(direct=True).count() == 2
+    assert role_parenting_qs.filter(direct=False).count() == 1
     for i, role in enumerate(roles[:3]):
         assert role.children().count() == 3 - i
         assert role.parents().count() == i + 1
@@ -51,17 +53,17 @@ def test_role_parenting(db):
         assert role.parents(False).count() == i
 
     for i in range(4, 6):
-        RoleParenting.objects.create(parent=roles[i - 1], child=roles[i])
-    assert RoleParenting.objects.filter(direct=True).count() == 4
-    assert RoleParenting.objects.filter(direct=False).count() == 2
+        role_parenting_qs.create(parent=roles[i - 1], child=roles[i])
+    assert role_parenting_qs.filter(direct=True).count() == 4
+    assert role_parenting_qs.filter(direct=False).count() == 2
     for i, role in enumerate(roles[3:6]):
         assert role.children().count() == 3 - i
         assert role.parents().count() == i + 1
         assert role.children(False).count() == 3 - i - 1
         assert role.parents(False).count() == i
     RoleParenting.objects.soft_create(parent=roles[2], child=roles[3])
-    assert RoleParenting.objects.filter(direct=True).count() == 5
-    assert RoleParenting.objects.filter(direct=False).count() == 10
+    assert role_parenting_qs.filter(direct=True).count() == 5
+    assert role_parenting_qs.filter(direct=False).count() == 10
     for i in range(6):
         assert roles[i].parents().distinct().count() == i + 1
     for i, role in enumerate(roles[:6]):
@@ -71,14 +73,14 @@ def test_role_parenting(db):
         assert role.parents(False).count() == i
     RoleParenting.objects.soft_delete(roles[2], roles[3])
     assert (
-        RoleParenting.objects.filter(
+        role_parenting_qs.filter(
             direct=True,
             deleted__isnull=True,
         ).count()
         == 4
     )
     assert (
-        RoleParenting.objects.filter(
+        role_parenting_qs.filter(
             direct=False,
             deleted__isnull=True,
         ).count()
@@ -101,20 +103,21 @@ def test_role_parenting_soft_delete_children(db):
     roles = []
     for i in range(10):
         roles.append(Role.objects.create(name='r%d' % i, ou=ou))
-    assert not len(RoleParenting.objects.all())
+    role_parenting_qs = RoleParenting.objects.filter(Q(parent__in=roles) | Q(child__in=roles))
+    assert not len(role_parenting_qs.all())
 
     rps = []
     for i in range(5):
         rps.append(RoleParenting.objects.soft_create(parent=roles[9 - i], child=roles[i]))
-    assert len(RoleParenting.objects.all()) == 5
+    assert len(role_parenting_qs.all()) == 5
     for i in range(5):
         roles[9 - i].remove_child(roles[i])
-        assert len(RoleParenting.objects.all()) == 5
-        assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == 4 - i
+        assert len(role_parenting_qs.all()) == 5
+        assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == 4 - i
     for i in range(5):
         roles[9 - i].add_child(roles[i])
-        assert len(RoleParenting.objects.all()) == 5
-        assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == i + 1
+        assert len(role_parenting_qs.all()) == 5
+        assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == i + 1
 
 
 def test_role_parenting_soft_delete_parents(db):
@@ -126,20 +129,21 @@ def test_role_parenting_soft_delete_parents(db):
     roles = []
     for i in range(10):
         roles.append(Role.objects.create(name='r%d' % i, ou=ou))
-    assert not len(RoleParenting.objects.all())
+    role_parenting_qs = RoleParenting.objects.filter(Q(parent__in=roles) | Q(child__in=roles))
+    assert not len(role_parenting_qs.all())
 
     rps = []
     for i in range(5):
         rps.append(RoleParenting.objects.soft_create(child=roles[9 - i], parent=roles[i]))
-    assert len(RoleParenting.objects.all()) == 5
+    assert len(role_parenting_qs.all()) == 5
     for i in range(5):
         roles[9 - i].remove_parent(roles[i])
-        assert len(RoleParenting.objects.all()) == 5
-        assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == 4 - i
+        assert len(role_parenting_qs.all()) == 5
+        assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == 4 - i
     for i in range(5):
         roles[9 - i].add_parent(roles[i])
-        assert len(RoleParenting.objects.all()) == 5
-        assert len(RoleParenting.objects.filter(deleted__isnull=True).all()) == i + 1
+        assert len(role_parenting_qs.all()) == 5
+        assert len(role_parenting_qs.filter(deleted__isnull=True).all()) == i + 1
 
 
 SIZE = 50
@@ -147,6 +151,8 @@ SPAN = 10
 
 
 def test_massive_role_parenting(db):
+    Role.objects.all().delete()
+
     user = User.objects.create(username='user')
     roles = []
     # Try a depth=10 tree of roles
@@ -188,6 +194,7 @@ def test_rbac_backend(db):
     admin_op = models.Operation.objects.get(slug='admin')
     perm1 = Permission.objects.create(operation=change_op, target_ct=ct_ct, target_id=role_ct.pk)
     perm2 = Permission.objects.create(operation=view_op, target_ct=ct_ct, target_id=role_ct.pk)
+    Role.objects.all().delete()
     role1 = Role.objects.create(name='role1')
     role2 = Role.objects.create(name='role2', ou=ou1)
     role1.permissions.add(perm1)
@@ -203,42 +210,43 @@ def test_rbac_backend(db):
     ctx = CaptureQueriesContext(connection)
     with ctx:
         assert rbac_backend.get_all_permissions(user1) == {
-            'django_rbac.change_role',
-            'django_rbac.search_role',
-            'django_rbac.view_role',
+            'a2_rbac.change_role',
+            'a2_rbac.manage_members_role',
+            'a2_rbac.search_role',
+            'a2_rbac.view_role',
         }
         assert rbac_backend.get_all_permissions(user1, obj=role1) == {
-            'django_rbac.delete_role',
-            'django_rbac.change_role',
-            'django_rbac.search_role',
-            'django_rbac.view_role',
+            'a2_rbac.delete_role',
+            'a2_rbac.change_role',
+            'a2_rbac.manage_members_role',
+            'a2_rbac.search_role',
+            'a2_rbac.view_role',
         }
         assert rbac_backend.get_all_permissions(user1, obj=role2) == {
-            'django_rbac.change_role',
-            'django_rbac.view_role',
-            'django_rbac.search_role',
-            'django_rbac.add_role',
+            'a2_rbac.change_role',
+            'a2_rbac.view_role',
+            'a2_rbac.manage_members_role',
+            'a2_rbac.search_role',
+            'a2_rbac.add_role',
         }
-        assert not rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role2)
-        assert rbac_backend.has_perm(user1, 'django_rbac.delete_role', obj=role1)
+        assert not rbac_backend.has_perm(user1, 'a2_rbac.delete_role', obj=role2)
+        assert rbac_backend.has_perm(user1, 'a2_rbac.delete_role', obj=role1)
         assert rbac_backend.has_perms(
-            user1, ['django_rbac.delete_role', 'django_rbac.change_role', 'django_rbac.view_role'], obj=role1
+            user1, ['a2_rbac.delete_role', 'a2_rbac.change_role', 'a2_rbac.view_role'], obj=role1
         )
-        assert rbac_backend.has_module_perms(user1, 'django_rbac')
+        assert rbac_backend.has_module_perms(user1, 'a2_rbac')
         assert not rbac_backend.has_module_perms(user1, 'contenttypes')
     assert len(ctx.captured_queries) == 1
-    assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.add_role', Role.objects.all())) == {role2}
-    assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.delete_role', Role.objects.all())) == {role1}
+    assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.add_role', Role.objects.all())) == {role2}
+    assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.delete_role', Role.objects.all())) == {role1}
     assert set(
-        rbac_backend.filter_by_perm(
-            user1, ['django_rbac.delete_role', 'django_rbac.add_role'], Role.objects.all()
-        )
+        rbac_backend.filter_by_perm(user1, ['a2_rbac.delete_role', 'a2_rbac.add_role'], Role.objects.all())
     ) == {role1, role2}
-    assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.view_role', Role.objects.all())) == {
+    assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.view_role', Role.objects.all())) == {
         role1,
         role2,
     }
-    assert set(rbac_backend.filter_by_perm(user1, 'django_rbac.change_role', Role.objects.all())) == {
+    assert set(rbac_backend.filter_by_perm(user1, 'a2_rbac.change_role', Role.objects.all())) == {
         role1,
         role2,
     }
@@ -247,21 +255,27 @@ def test_rbac_backend(db):
     user2 = User.objects.create(username='donald.knuth')
     role3 = Role.objects.create(name='role3')
     role3.members.add(user2)
-    perm5 = Permission.objects.create(operation=admin_op, target_ct=ct_ct, target_id=role_ct.pk)
+    perm5 = Permission.objects.filter(operation=admin_op, target_ct=ct_ct, target_id=role_ct.pk).first()
     role3.permissions.add(perm5)
     assert rbac_backend.get_all_permissions(user2) == {
-        'django_rbac.add_role',
-        'django_rbac.change_role',
-        'django_rbac.search_role',
-        'django_rbac.admin_role',
-        'django_rbac.view_role',
-        'django_rbac.delete_role',
+        'a2_rbac.activate_role',
+        'a2_rbac.add_role',
+        'a2_rbac.change_role',
+        'a2_rbac.change_email_role',
+        'a2_rbac.change_password_role',
+        'a2_rbac.search_role',
+        'a2_rbac.admin_role',
+        'a2_rbac.view_role',
+        'a2_rbac.delete_role',
+        'a2_rbac.manage_authorizations_role',
+        'a2_rbac.manage_members_role',
+        'a2_rbac.reset_password_role',
     }
 
     # test ous_with_perm
-    assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.add_role')) == {ou1}
-    assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.view_role')) == {ou1, ou2}
-    assert set(rbac_backend.ous_with_perm(user1, 'django_rbac.delete_role')) == set()
+    assert set(rbac_backend.ous_with_perm(user1, 'a2_rbac.add_role')) == {ou1}
+    assert set(rbac_backend.ous_with_perm(user1, 'a2_rbac.view_role')).issuperset({ou1, ou2})
+    assert set(rbac_backend.ous_with_perm(user1, 'a2_rbac.delete_role')) == set()
 
 
 def test_all_members(db):
@@ -295,6 +309,7 @@ def test_random_role_parenting(db):
 
     import numpy as np
 
+    Role.objects.all().delete()
     c = 15
     roles = [Role.objects.create(id=i, name=f'role{i}') for i in range(c)]
     m = [[False] * c for i in range(c)]
-- 
2.35.1