def test_role_deserializer_parenting_existing_parent(db):
parent_role_dict = {
'name': 'grand parent role',
'slug': 'grand-parent-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
parent_role = Role.objects.create(**parent_role_dict)
child_role_dict = {
'name': 'child role',
'slug': 'child-role',
'parents': [parent_role_dict],
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
rd = RoleDeserializer(child_role_dict, ImportContext())
child_role, status = rd.deserialize()
created, deleted = rd.parentings()
assert len(created) == 1
parenting = created[0]
assert parenting.direct is True
assert parenting.parent == parent_role
assert parenting.child == child_role
def test_import_role_handle_manager_role_parenting(db):
parent_role_dict = {
'name': 'grand parent role',
'slug': 'grand-parent-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
parent_role_manager_dict = {
'name': 'Administrateur du role grand parent role',
'slug': '_a2-managers-of-role-grand-parent-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
child_role_dict = {
'name': 'child role',
'slug': 'child-role',
'parents': [parent_role_dict, parent_role_manager_dict],
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
import_site({'roles': [child_role_dict, parent_role_dict]},
ImportContext())
child = Role.objects.get(slug='child-role')
manager = Role.objects.get(slug='_a2-managers-of-role-grand-parent-role')
RoleParenting.objects.get(child=child, parent=manager, direct=True)
def test_role_deserializer_with_attributes(db):
attributes_data = {
'attr1_name': dict(name='attr1_name',
kind='string',
value='attr1_value'),
'attr2_name': dict(name='attr2_name',
kind='string',
value='attr2_value')
}
rd = RoleDeserializer(
{
'uuid': get_hex_uuid(),
'name': 'some role',
'description': 'some role description',
'slug': 'some-role',
'attributes': list(attributes_data.values()),
'ou': None,
'service': None
}, ImportContext())
role, status = rd.deserialize()
created, deleted = rd.attributes()
assert role.attributes.count() == 2
assert len(created) == 2
for attr in created:
attr_dict = attributes_data[attr.name]
assert attr_dict['name'] == attr.name
assert attr_dict['kind'] == attr.kind
assert attr_dict['value'] == attr.value
del attributes_data[attr.name]
def test_import_site_roles(db):
parent_role_dict = {
'name': 'grand parent role',
'slug': 'grand-parent-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
child_role_dict = {
'name': 'child role',
'slug': 'child-role',
'parents': [parent_role_dict],
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
roles = [parent_role_dict, child_role_dict]
res = import_site({'roles': roles}, ImportContext())
created_roles = res.roles['created']
assert len(created_roles) == 2
parent_role = Role.objects.get(**parent_role_dict)
del child_role_dict['parents']
child_role = Role.objects.get(**child_role_dict)
assert created_roles[0] == parent_role
assert created_roles[1] == child_role
assert len(res.parentings['created']) == 1
assert res.parentings['created'][0] == RoleParenting.objects.get(
child=child_role, parent=parent_role, direct=True)
def test_permission_on_contentype(db):
perm_ou = OU.objects.create(slug='perm-ou', name='perm ou')
some_role_dict = {
'name': 'some role',
'slug': 'some-role-slug',
'ou': None,
'service': None
}
some_role_dict['permissions'] = [{
"operation": {
"slug": "admin"
},
"ou": {
"slug": "perm-ou",
"name": "perm-ou"
},
'target_ct': {
"model": "contenttype",
"app_label": "contenttypes"
},
"target": {
"model": "logentry",
"app_label": "admin"
}
}]
import_context = ImportContext()
rd = RoleDeserializer(some_role_dict, import_context)
rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert len(perm_created) == 1
perm = perm_created[0]
assert perm.target.app_label == 'admin'
assert perm.target.model == 'logentry'
assert perm.ou == perm_ou
def test_roles_import_ignore_technical_role_with_service(db):
roles = [{
'name': 'some role',
'description': 'some role description',
'slug': '_some-role'
}]
res = import_site({'roles': roles}, ImportContext())
assert res.roles == {'created': [], 'updated': []}
def test_import_roles_role_delete_orphans(db):
roles = [{
'name': 'some role',
'description': 'some role description',
'slug': '_some-role'
}]
with pytest.raises(DataImportError):
import_site({'roles': roles}, ImportContext(role_delete_orphans=True))
def test_import_ou_already_existing(db):
uuid = get_hex_uuid()
ou_d = {'uuid': uuid, 'slug': 'ou-slug', 'name': 'ou name'}
ou = OU.objects.create(**ou_d)
num_ous = OU.objects.count()
res = import_site({'ous': [ou_d]}, ImportContext())
assert len(res.ous['created']) == 0
assert num_ous == OU.objects.count()
assert ou == OU.objects.get(uuid=uuid)
def test_import_ou(db):
uuid = get_hex_uuid()
name = 'ou name'
ous = [{'uuid': uuid, 'slug': 'ou-slug', 'name': name}]
res = import_site({'ous': ous}, ImportContext())
assert len(res.ous['created']) == 1
ou = res.ous['created'][0]
assert ou.uuid == uuid
assert ou.name == name
Role.objects.get(slug='_a2-managers-of-ou-slug')
def test_role_deserializer_creates_admin_role(db):
role_dict = {
'name': 'some role',
'slug': 'some-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
rd = RoleDeserializer(role_dict, ImportContext())
rd.deserialize()
Role.objects.get(slug='_a2-managers-of-role-some-role')
def test_role_deserializer_missing_ou(db):
rd = RoleDeserializer(
{
'uuid': get_hex_uuid(),
'name': 'some role',
'description': 'role description',
'slug': 'some-role',
'ou': {
'slug': 'some-ou'
},
'service': None
}, ImportContext())
with pytest.raises(DataImportError):
rd.deserialize()
def test_role_deserializer_with_ou(db):
ou = OU.objects.create(name='some ou', slug='some-ou')
rd = RoleDeserializer(
{
'uuid': get_hex_uuid(),
'name': 'some role',
'description': 'some role description',
'slug': 'some-role',
'ou': {
'slug': 'some-ou'
},
'service': None
}, ImportContext())
role, status = rd.deserialize()
assert role.ou == ou
def form_valid(self, form):
try:
json_site = json.load(self.request.FILES['site_json'])
except ValueError:
form.add_error('site_json',
_('File is not in the expected JSON format.'))
return self.form_invalid(form)
try:
with transaction.atomic():
import_site(json_site, ImportContext())
except DataImportError as e:
form.add_error('site_json', unicode(e))
return self.form_invalid(form)
return super(SiteImportView, self).form_valid(form)
def test_role_deserializer_update_fields(db):
uuid = get_hex_uuid()
existing_role = Role.objects.create(uuid=uuid,
slug='some-role',
name='some role')
rd = RoleDeserializer(
{
'uuid': uuid,
'slug': 'some-role',
'name': 'some role changed',
'ou': None,
'service': None
}, ImportContext())
role, status = rd.deserialize()
assert role == existing_role
assert role.name == 'some role changed'
def test_role_deserializer_update_ou(db):
ou1 = OU.objects.create(name='ou 1', slug='ou-1')
ou2 = OU.objects.create(name='ou 2', slug='ou-2')
uuid = get_hex_uuid()
existing_role = Role.objects.create(uuid=uuid, slug='some-role', ou=ou1)
rd = RoleDeserializer(
{
'uuid': uuid,
'name': 'some-role',
'slug': 'some-role',
'ou': {
'slug': 'ou-2'
},
'service': None
}, ImportContext())
role, status = rd.deserialize()
assert role == existing_role
assert role.ou == ou2
def test_permission_on_role(db):
perm_ou = OU.objects.create(slug='perm-ou', name='perm ou')
perm_role = Role.objects.create(slug='perm-role',
ou=perm_ou,
name='perm role')
some_role_dict = {
'name': 'some role',
'slug': 'some-role-slug',
'ou': None,
'service': None
}
some_role_dict['permissions'] = [{
"operation": {
"slug": "admin"
},
"ou": {
"slug": "perm-ou",
"name": "perm-ou"
},
'target_ct': {
'app_label': u'a2_rbac',
'model': u'role'
},
"target": {
"slug": "perm-role",
"ou": {
"slug": "perm-ou",
"name": "perm ou"
},
"service": None,
"name": "perm role"
}
}]
import_context = ImportContext()
rd = RoleDeserializer(some_role_dict, import_context)
rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert len(perm_created) == 1
perm = perm_created[0]
assert perm.target == perm_role
assert perm.ou == perm_ou
assert perm.operation.slug == 'admin'
def test_role_deserializer(db):
rd = RoleDeserializer(
{
'name': 'some role',
'description': 'some role description',
'slug': 'some-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}, ImportContext())
assert rd._parents is None
assert rd._attributes is None
assert rd._obj is None
role, status = rd.deserialize()
assert status == 'created'
assert role.name == 'some role'
assert role.description == 'some role description'
assert role.slug == 'some-role'
assert rd._obj == role
def handle(self, filename, **options):
translation.activate(settings.LANGUAGE_CODE)
dry_run = options['dry_run']
msg = "Dry run\n" if dry_run else "Real run\n"
c_kwargs = create_context_args(options)
try:
with open(filename, 'r') as f:
with provision_contextm(dry_run, settings):
with transaction.atomic():
sys.stdout.write(msg)
result = import_site(json.load(f),
ImportContext(**c_kwargs))
if dry_run:
raise DryRunException()
except DryRunException:
pass
sys.stdout.write(result.to_str())
sys.stdout.write("Success\n")
translation.deactivate()
def test_role_deserializer_parenting_non_existing_parent(db):
parent_role_dict = {
'name': 'grand parent role',
'slug': 'grand-parent-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
child_role_dict = {
'name': 'child role',
'slug': 'child-role',
'parents': [parent_role_dict],
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
rd = RoleDeserializer(child_role_dict, ImportContext())
rd.deserialize()
with pytest.raises(DataImportError) as excinfo:
rd.parentings()
assert "Could not find role" in str(excinfo.value)
def test_role_deserializer_permissions(db):
ou = OU.objects.create(slug='some-ou')
other_role_dict = {
'name': 'other role',
'slug': 'other-role-slug',
'uuid': get_hex_uuid(),
'ou': ou
}
other_role = Role.objects.create(**other_role_dict)
other_role_dict['permisison'] = {
"operation": {
"slug": "admin"
},
"ou": {
"slug": "default",
"name": "Collectivit\u00e9 par d\u00e9faut"
},
'target_ct': {
'app_label': u'a2_rbac',
'model': u'role'
},
"target": {
"slug": "role-deux",
"ou": {
"slug": "default",
"name": "Collectivit\u00e9 par d\u00e9faut"
},
"service": None,
"name": "role deux"
}
}
some_role_dict = {
'name': 'some role',
'slug': 'some-role',
'uuid': get_hex_uuid(),
'ou': None,
'service': None
}
some_role_dict['permissions'] = [{
'operation': {
'slug': 'add'
},
'ou': None,
'target_ct': {
'app_label': u'a2_rbac',
'model': u'role'
},
'target': {
"slug": u'other-role-slug',
'ou': {
'slug': 'some-ou'
},
'service': None
}
}]
import_context = ImportContext()
rd = RoleDeserializer(some_role_dict, import_context)
rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert len(perm_created) == 1
assert len(perm_deleted) == 0
del some_role_dict['permissions']
role = Role.objects.get(slug=some_role_dict['slug'])
assert role.permissions.count() == 1
perm = role.permissions.first()
assert perm.operation.slug == 'add'
assert not perm.ou
assert perm.target == other_role
# that one should delete permissions
rd = RoleDeserializer(some_role_dict, import_context)
role, _ = rd.deserialize()
perm_created, perm_deleted = rd.permissions()
assert role.permissions.count() == 0
assert len(perm_created) == 0
assert len(perm_deleted) == 1
def testi_import_site_empty():
res = import_site({}, ImportContext())
assert res.roles == {'created': [], 'updated': []}
assert res.ous == {'created': [], 'updated': []}
assert res.parentings == {'created': [], 'deleted': []}