def test_get_success(self):
"""正确
"""
role_name = "my-role"
role = Role(name=role_name)
self.db.add(role)
permission_total = 12
permission_basename = "my-permission"
for i in range(permission_total):
perm = Permission(name=permission_basename + str(i))
self.db.add(perm)
role.permissions.append(perm)
self.db.commit()
resp = self.api_get(f"/role/{role.uuid}/permission")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
spec = self.rs.get_role_id_permission.op_spec["responses"]["200"]["schema"]
api.validate_object(spec, body)
self.assertEqual(len(body["data"]), permission_total)
def test_post_success(self):
"""删除权限成功
"""
role_name = "my-role"
role = Role(name=role_name)
self.db.add(role)
remove_permission_total = 3
remove_permission_list = []
permission_total = 12
permission_basename = "my-permission"
for i in range(permission_total):
perm = Permission(name=permission_basename + str(i))
self.db.add(perm)
role.permissions.append(perm)
self.db.commit()
if i < remove_permission_total:
remove_permission_list.append(perm.name)
resp = self.api_post("/role/permission/remove", body={
"role": role.name,
"permissions": remove_permission_list,
})
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
role = self.db.query(Role).filter_by(name=role_name).one()
self.assertEqual(
len(role.permissions),
permission_total - remove_permission_total
)
def test_delete_success(self):
"""删除成功
"""
role_name = "my-role"
role = Role(name=role_name)
self.db.add(role)
perm_name = "my-permission"
perm = Permission(name=perm_name)
perm.roles.append(role)
self.db.add(perm)
self.db.commit()
resp = self.api_delete(f"/permission/{perm.uuid}")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
del perm
perm = self.db.query(Permission).filter_by(name=perm_name).first()
self.assertIs(perm, None)
role = self.db.query(Role).filter_by(name=role_name).one()
self.assertNotIn(perm_name, [p.name for p in role.permissions])
def test_delete_success(self):
"""删除成功
"""
user_id = self.current_user.id
role_name = "my-role"
role = Role(name=role_name)
role.users.append(self.current_user)
perm = Permission(name="my-permission")
self.db.add(perm)
role.permissions.append(perm)
self.db.add(role)
self.db.commit()
role_id = str(role.uuid)
resp = self.api_delete(f"/role/{role_id}")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
del role
role = self.db.query(Role).filter_by(uuid=role_id).first()
self.assertIs(role, None)
user = self.db.query(User).get(user_id)
self.assertNotIn(role_name, [r.name for r in user.roles])
def test_update_success(self):
"""更新成功
"""
name = "my-permission"
summary = "my summary"
description = "my description"
perm = Permission(name=name, summary=summary, description=description)
self.db.add(perm)
self.db.commit()
old_updated = perm.updated
perm_id = str(perm.uuid)
del perm
resp = self.api_post(f"/permission/{perm_id}",
body={
"summary": summary + ":new",
"description": description + ":new"
})
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
perm = self.db.query(Permission).filter_by(uuid=perm_id).one()
self.assertEqual(perm.summary, summary + ":new")
self.assertEqual(perm.description, description + ":new")
self.assertNotEqual(perm.updated, old_updated)
def test_success(self):
"""返回正确
"""
role_numbers = 10
perm_numbers = 20
role_basename = "myrole"
permission_basename = "myperm"
for i in range(role_numbers):
role = Role(name=role_basename + str(i))
for j in range(perm_numbers):
perm = Permission(name=permission_basename + str(i) + str(j))
self.db.add(perm)
role.permissions.append(perm)
self.db.add(role)
self.current_user.roles.append(role)
self.db.commit()
resp = self.api_get("/my/permission")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
spec = self.rs.get_my_permission.op_spec["responses"]["200"]["schema"]
api.validate_object(spec, body)
self.assertEqual(len(body["data"]), role_numbers)
for role_data in body["data"]:
self.assertEqual(len(role_data["permissions"]), perm_numbers)
role_names = [role_data["name"] for role_data in body["data"]]
self.assertEqual([role_basename + str(i) for i in range(role_numbers)],
sorted(role_names))
def test_no(self):
"""检查权限不存在
"""
perm = Permission(name="new-permission")
self.db.add(perm)
self.db.commit()
self.validate_response_200(
str(self.user.uuid), str(perm.uuid), "no")
def test_admin_yes(self):
"""检查超级用户权限存在
"""
perm = Permission(name="new-permission")
self.db.add(perm)
role = self.db.query(Role).filter_by(
name=settings.ADMIN_ROLE_NAME).first()
self.user.roles.append(role)
self.db.commit()
self.validate_response_200(
str(self.user.uuid), str(perm.uuid), "yes")
def test_name_exist(self):
"""名字已经存在
"""
name = "my-permission"
perm = Permission(name=name)
self.db.add(perm)
self.db.commit()
resp = self.api_post("/permission", body={"name": name})
body = get_body_json(resp)
self.assertEqual(resp.code, 400)
validate_default_error(body)
self.assertEqual(body["status"], "name-exist")
async def post(self):
"""增加指定角色的权限
"""
body = self.get_body_json()
role = self.db.query(Role).filter_by(name=body["role"]).first()
if not role:
role = Role(name=body["role"])
self.db.add(role)
self.db.commit()
perms = []
for perm_name in body["permissions"]:
perm = self.db.query(Permission).filter_by(name=perm_name).first()
if not perm:
perm = Permission(name=perm_name)
self.db.add(perm)
self.db.commit()
perms.append(perm)
if not perms:
self.fail("no-permissions")
return
# sync to etcd
if settings.SYCN_ETCD:
# create etcd client
for endpoint in settings.ETCD_ENDPOINTS.split(";"):
host, port = endpoint.split(":")
client = Client(host, int(port))
break # FIXME: try when failed
key = get_permission_role_key(perm.name)
new_roles = []
r = client.range(key)
if r.count == 1:
new_roles.extend(json.loads(r.kvs[0].value))
if role.name not in new_roles:
new_roles.append(role.name)
client.put(key, json.dumps(new_roles))
# append permissions
role.permissions.extend(perms)
self.db.commit()
self.success()
def setUp(self):
super().setUp()
user = User(uuid=str(uuid.uuid4()))
self.db.add(user)
role = Role(name="test-role")
self.db.add(role)
user.roles.append(role)
perm = Permission(name="test-permission")
self.db.add(perm)
role.permissions.append(perm)
self.db.commit()
self.user = user
self.permission = perm
def post(self):
"""创建权限
"""
body = self.get_body_json()
perm = self.db.query(Permission).filter_by(name=body["name"]).first()
if perm:
self.fail("name-exist")
return
perm = Permission(
name=body["name"],
summary=body.get("summary"),
description=body.get("description"),
)
self.db.add(perm)
self.db.commit()
self.success(id=str(perm.uuid))
def test_get_success(self):
"""success
"""
name = "my-permission"
summary = "my summary"
perm = Permission(name=name, summary=summary)
self.db.add(perm)
self.db.commit()
resp = self.api_get(f"/permission/id?name={perm.name}")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
spec = self.rs.get_permission_id.op_spec["responses"]["200"]["schema"]
api.validate_object(spec, body)
self.assertEqual(body["id"], str(perm.uuid))
def test_get_success(self):
"""获取详情正确
"""
name = "my-permission"
summary = "my summary"
perm = Permission(name=name, summary=summary)
self.db.add(perm)
self.db.commit()
resp = self.api_get(f"/permission/{perm.uuid}")
body = get_body_json(resp)
self.assertEqual(resp.code, 200)
self.validate_default_success(body)
spec = self.rs.get_permission_id.op_spec["responses"]["200"]["schema"]
api.validate_object(spec, body)
data = body["data"]
self.assertEqual(data["summary"], summary)
self.assertEqual(data["created"], utc_rfc3339_string(perm.created))
self.assertEqual(data["updated"], utc_rfc3339_string(perm.updated))
def setUp(self):
super().setUp()
total = 3
basename = "fortest"
for _ in range(total):
user = User(uuid=str(uuid.uuid4()))
self.db.add(user)
self.db.commit()
for i in range(total):
role = Role(name=str(user.id) + basename + str(i))
self.db.add(role)
user.roles.append(role)
self.db.commit()
for j in range(total):
perm = Permission(name=str(user.id) + basename + str(i) +
str(j))
self.db.add(perm)
role.permissions.append(perm)
self.db.commit()
self.total = total * total * total
