def test_add_role(self):
"""Check if a user has a role added to them."""
role = Role.OWNER
auth.add_role(self.user.id, self.project.id, role)
self.assertEqual(role, auth.get_role(self.user.id, self.project.id))
auth._remove_role(self.user.id, self.project.id, role)
self.assertEqual(None, auth.get_role(self.user.id, self.project.id))
def test_deleting_roles_on_deleting_users(self):
"""Test deletion of all roles related to a deleted user."""
user = User.objects.create(username="******")
project = Project.objects.create(name="to_be_checked")
auth.add_role(user.id, project.id, user.profile.get_default_role())
user_id = user.id
user.delete()
self.assertIs(None, auth.get_role(user_id, project.id))
def test_permission_removed_with_roled_removed(self):
"""
Check if permission is assigned if a role is assigned.
Check if permission is removed if the role is removed.
"""
role = Role.OWNER
auth.add_role(self.user.id, self.project.id, role)
self.assertTrue(
auth.check_permission(self.user.id, self.project.id,
DELETE_PERMISSION))
auth._remove_role(self.user.id, self.project.id, role)
self.assertFalse(
auth.check_permission(self.user.id, self.project.id,
DELETE_PERMISSION))
def test_authorized_creation_for_roles(self):
"""
Test that a user with owner role on a project can create a measurement.
Test that a user with viewer role on a project cannot create a measurement.
Test a user without any role on a project cannot create a measurement.
"""
row = ExcelRowInfoGenerator.get_sample_row()
user = User.objects.create(username="******", password="******")
authorized_project_name = row[PROJECT]
auth.add_role(user.id, get_obj_id_from_name("project", authorized_project_name), Role.OWNER)
MeasurementImporter(row, self.user_id).import_measurement()
self.check_row_is_in_database(row)
project_without_role = Project.objects.create(name="project_without_role")
self.check_project_cannot_be_created(row.copy(), project_without_role)
auth.add_role(self.user_id, project_without_role.id, Role.VIEWER)
self.check_project_cannot_be_created(row.copy(), project_without_role)
def test_authorized_deletion_for_roles(self):
"""
Test that an owner user on a project can delete a measurement.
Test that a viewer or anonymous user on a project cannot delete a measurement.
"""
row = ExcelRowInfoGenerator.get_sample_row()
project_id = get_obj_id_from_name("project", row[PROJECT])
MeasurementImporter(row, self.user_id).import_measurement()
self.check_row_is_in_database(row)
# check viewer
viewer = User.objects.create(username="******", password="******")
auth.add_role(viewer.id, project_id, Role.VIEWER)
self.try_deleting_row_and_check_it_was_not_deleted(viewer, project_id, row)
# check anonymous
auth.remove_existing_role(viewer.id, project_id)
self.try_deleting_row_and_check_it_was_not_deleted(viewer, project_id, row)
# check owner
MeasurementImporter(row, self.user_id).delete_measurement()
self.check_row_is_not_in_database(row)
def save_model(self, request, obj, form, change):
"""Add a new role."""
auth.add_role(obj.user.id, obj.project.id, Role(obj.role))
def _create_owner_user(self) -> int:
"""Create a user that has Owner role on all projects and return user id."""
user = User.objects.get_or_create(username="******", password="******")[0]
for project in Project.objects.all():
auth.add_role(user.id, project.id, Role.OWNER)
return user.id
def assign_a_role_in_all_projects(self, role: Role):
"""Assign a user a role in all projects."""
for project in Project.objects.all():
auth.add_role(self.user.id, project.id, role)
def add_user_roles_to_new_project(sender, instance, created, *args, **kwargs):
"""Add new roles for all internal users for this newly created project."""
if created:
for user in User.objects.all():
auth.add_role(user.id, instance.id,
user.profile.get_default_role())
def create_roles_for_user(user: User) -> None:
"""Create a default role for all projects for this user."""
for project in Project.objects.all():
auth.add_role(user.id, project.id, user.profile.get_default_role())