def test_enforce(self):
"""
Check a user has a permission manually added to them.
Check a user no longer has a permission removed from them.
"""
permission = "delete"
auth.add_permission(self.user.id, self.project.id, permission)
self.assertTrue(
auth.check_permission(self.user.id, self.project.id, permission))
auth.remove_permission(self.user.id, self.project.id, permission)
self.assertFalse(
auth.check_permission(self.user.id, self.project.id, permission))
def test_permission_removed_with_roled_removed(self):
"""
Check if permission is assigned if a role is assigned.
Check if permission is removed if the role is removed.
"""
role = Role.OWNER
auth.add_role(self.user.id, self.project.id, role)
self.assertTrue(
auth.check_permission(self.user.id, self.project.id,
DELETE_PERMISSION))
auth._remove_role(self.user.id, self.project.id, role)
self.assertFalse(
auth.check_permission(self.user.id, self.project.id,
DELETE_PERMISSION))
def check_project_cannot_be_created(self, row: RowT, unauthorized_project: Project) -> None:
assert not auth.check_permission(self.user_id, unauthorized_project.id, CREATE_OR_UPDATE_PERMISSION)
row[PROJECT] = unauthorized_project.name
row[MEASUREMENT_NUMBER] = "some"
with self.assertRaises(PermissionError):
MeasurementImporter(row, self.user_id).import_measurement()
self.check_row_is_not_in_database(row)
def create_project_without_permission(self, user: User,
permission: str) -> Project:
"""Create a project for which there will be no 'permission' for a user."""
project = Project.objects.create(name="unauthorized")
if auth.check_permission(user.id, project.id, permission):
auth.remove_permission(user.id, project.id, permission)
return project
def _check_permission_on_project(self, permission: str) -> None:
"""Check whether a user is authorized to do an action on measurements within a project from this row."""
project = self.get_project()
if not auth.check_permission(self.user_id, project.id, permission):
raise PermissionError(
f"User does not have {permission} permission on the project {project.name}"
)
def get_projects_with_viewing_permissions(self) -> List[Project]:
"""Return a list of projects for which a user has viewing permissions."""
res = []
for project in Project.objects.all():
if auth.check_permission(self.user.id, project.id,
VIEW_PERMISSION):
res.append(project)
return res
def try_deleting_row_and_check_it_was_not_deleted(self, user: User, project_id: int, row: RowT):
assert not auth.check_permission(user.id, project_id, DELETE_PERMISSION)
with self.assertRaises(PermissionError):
MeasurementImporter(row, user.id).delete_measurement()
self.check_row_is_in_database(row)