def test_grants_needs(users, roles):
user = users[0]
role = roles[0]
grant1 = Grant(user, "manage")
grant2 = Grant(role, "view")
dict_ = {"subject": "sysrole", "id": "system", "level": "view"}
grant3 = Grant.from_dict(dict_)
grants = Grants([grant1, grant2, grant3])
assert len(grants.needs("view")) == 3
def test_grant_from_dict(users):
user = users[0]
grant_dict = {"subject": "user", "id": user.id, "level": "view"}
grant = Grant.from_dict(grant_dict)
assert grant.subject_type == "user"
assert grant.subject_id == user.id
assert grant.subject == user
def test_grant_creation(users, roles):
user = users[0]
role = roles[0]
grant = Grant(user, "view")
assert grant.subject_type == "user"
assert grant.subject_id == user.id
assert grant.subject == user
grant = Grant(role, "view")
assert grant.subject_type == "role"
assert grant.subject_id == role.id
assert grant.subject == role
grant = Grant(None, "view", subject_type="sysrole", subject_id="system")
assert grant.subject_type == "sysrole"
assert grant.subject_id == "system"
assert grant.subject is None
def test_grant_from_token():
token = "{}.{}.{}".format(
b64encode("sysrole".encode()).decode(),
b64encode("system".encode()).decode(),
b64encode("view".encode()).decode(),
)
grant = Grant.from_token(token)
dict_ = {"subject": "sysrole", "id": "system", "level": "view"}
assert grant.to_dict() == dict_
def test_grant_to_token():
dict_ = {"subject": "sysrole", "id": "system", "level": "view"}
grant = Grant.from_dict(dict_)
token = "{}.{}.{}".format(
b64encode("sysrole".encode()).decode(),
b64encode("system".encode()).decode(),
b64encode("view".encode()).decode(),
)
assert grant.to_token() == token
def test_grants_dump(users, roles):
user = users[0]
role = roles[0]
grant1 = Grant(user, "manage")
grant2 = Grant(role, "view")
dict_ = {"subject": "sysrole", "id": "system", "level": "view"}
grant3 = Grant.from_dict(dict_)
grants = Grants([grant1, grant2, grant3])
dump = grants.dump()
assert len(dump) == 3
assert grant1.to_dict() in dump
assert grant2.to_dict() in dump
assert grant3.to_dict() in dump
def test_grant_to_need(users, roles):
user = users[0]
role = roles[0]
grant = Grant(user, "view")
need = grant.to_need()
assert need.method == "id"
assert need.value == user.id
grant = Grant(role, "view")
need = grant.to_need()
assert need.method == "role"
assert need.value == role.name
dict_ = {"subject": "sysrole", "id": "system", "level": "view"}
grant = Grant.from_dict(dict_)
need = grant.to_need()
assert need.method == "system_role"
assert need.value == "system"
def test_grant_to_and_from_token():
dict_ = {"subject": "sysrole", "id": "system", "level": "view"}
grant = Grant.from_dict(dict_)
assert Grant.from_token(grant.to_token()) == grant
def test_grant_tokens_dumper_query(app, db, minimal_record, users,
identity_simple, location):
"""Test grant token dumper extension queries."""
id1 = str(users[0].id)
id2 = str(users[1].id)
grant1 = Grant.from_dict({"subject": "user", "id": id1, "level": "view"})
grant2 = Grant.from_dict({"subject": "user", "id": id2, "level": "manage"})
grant3 = Grant.from_dict({
"subject": "user",
"id": id1,
"level": "viewfull"
})
minimal_record["access"]["grants"] = [
grant1.to_dict(),
grant2.to_dict(),
]
# Create the record
service = current_rdm_records.records_service
service.create(identity_simple, minimal_record)
minimal_record["access"]["grants"] = [
grant2.to_dict(),
]
service.create(identity_simple, minimal_record)
RDMDraft.index.refresh()
# Search for it
assert (service.search(
identity_simple,
{
"q": "access.grant_tokens:{}".format(grant1.to_token())
},
status="draft",
).total == 1)
assert (service.search(
identity_simple,
{
"q": "access.grant_tokens:{}".format(grant2.to_token())
},
status="draft",
).total == 2)
assert (service.search(
identity_simple,
{
"q": "access.grant_tokens:{}".format(grant3.to_token())
},
status="draft",
).total == 0)
assert (service.search(
identity_simple,
{
"q": "access.grant_tokens:actually.invalid.token"
},
status="draft",
).total == 0)