def test_ssd_enforcement(self):
"""
Test if SSD is enforced when assigning roles to a user.
"""
with transaction.atomic():
self.assertRaises(ValidationError, functions.AssignUser, self.user, self.role_ssdfour)
self.assertEqual(functions.DeassignUser(self.user, self.role_a), True)
self.assertEqual(functions.AssignUser(self.user, self.role_ssdfour), True)
with transaction.atomic():
self.assertRaises(ValidationError, functions.AssignUser, self.user, self.role_a)
def test_ssd_when_adding_child_roles(self):
"""
Test if adding child roles to a RbacRole which would violate a SSD set
are detected.
"""
with transaction.atomic():
self.assertRaises(ValidationError, functions.AddInheritance, self.role_b, self.role_ssdfour)
self.assertEqual(functions.DeassignUser(self.user, self.role_a), True)
self.assertEqual(functions.AddInheritance(self.role_b, self.role_ssdfour), True)
with transaction.atomic():
self.assertRaises(ValidationError, functions.AddInheritance, self.role_b, self.role_c)
def test_ssd_change_cardinality_simple(self):
"""
Test if changes to the SSD cardinality are handled correctly.
"""
#cardinality of 3 is invalid, as it affects a UserAssignment
ssd_set = RbacSsdSet.objects.get(id=1)
ssd_set.cardinality=3
self.assertRaises(ValidationError, ssd_set.save)
self.assertEqual(functions.DeassignUser(self.user, self.role_a), True)
#the SSD set is valid now
ssd_set.save()
self.assertRaises(ValidationError, functions.AssignUser, self.user, self.role_a)
def test_user_permission_role_deassign(self):
"""
Deassign "Role A" and test permissions.
"""
self.assertTrue(functions.DeassignUser(self.user, self.role_a))
self.assertFalse(self.user.has_perm('tests.opa_testmodel'))
self.assertFalse(self.user.has_perm('tests.opb_testmodel'))
self.assertTrue(self.user.has_perm('tests.opc_testmodel'))
self.assertTrue(self.user.has_perm('tests.opd_testmodel'))
self.assertTrue(self.user.has_perm('tests.opssd1_testmodel'))
self.assertFalse(self.user.has_perm('tests.opssd2_testmodel'))
self.assertTrue(self.user.has_perm('tests.opssd3_testmodel'))
self.assertFalse(self.user.has_perm('tests.opssd4_testmodel'))