def test_employee_create_app(
self,
mock_oauth_info,
mock_http_info,
mock_ldap_info,
):
mock_oauth_info.return_value = []
mock_http_info.return_value = []
mock_ldap_info.return_value = []
res = self.employee.json_post(reverse('siteapi:app_list'),
data={'name': 'testname'})
self.assertEqual(res.status_code, 403)
perm, _ = Perm.objects.get_or_create(subject='system',
scope='app',
action='create')
user_perm = UserPerm.get(self._employee, perm)
user_perm.permit()
res = self.employee.json_post(reverse('siteapi:app_list'),
data={'name': 'testname'})
self.assertEqual(res.status_code, 201)
self.assertEqual(len(list(self._employee.manager_groups)), 1)
manager_group = list(self._employee.manager_groups)[0]
self.assertEqual(manager_group.apps, ['testname'])
self.assertEqual(manager_group.group.users, [self._employee])
def update(self, request, *args, **kwargs): # pylint: disable=unused-argument, too-many-locals
'''
黑白名单局部操作
'''
perm = self.get_object()
clean = self.request.data.get('clean', False)
if clean:
UserPerm.valid_objects.filter(perm=perm).update(status='0')
DeptPerm.valid_objects.filter(perm=perm).update(status='0')
GroupPerm.valid_objects.filter(perm=perm).update(status='0')
user_perm_status = self.request.data.get('user_perm_status', [])
for ups in user_perm_status:
user = User.valid_objects.filter(username=ups['uid']).first()
if user:
owner_perm = UserPerm.get(user, perm)
owner_perm.update_status(ups['status'])
node_perm_status = self.request.data.get('node_perm_status', [])
for nps in node_perm_status:
node, _ = Dept.retrieve_node(nps['uid'])
if node:
node_perm = node.owner_perm_cls.get(node, perm)
node_perm.update_status(nps['status'])
cli = LOG_CLI()
cli.assign_perm_owners(perm)
return Response({
'user_perm_status': user_perm_status,
'node_perm_status': node_perm_status
})
def test_create_category(self):
employee, _ = User.objects.get_or_create(username='******')
Group.objects.create(uid='intra')
self.employee = self.login_as(employee)
res = self.employee.json_post(reverse('siteapi:group_child_group', args=('intra', )), data={'name': 'new'})
self.assertEqual(res.status_code, 403)
perm, _ = Perm.objects.get_or_create(subject='system', scope='category', action='create')
UserPerm.get(employee, perm).permit()
res = self.employee.json_post(reverse('siteapi:group_child_group', args=('intra', )), data={'name': 'new'})
self.assertEqual(res.status_code, 201)
self.assertEqual(len(list(employee.manager_groups)), 1)
manager_group = list(employee.manager_groups)[0]
self.assertEqual(manager_group.nodes, ['g_new'])
self.assertEqual(manager_group.group.users, [employee])
def test_ucenter_app_list(self):
self.client.json_post(reverse('siteapi:app_list'), data=APP_1)
res = self.employee.get(reverse('siteapi:ucenter_app_list'))
self.assertEqual(res.json()['count'], 0)
perm = Perm.objects.get(uid='app_demo_access')
user_perm = UserPerm.get(User.objects.get(username='******'), perm)
user_perm.permit()
res = self.employee.get(reverse('siteapi:ucenter_app_list'))
expect = ['demo']
self.assertEqual(expect, [item['uid'] for item in res.json()['results']])
def update(self, request, *args, **kwargs): # pylint: disable=unused-argument, too-many-locals
'''
黑白名单局部操作
'''
perm = self.get_object()
clean = self.request.data.get('clean', False)
if clean:
UserPerm.valid_objects.filter(perm=perm).update(status='0')
DeptPerm.valid_objects.filter(perm=perm).update(status='0')
GroupPerm.valid_objects.filter(perm=perm).update(status='0')
user_perm_status = self.request.data.get('user_perm_status', [])
node_perm_status = self.request.data.get('node_perm_status', [])
if not isinstance(user_perm_status, list):
raise ValidationError({'user_perm_status': ['must be a list']})
if not isinstance(node_perm_status, list):
raise ValidationError({'node_perm_status': ['must be a list']})
for ups in user_perm_status:
user = User.valid_objects.filter(username=ups['uid']).first()
# TODO: 目前对每个对象都逐一检验 under_manage,开销大; 且对于没有权限的,只是静默跳过,没有提示。需改进。
if not (user and user.under_manage(request.user)):
raise ValidationError(
{'user_perm_status': [f'invalid uid: `{ups["uid"]}`']})
ups['instance'] = user
for nps in node_perm_status:
node, _ = Dept.retrieve_node(nps['uid'])
if not (node and node.under_manage(request.user)):
raise ValidationError(
{'node_perm_status': [f'invalid uid: `{nps["uid"]}`']})
nps['instance'] = node
for ups in user_perm_status:
instance = ups.pop('instance')
owner_perm = UserPerm.get(instance, perm)
owner_perm.update_status(ups['status'])
for nps in node_perm_status:
instance = nps.pop('instance')
owner_perm = instance.owner_perm_cls.get(instance, perm)
owner_perm.update_status(nps['status'])
cli = LOG_CLI()
cli.assign_perm_owners(perm)
return Response({
'user_perm_status': user_perm_status,
'node_perm_status': node_perm_status
})
def test_employee_create_user(self):
employee = User.objects.create(username='******')
self.employee = self.login_as(employee)
res = self.employee.json_post(reverse('siteapi:user_list'),
data={
'group_uids': ['root'],
'dept_uids': ['root'],
'user': USER_DATA,
})
self.assertEqual(res.status_code, 403)
perm, _ = Perm.objects.get_or_create(subject='system', scope='user', action='create')
user_perm = UserPerm.get(employee, perm)
user_perm.permit()
res = self.employee.json_post(reverse('siteapi:user_list'),
data={
'group_uids': ['root'],
'dept_uids': ['root'],
'user': USER_DATA,
})
self.assertEqual(res.status_code, 201)