def test_comparison_method(self, create_club, role_model_instances): district1, school1, club1 = role_model_instances() role1 = Role.create(district1) role1.permissions.add('modify-district', 'create-school') role2 = Role.create(district1, school1) role2.permissions.add('modify-school', 'create-club') role3 = Role.create(district1, school1, club1) role3.permissions.add('modify-club') # Test when exactly equal assert role1._comparison(role1) == 0 # Test when role is higher level than other assert role1._comparison(role2) == 1 assert role1._comparison(role3) == 1 assert role2._comparison(role3) == 1 # Test when role is less than other assert role3._comparison(role2) == -1 assert role3._comparison(role1) == -1 assert role2._comparison(role1) == -1 temp_role = Role.create(district1) temp_role.permissions.add('modify-district') # Test when same level as other role but more perms assert role1._comparison(temp_role) == 0 # Test when same level as other role but fewer perms assert temp_role._comparison(role1) == 0
def test_comparison_operators(self, create_club, role_model_instances): district1, school1, club1 = role_model_instances() role1 = Role.create(district1) role1.permissions.add('modify-district', 'create-school') role2 = Role.create(district1, school1) role2.permissions.add('modify-school', 'create-club') role3 = Role.create(district1, school1, club1) role3.permissions.add('modify-club') # Test when exactly equal assert role1 == role1 # Test when role is higher level than other assert role1 > role2 assert role1 > role3 assert role2 > role3 # Test when role is less than other assert role3 < role2 assert role3 < role1 assert role2 < role1 # Test <= and >= assert role1 >= role2 assert role1 >= role1 assert role2 <= role1 assert role2 <= role2
def test_allowed_higher_level(self, role_model_instances): d1, s1, c1 = role_model_instances() role = Role.create(d1) input_str = f'District-{d1.id}/School-{s1.id}/perms=[create-club, modify-school]' assert Role.from_str(input_str).is_allowed(role=role) == True
def test_not_allowed(self, create_club, role_model_instances): d1, s1, c1 = role_model_instances() d2, s2, c2 = role_model_instances() role = Role.create(d1, s1, c1) role.permissions.add('modify-club') input_str = f'District-{d2.id}/School-{s2.id}/Club-{c2.id}/perms=[add-admin]' assert role.is_allowed(role=Role.from_str(input_str)) == False
def test_role_from_str_given_perms(self, role_model_instances): d1, s1, c1 = role_model_instances() # The possible perms for School Admins are 'create-club', 'modify-school', 'hide-school' role_expected = Role.create(d1, s1) role_expected.permissions.add('modify-school', 'hide-school') given_str = f'District-{d1.id}/School-{s1.id}' role_test = Role.from_str( given_str, perms=['modify-school', 'hide-school']) assert str(role_expected) == str(role_test)
def test_from_start_model(self, role_model_instances): d1, s1, c1 = role_model_instances() district_admin_role = Role.from_start_model(d1) assert str(district_admin_role) == f'District-{d1.id}/perms=[]' school_admin_role = Role.from_start_model(s1) assert str( school_admin_role) == f'District-{d1.id}/School-{s1.id}/perms=[]' club_admin_role = Role.from_start_model(c1) assert str( club_admin_role) == f'District-{d1.id}/School-{s1.id}/Club-{c1.id}/perms=[]'
def test_higher_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 5 -- Higher level access same school district_admin = create_test_prof(num=1) valid_role = Role.create(district1) valid_role.give_role(district_admin) assert min_role.is_allowed(user=district_admin) is True
def test_is_allowed_perms_1_layer_multi_param_str(self, role_model_instances): d1, s1, c1 = role_model_instances() role = Role.create(d1) role.permissions.add('modify-district', 'create-school') input_str = f'District-{d1.id}/perms=[modify-district]' assert role.is_allowed(role=Role.from_str(input_str)) is False input_str = f'District-{d1.id}/perms=[create-school, modify-district]' assert role.is_allowed(role=Role.from_str(input_str)) is True input_str = f'District-{d1.id}/perms=[]' assert role.is_allowed(role=Role.from_str(input_str)) is False
def test_same_access_level_diff_perms(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 3 -- Same level access but does not have right permission school_admin = create_test_prof(num=1) invalid_role = Role.create(district1, school1) invalid_role.permissions.add('hide-school') assert min_role.is_allowed(user=school_admin) is False
def test_give_profile_role(self, create_club, create_test_prof, role_model_instances): prof = create_test_prof(1) district1, school1, club1 = role_model_instances() role = Role.create(district1, school1, club1) role.permissions.add('modify-club') role.give_role(prof) role_model = RoleModel.get_role(role) assert role_model in list(prof.roles.all()) role2 = Role.create(district1, school1, club1) role_model2 = RoleModel.from_role(role2) assert role_model2 not in list(prof.roles.all())
def test_low_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_hier, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 1 -- Lower access user tries to access higher permission level resource club_editor = create_test_prof(num=1) invalid_role = Role.create(district1, school1, club1) invalid_role.permissions.add('modify-club') invalid_role.give_role(club_editor) assert min_role.is_allowed(user=club_editor) is False
def test_role_from_str(self, role_model_instances): d1, s1, c1 = role_model_instances() # The possible perms for School Admins are 'create-club', 'modify-school', 'hide-school' role_expected = Role.create(d1, s1) role_expected.permissions.add('modify-school', 'hide-school') perm_str = f'District-{d1.id}/School-{s1.id}/perms=[modify-school, hide-school]' role_test = Role.from_str(perm_str) assert str(role_expected) == str(role_test) perm_str = f'District-{d1.id}/School-{s1.id}/perms=[]' role_test = Role.from_str(perm_str) assert role_test.permissions.permissions == set()
def test_same_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 2 -- Same level access with correct permission tries to access resource school_admin = create_test_prof(num=1) valid_role = Role.create(district1, school1) valid_role.permissions.add('modify-school', 'hide-school') valid_role.give_role(school_admin) assert min_role.is_allowed(user=school_admin) is True
def test_is_allowed_perms_3_layer_str(self, create_club, role_model_instances): d1, s1, c1 = role_model_instances() role = Role.create(d1) role.permissions.add('modify-district', 'create-school') # Check that School-2 is a part of District-1, and Club-52 is a part of School-2 input_str = f'District-{d1.id}/School-{s1.id}/Club-{c1.id}/perms=[modify-club]' assert Role.from_str(input_str).is_allowed(role=role) == True d2, s2, c2 = role_model_instances() # Check that School-5 is not a part of District-1 and Club-1 not part of School-5, raises exception input_str = f'District-{d1.id}/School-{s2.id}/Club-{c2.id}/perms=[update-club]' with pytest.raises(InvalidRoleCreated): assert role.is_allowed(role=Role.from_str(input_str))
def test_create(self, db, role_model_instances): d1, s1, c1 = role_model_instances() r1 = Role.from_start_model(c1) r1_model = RoleModel.from_role(r1) invited = InvitedUser.create("*****@*****.**", roles=[r1]) assert invited.email == "*****@*****.**" assert list(invited.roles.all()) == [r1_model]
def test_same_access_level_diff_inst(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 4 -- Same level access but on a different school instance school_admin = create_test_prof(num=1) district2, school2, club2 = role_model_instances() invalid_role = Role.create(district2, school2) invalid_role.permissions.add('modify-school') invalid_role.give_role(school_admin) assert min_role.is_allowed(user=school_admin) is False
def test_get_admins(self, role_model_instances, create_test_prof): d1, s1, c1 = role_model_instances() profiles = [create_test_prof(i) for i in range(2)] role = Role.from_start_model(s1) role.permissions.add('modify-school') for prof in profiles: role.give_role(prof) role2 = Role.from_start_model(s1) role2.permissions.add('hide-club') other_prof = create_test_prof(3) role2.give_role(other_prof) assert list(role.get_admins()) == profiles assert role.get_admins(perms=['create-club']) == None assert set(role.get_admins(perms=['__any__'])) == set( [other_prof, *profiles])
def test_get_editors(db, role_model_instances, create_test_prof, perm_const_override): d1, s1, c1 = role_model_instances() profiles = [create_test_prof(i) for i in range(3)] role = Role.from_start_model(c1) role.permissions.add('hide-club') for prof in profiles: role.give_role(prof) # Tests what happens if there are multiple RoleModel instances with the same role_name role2 = Role.from_start_model(c1) role2.permissions.add('add-admin') profiles.append(create_test_prof(4)) role2.give_role(profiles[-1]) for prof in profiles: assert prof in list(c1.editors)
def test_no_permissions_given(self, role_model_instances, create_test_prof): prof = create_test_prof(num=1) district1, school1, club1 = role_model_instances() role = Role.create(district1, school1, club1) assert role.is_allowed(user=prof) is False role.give_role(prof) assert role.is_allowed(user=prof) is True
def test_user_create_from_invited(self, role_model_instances): d1, s1, c1 = role_model_instances() d2, s2, c2 = role_model_instances() r1 = Role.from_start_model(c1) r2 = Role.from_start_model(c2) r1_model = RoleModel.from_role(r1) r2_model = RoleModel.from_role(r2) invited = InvitedUser.create(email="*****@*****.**", roles=[r1, r2]) invited_roles = list(invited.roles.all()) user = Profile.create_profile(email="*****@*****.**", password="******", first="a", last="b") assert invited_roles == list(user.roles.all()) # Make sure the invited user model is deleted assert not InvitedUser.objects.filter(email="*****@*****.**").exists()
def create(prof_id, role_objs, is_auth=True, perms=['__all__']): prof = create_test_prof(num=prof_id) role = Role.create(*role_objs) role.permissions.add(*perms) role.give_role(prof) client = APIClient() if is_auth: client.force_authenticate(user=prof) return prof, role, client
def test_is_allowed_user(self, role_model_instances, create_test_prof): prof = create_test_prof(num=1) district1, school1, club1 = role_model_instances() role = Role.create(district1, school1, club1) role.permissions.add('modify-club') assert role.is_allowed(user=prof) is False role.give_role(prof) assert role.is_allowed(user=prof) is True
def test_highest_level_str(self, perm_const_override, create_test_prof, role_model_instances): prof = create_test_prof(1) district1, school1, club1 = role_model_instances() role = Role.from_start_model(school1) role.permissions.add('create-club') role.give_role(prof) hier_perm = RoleModel.get_role(role) assert hier_perm.highest_level_str == f'School-{school1.id}/perms=[create-club]'
def test_move_up_levels(self, role_model_instances, create_test_prof): district1, school1, club1 = role_model_instances() role = Role.create(district1, school1, club1) new_role = role.go_up_levels(times=1, perms=['modify-school']) assert Role.create(district1, school1) == new_role assert new_role.permissions.permissions == {'modify-school'} role = Role.create(district1, school1, club1) new_role = role.go_up_levels( times=2, perms=['create-school', 'modify-district']) assert Role.create(district1) == new_role assert new_role.permissions.permissions == { 'create-school', 'modify-district'} # Goes outside of possible roles with pytest.raises(AssertionError): role = Role.create(district1, school1, club1) assert role.go_up_levels(times=3) # Permissions not valid for new role with pytest.raises(AssertionError): role = Role.create(district1, school1, club1) assert role.go_up_levels( times=2, perms=['perms not in permissions'])
def test_str_matches(self, role_model_instances, perm_const_override): district1, school1, club1 = role_model_instances() test_hier = PermConst.Hierarchy(District, School, Club, name="test_hier", poss_perms=[ 'some_str', 'other_str']) role = Role.create(district1, school1, club1) role.hierarchy = test_hier role.permissions.hierarchy = test_hier perms = role.hierarchy.poss_perms role.permissions.add('some_str', 'other_str') expected = 'District-1/School-1/Club-1/perms=[some_str, other_str]'
def test_get_admin_invited_users(self, role_model_instances): d1, s1, c1 = role_model_instances() role = Role.from_start_model(s1) role.permissions.add('modify-school') inv1 = InvitedUser.create(email="*****@*****.**", roles=[role]) inv2 = InvitedUser.create(email="*****@*****.**", roles=[role]) inv3 = InvitedUser.create(email="*****@*****.**", roles=[role]) invited = [inv1, inv2, inv3] assert list(role.get_admins(invited=True)) == invited
def test_profile_serialize_permissions(self, db, role_model_instances, perm_const_override, create_test_prof): d1, s1, c1 = role_model_instances() prof = create_test_prof(1) role = Role.from_start_model(c1) role.permissions.add('modify-club', 'add-admin') role.give_role(prof) role = Role.from_start_model(s1) role.permissions.allow_all_perms() role.give_role(prof) expected = { 'id': prof.id, 'email': prof.email, 'first_name': prof.first_name, 'last_name': prof.last_name, 'school': None, 'district': None, 'is_anon': prof.is_anon, 'permissions': [ f'Club-{c1.id}/perms=[add-admin, modify-club]', f'School-{s1.id}/perms=[__all__]', ], 'joined_clubs': [], } assert ProfileSerializer(prof).data == expected
def test_reset_perms(self, role_model_instances, create_test_prof): district1, school1, club1 = role_model_instances() role = Role.create(district1, school1, club1) role.permissions.add('modify-club') assert role.permissions.permissions == {'modify-club'} role.reset_perms() assert role.permissions.permissions == set() assert role.hierarchy == role.permissions.hierarchy role.reset_perms(['modify-club', 'add-admin']) assert role.permissions.permissions == {'modify-club', 'add-admin'} with pytest.raises(AssertionError): assert role.reset_perms(['modify-club', 'blah-blah'])
def test_give_role_same_obj_twice(self, create_test_prof, role_model_instances): # Check that a new RoleModel is not created each time a prof is given a role. It should just be appended # Added to test found bug prof = create_test_prof(1) district1, school1, club1 = role_model_instances() role = Role.create(district1, school1, club1) role.permissions.add('modify-club') role.give_role(prof) role.permissions.add('hide-club') role.give_role(prof) prof.refresh_from_db() assert prof.roles.filter(role_name=role.role_str).count() == 1
def test_valid_data(self, perm_const_override, create_test_prof, role_model_instances): d1, s1, c1 = role_model_instances() role = Role.from_start_model(c1) role.permissions.add('hide-club') prof = create_test_prof(1) role.give_role(prof) serializer = EditorSerializer(prof, context={'role': role}) expected_data = { 'profile': { 'id': prof.id, 'email': prof.email, 'first_name': prof.first_name, 'last_name': prof.last_name, }, 'perms': ['hide-club'] } assert serializer.data == expected_data