def form_input_permission_setup(
db: Session,
*,
permission_type: PermissionTypeEnum,
permission_enabled: bool = True
) -> Dict[str, Union[models.Interface, models.Permission, models.UserGroup,
models.User]]:
form_input = crud.form_input.get_by_template_table_name(
db, table_name="form_input_test_table")
user = create_random_user(db)
user_group = create_random_user_group(db)
permission = crud.form_input.get_permission(
db, id=form_input.id, permission_type=permission_type)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
if not permission_enabled:
crud.permission.revoke(db,
user_group_id=user_group.id,
permission_id=permission.id)
return {
"form_input": form_input,
"permission": permission,
"user_group": user_group,
"user": user,
}
def test_create_user_normal_user(client: TestClient, db: Session) -> None:
username = random_email()
password = random_lower_string()
user_group = create_random_user_group(db)
data = {"email": username, "password": password, "user_group_id": user_group.id}
user = create_random_user(db)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
create_permission = crud.user_group.get_permission(
db, id=user_group.id, permission_type=PermissionTypeEnum.create
)
crud.permission.grant(
db, user_group_id=user_group.id, permission_id=create_permission.id
)
user_token_headers = authentication_token_from_email(
client=client, email=user.email, db=db
)
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=user_token_headers,
json=data,
)
created_user = r.json()
user = crud.user.get_by_email(db, email=username)
assert 200 <= r.status_code < 300
assert user
assert user.email == created_user["email"]
assert user_group in user.user_groups
def query_permission_setup(
db: Session,
*,
permission_type: PermissionTypeEnum,
permission_enabled: bool = True
) -> Dict[str, Union[models.QueryInterface, models.Permission,
models.UserGroup, models.User]]:
query = create_random_query_interface(db)
user = create_random_user(db)
user_group = create_random_user_group(db)
permission = crud.query.get_permission(db,
id=query.id,
permission_type=permission_type)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
if not permission_enabled:
crud.permission.revoke(db,
user_group_id=user_group.id,
permission_id=permission.id)
return {
"query": query,
"permission": permission,
"user_group": user_group,
"user": user,
}
def node_all_permissions_setup(
db: Session,
) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup,
models.User]]:
"""
Setup: Create the node, get all node permissions, create the user,
create the user group, add the user to the user group, grant all
the permissions to the user group
Returns a dictionary of the format: {
"node": Node,
"permissions": List[Permission],
"user_group": UserGroup,
"user": User,
}
"""
node = create_random_node(db,
created_by_id=1,
node_type="node_all_permissions_setup")
permissions = crud.node.get_permissions(db, id=node.id)
user = create_random_user(db)
user_group = create_random_user_group(db, created_by_id=1, node_id=node.id)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
crud.permission.grant_multiple(db,
user_group_id=user_group.id,
permission_ids=[p.id for p in permissions])
return {
"node": node,
"permissions": permissions,
"user_group": user_group,
"user": user,
}
def test_create_user_fail_user_group_not_exists(
client: TestClient, db: Session
) -> None:
username = random_email()
password = random_lower_string()
data = {"email": username, "password": password, "user_group_id": -1}
user = create_random_user(db)
user_group = create_random_user_group(db)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
create_permission = crud.user_group.get_permission(
db, id=user_group.id, permission_type=PermissionTypeEnum.create
)
crud.permission.grant(
db, user_group_id=user_group.id, permission_id=create_permission.id
)
user_token_headers = authentication_token_from_email(
client=client, email=user.email, db=db
)
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=user_token_headers,
json=data,
)
content = r.json()
user = crud.user.get_by_email(db, email=username)
assert r.status_code == 404
assert user is None
assert content["detail"] == "Can not find user group."
def node_children_setup(
db: Session,
) -> Dict[str, Union[models.Node, models.Interface, models.UserGroup]]:
"""
Setup: Create a parent_node, create a user group with the parent
node as the parent, create a child node with the parent node as the
parent, create an interface, associate the interface with the parent
node.
Returns a dictionary of the format: {
"parent_node": Node,
"child_node": Node,
"user_group": UserGroup,
"interface": Interface
}
"""
parent_node = create_random_node(db)
user_group = create_random_user_group(db, node_id=parent_node.id)
child_node = create_random_node(db, parent_id=parent_node.id)
interface = create_random_form_input_interface(db)
crud.node.add_interface(db, node=parent_node, interface=interface)
return {
"parent_node": parent_node,
"child_node": child_node,
"user_group": user_group,
"interface": interface,
}
def test_create_user_fail_normal_user_no_permission(
client: TestClient, db: Session
) -> None:
username = random_email()
password = random_lower_string()
user_group = create_random_user_group(db)
data = {"email": username, "password": password, "user_group_id": user_group.id}
user = create_random_user(db)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
user_token_headers = authentication_token_from_email(
client=client, email=user.email, db=db
)
r = client.post(
f"{settings.API_V1_STR}/users/",
headers=user_token_headers,
json=data,
)
content = r.json()
returned_user = crud.user.get_by_email(db, email=username)
assert r.status_code == 403
assert returned_user is None
assert content["detail"] == (
f"User ID {user.id} does not have create permissions for "
f"user_group ID {user_group.id}"
)
def test_get_multi_not_in_group(db: Session):
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(db, obj_in=user_in)
user_group = create_random_user_group(db)
users_not_in_group = crud.user.get_multi_not_in_group(
db, user_group_id=user_group.id, sort_by="id", sort_desc=True)
assert user in users_not_in_group.records
def test_get_user_groups_for_user(db: Session) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(db, obj_in=user_in)
user_group1 = create_random_user_group(db, created_by_id=user.id)
user_group2 = create_random_user_group(db, created_by_id=user.id)
user_group3 = create_random_user_group(db, created_by_id=user.id)
crud.user_group.add_user(db, user_group=user_group1, user_id=user.id)
crud.user_group.add_user(db, user_group=user_group2, user_id=user.id)
user_user_groups = crud.user.get_user_groups(db, user=user)
for user_group in user_user_groups:
assert user_group.id in [user_group1.id, user_group2.id]
assert user_group.id != user_group3.id
def test_get_multi_in_group(db: Session):
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(db, obj_in=user_in)
user_group = create_random_user_group(db)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
users_in_group = crud.user.get_multi_in_group(db,
user_group_id=user_group.id)
assert user in users_in_group.records
def test_all_node_descendants(db: Session, normal_user: User) -> None:
node = create_random_node(db, created_by_id=normal_user.id, node_type="parent")
child_node = create_random_node(
db, created_by_id=normal_user.id, node_type="child", parent_id=node.id
)
user_group1 = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
user_group2 = create_random_user_group(
db, created_by_id=normal_user.id, node_id=child_node.id
)
not_child_node = create_random_node(
db, created_by_id=normal_user.id, node_type="not_child"
)
child_node_permissions = crud.node.get_permissions(db, id=child_node.id)
user_group1_permissions = crud.user_group.get_permissions(db, id=user_group1.id)
user_group2_permissions = crud.user_group.get_permissions(db, id=user_group2.id)
not_child_node_permissions = crud.node.get_permissions(db, id=not_child_node.id)
all_permissions = [
*child_node_permissions,
*user_group1_permissions,
*user_group2_permissions,
]
some_permissions = [*child_node_permissions, *not_child_node_permissions]
no_permissions = [*not_child_node_permissions]
pass1 = crud.permission.all_node_descendants(
db, node_id=node.id, permissions=all_permissions
)
fail1 = crud.permission.all_node_descendants(
db, node_id=node.id, permissions=some_permissions
)
fail2 = crud.permission.all_node_descendants(
db, node_id=node.id, permissions=no_permissions
)
assert pass1
assert not fail1
assert not fail2
def test_grant_multiple_permissions(db: Session, normal_user: User) -> None:
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_grant_multiple_permissions"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permissions = crud.node.get_permissions(db, id=node.id)
permission_ids = [p.id for p in permissions]
user_group_permission_rels = crud.permission.grant_multiple(
db, user_group_id=user_group.id, permission_ids=permission_ids
)
assert len(permission_ids) == len(user_group_permission_rels)
for ugpr in user_group_permission_rels:
assert ugpr.user_group_id == user_group.id
assert ugpr.enabled
def test_grant_single_permission(db: Session, normal_user: User) -> None:
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_grant_single_permission"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permission = crud.node.get_permission(
db, id=node.id, permission_type=PermissionTypeEnum.read
)
user_group_permission_rel = crud.permission.grant(
db, user_group_id=user_group.id, permission_id=permission.id
)
assert user_group_permission_rel.user_group_id == user_group.id
assert user_group_permission_rel.permission_id == permission.id
assert user_group_permission_rel.enabled
def test_get_node_children(db: Session, superuser: User) -> None:
node = create_random_node(db)
user_group = create_random_user_group(db, node_id=node.id)
child_node = create_random_node(db, parent_id=node.id)
interface = create_random_form_input_interface(db)
crud.node.add_interface(db, node=node, interface=interface)
result = crud.node.get_node_children(db, id=node.id)
for node_child in result:
assert node_child.node_id == node.id
if node_child.child_type == "interface":
assert node_child.child_id == interface.id
if node_child.child_type == "node":
assert node_child.child_id == child_node.id
if node_child.child_type == "user_group":
assert node_child.child_id == user_group.id
def test_verify_user_node_permission(db: Session, normal_user: User) -> None:
email = random_email()
password = random_lower_string()
user_in = UserCreate(email=email, password=password)
user = crud.user.create(db, obj_in=user_in)
node = create_random_node(db,
created_by_id=normal_user.id,
node_type="verify_user_node_permission")
user_group = create_random_user_group(db, created_by_id=normal_user.id)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
permission = create_random_permission(db, node_id=node.id)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
has_permission = crud.user.has_permission(
db,
user=user,
resource_type="node",
resource_id=node.id,
permission_type=permission.permission_type,
)
# Need to add an explicit 'False' permission for the User to the resource
# to ensure that will return False in addition to the missing permissions
permissions_not_granted = [
i for i in list(PermissionTypeEnum) if i != permission.permission_type
]
permission_type = random.choice(permissions_not_granted)
permission_in = PermissionCreate(
resource_id=node.id,
resource_type=ResourceTypeEnum.node,
permission_type=permission_type,
enabled=False,
)
crud.node_permission.create(db=db, obj_in=permission_in)
assert has_permission == True # noqa E712
for png in permissions_not_granted:
has_permission = crud.user.has_permission(
db,
user=user,
resource_type="node",
resource_id=node.id,
permission_type=png,
)
assert has_permission == False # noqa: E712
def test_revoke_multiple_permissions_missing(db: Session, normal_user: User) -> None:
"""
Raises a MissingRecordsError if one or more permissions are a not
associated with the user group, making them ineligible to be revoked
"""
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_revoke_multiple_permissions"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permissions = crud.node.get_permissions(db, id=node.id)
permission_ids = [p.id for p in permissions]
with pytest.raises(MissingRecordsError):
crud.permission.revoke_multiple(
db, user_group_id=user_group.id, permission_ids=permission_ids
)
def multi_node_permission_setup(
db: Session, *, n: int, node_type: str,
permission_type: PermissionTypeEnum, permission_enabled: bool
) -> Dict[str, Union[List[models.Node], List[models.Permission],
models.UserGroup, models.User], ]:
"""
Setup: Create 'n' nodes, get create permissions, create user, create
user group, add user to user group, give user group specified
permission on all nodes
Returns a dictionary of the format: {
"nodes": [Node],
"permissions": [Permission],
"user_group": UserGroup,
"user": User,
}
"""
nodes = [
create_random_node(db, created_by_id=1, node_type=node_type)
for i in range(n)
]
user = create_random_user(db)
user_group = create_random_user_group(db,
created_by_id=1,
node_id=nodes[0].id)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
permissions = []
for node in nodes:
permission = crud.node.get_permission(db,
id=node.id,
permission_type=permission_type)
permissions.append(permission)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
if not permission_enabled:
crud.permission.revoke(db,
user_group_id=user_group.id,
permission_id=permission.id)
return {
"nodes": nodes,
"permissions": permissions,
"user_group": user_group,
"user": user,
}
def multi_user_group_permission_setup(
db: Session, *, n: int, permission_type: PermissionTypeEnum,
permission_enabled: bool
) -> Dict[str, Union[models.Node, List[models.Permission],
List[models.UserGroup], models.User], ]:
"""
Setup: Create a parent node, create a user, create 'n' user groups,
add user to all groups, give each user group the specified
permission.
Returns a dictionary of the format: {
"node": Node,
"permissions": [Permission],
"user_groups": [UserGroup],
"user": User,
}
"""
node = create_random_node(db,
created_by_id=1,
node_type="multi_user_group_permission_setup")
user = create_random_user(db)
user_groups = [
create_random_user_group(db, created_by_id=1, node_id=node.id)
for i in range(n)
]
permissions = []
for user_group in user_groups:
permission = crud.user_group.get_permission(
db, id=user_group.id, permission_type=permission_type)
permissions.append(permission)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
if not permission_enabled:
crud.permission.revoke(db,
user_group_id=user_group.id,
permission_id=permission.id)
return {
"node": node,
"permissions": permissions,
"user_groups": user_groups,
"user": user,
}
def test_revoke_single_permission_missing(db: Session, normal_user: User) -> None:
"""
Raises a NoResultFound error if the user_group/permission
relationship doesn't exist
"""
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_revoke_single_permission"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permission = crud.node.get_permission(
db, id=node.id, permission_type=PermissionTypeEnum.read
)
with pytest.raises(NoResultFound):
crud.permission.revoke(
db, user_group_id=user_group.id, permission_id=permission.id
)
def test_grant_single_permission_existing(db: Session, normal_user: User) -> None:
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_grant_single_permission"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permission = crud.node.get_permission(
db, id=node.id, permission_type=PermissionTypeEnum.read
)
# Grant then revoke the permission before trying to grant it again
crud.permission.grant(db, user_group_id=user_group.id, permission_id=permission.id)
crud.permission.revoke(db, user_group_id=user_group.id, permission_id=permission.id)
user_group_permission_rel = crud.permission.grant(
db, user_group_id=user_group.id, permission_id=permission.id
)
assert user_group_permission_rel.user_group_id == user_group.id
assert user_group_permission_rel.permission_id == permission.id
assert user_group_permission_rel.enabled
def user_group_permission_setup(
db: Session, *, permission_type: PermissionTypeEnum,
permission_enabled: bool
) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup,
models.User]]:
"""
Setup: Create a node, create a user, create a user group, get the
specified permission, add the user to the user group, grant the
user group the specified permission (to itself)
Returns a dictionary of the format: {
"node": Node,
"permission": Permission,
"user_group": UserGroup,
"user": User,
}
"""
node = create_random_node(db,
created_by_id=1,
node_type="user_group_permission_setup")
user = create_random_user(db)
user_group = create_random_user_group(db, created_by_id=1, node_id=node.id)
permission = crud.user_group.get_permission(
db, id=user_group.id, permission_type=permission_type)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
if not permission_enabled:
crud.permission.revoke(db,
user_group_id=user_group.id,
permission_id=permission.id)
return {
"node": node,
"permission": permission,
"user_group": user_group,
"user": user,
}
def node_permission_setup(
db: Session, *, node_type: str, permission_type: PermissionTypeEnum,
permission_enabled: bool
) -> Dict[str, Union[models.Node, models.Permission, models.UserGroup,
models.User]]:
"""
Setup: Create the node, get create permission, create user, create
user group, add user to user group, give user group specified
permission on the node
Returns a dictionary of the format: {
"node": Node,
"permission": Permission,
"user_group": UserGroup,
"user": User,
}
"""
node = create_random_node(db, created_by_id=1, node_type=node_type)
permission = crud.node.get_permission(db,
id=node.id,
permission_type=permission_type)
user = create_random_user(db)
user_group = create_random_user_group(db, created_by_id=1, node_id=node.id)
crud.user_group.add_user(db, user_group=user_group, user_id=user.id)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=permission.id)
if not permission_enabled:
crud.permission.revoke(db,
user_group_id=user_group.id,
permission_id=permission.id)
return {
"node": node,
"permission": permission,
"user_group": user_group,
"user": user,
}
def test_grant_multiple_permissions_existing(db: Session, normal_user: User) -> None:
node = create_random_node(
db, created_by_id=normal_user.id, node_type="test_grant_multiple_permissions"
)
user_group = create_random_user_group(
db, created_by_id=normal_user.id, node_id=node.id
)
permissions = crud.node.get_permissions(db, id=node.id)
permission_ids = [p.id for p in permissions]
# Grant then revoke the permissions before trying to grant them again
crud.permission.grant_multiple(
db, user_group_id=user_group.id, permission_ids=permission_ids
)
crud.permission.revoke_multiple(
db, user_group_id=user_group.id, permission_ids=permission_ids[:2]
)
user_group_permission_rels = crud.permission.grant_multiple(
db, user_group_id=user_group.id, permission_ids=permission_ids
)
assert len(permission_ids) == len(user_group_permission_rels)
for ugpr in user_group_permission_rels:
assert ugpr.user_group_id == user_group.id
assert ugpr.enabled
def test_get_multi_user_groups_with_permission(db: Session,
superuser: User) -> None:
# Create parent node
parent_node = create_random_node(
db,
created_by_id=superuser.id,
node_type="test_get_multi_user_groups_with_permission",
)
# Create User Group attached to parent node
user_group = create_random_user_group(db,
created_by_id=superuser.id,
node_id=parent_node.id)
# Create a normal user and add that user to the user group
normal_user = create_random_user(db)
crud.user_group.add_user(db, user_group=user_group, user_id=normal_user.id)
# Create a bunch of child nodes (it doesn't matter whether or not they're attached
# to the parent node)
new_user_groups = [
create_random_user_group(db,
created_by_id=superuser.id,
node_id=parent_node.id) for i in range(10)
]
# For each node, instantiate permissions, get the read permission, then add it to
# the user group, enabled
for ug in new_user_groups:
read_permission = crud.user_group.get_permission(
db, id=ug.id, permission_type=PermissionTypeEnum.read)
crud.permission.grant(db,
user_group_id=user_group.id,
permission_id=read_permission.id)
user_group_names = [ug.name for ug in new_user_groups]
# Create a new node, instantiate permissions, add it to the user group, disabled
blocked_user_group = create_random_user_group(db,
created_by_id=superuser.id,
node_id=parent_node.id)
blocked_user_group_read_permission = crud.user_group.get_permission(
db, id=blocked_user_group.id, permission_type=PermissionTypeEnum.read)
crud.permission.grant(
db,
user_group_id=user_group.id,
permission_id=blocked_user_group_read_permission.id,
)
crud.permission.revoke(
db,
user_group_id=user_group.id,
permission_id=blocked_user_group_read_permission.id,
)
# Get the nodes back with permission requirements and ensure that you get back
# all the nodes we just put in with permissions and that you don't get the
# blocked node
stored_user_groups = crud.user_group.get_multi_with_permissions(
db=db, user=normal_user)
stored_user_group_names = [sn.name for sn in stored_user_groups.records]
for n in user_group_names:
assert n in stored_user_group_names
assert blocked_user_group.name not in stored_user_group_names
