def test_user_permissions_update_remove(self):
"""
Test the result of org_admin_views.user_permissions_update
Test the result of org_admin_views.user_permissions_remove
"""
# Test #1 - test updating a user a's permission to the org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
self.org.id,
self.user_a.id,
)
request = self.factory.post(url,
data={
"entity": "net.%d" % self.net.id,
"perms": 0x03
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(json.loads(resp.content).get("status"), "ok")
# test that the perms we just updated saved correctly
uperms, perms = org_admin.load_user_permissions(self.org, self.user_a)
self.assertEqual(perms, {"net.%d" % self.net.id: 0x03})
# Test #2 - should not be allowed to update user b's perms as he is not a member of
# the org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
self.org.id,
self.user_b.id,
)
request = self.factory.post(url,
data={
"entity": "net.%d" % self.net.id,
"perms": 0x03
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #3 - should not be allowed to update user b's perms because we are not
# the admin of his org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
self.org_other.id,
self.user_b.id,
)
request = self.factory.post(url,
data={
"entity": "net.%d" % self.net.id,
"perms": 0x03
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #4 - remove the permissions we just added
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
self.org.id,
self.user_a.id,
)
request = self.factory.post(url,
data={"entity": "net.%d" % self.net.id})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(json.loads(resp.content).get("status"), "ok")
# test that the perms we just removed saved correctly
uperms, perms = org_admin.load_user_permissions(self.org, self.user_a)
self.assertEqual(perms, {})
# Test #5 - should not be allowed remove user b's permissions as he
# is not a member of the org
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
self.org.id,
self.user_b.id,
)
request = self.factory.post(url,
data={"entity": "net.%d" % self.net.id})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #6 - should not be allowed to remove user b's permissions as we
# are not the admin of his org
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
self.org_other.id,
self.user_b.id,
)
request = self.factory.post(url,
data={"entity": "net.%d" % self.net.id})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
def test_user_permissions_update_remove(self):
"""
Test the result of org_admin_views.user_permissions_update
Test the result of org_admin_views.user_permissions_remove
"""
# Test #1 - test updating a user a's permission to the org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
self.org.id, self.user_a.id)
request = self.factory.post(url, data={
"entity": "net.%d" % self.net.id,
"perms": 0x03
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(json.loads(resp.content).get("status"), "ok")
# test that the perms we just updated saved correctly
uperms, perms = org_admin.load_user_permissions(self.org, self.user_a)
self.assertEqual(perms, {"net.%d" % self.net.id: 0x03})
# Test #2 - should not be allowed to update user b's perms as he is not a member of
# the org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
self.org.id, self.user_b.id)
request = self.factory.post(url, data={
"entity": "net.%d" % self.net.id,
"perms": 0x03
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #3 - should not be allowed to update user b's perms because we are not
# the admin of his org
url = "/org-admin/user_permissions/update?org_id=%d&user_id=%d" % (
self.org_other.id, self.user_b.id)
request = self.factory.post(url, data={
"entity": "net.%d" % self.net.id,
"perms": 0x03
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_update(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #4 - remove the permissions we just added
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
self.org.id, self.user_a.id)
request = self.factory.post(url, data={
"entity": "net.%d" % self.net.id
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(json.loads(resp.content).get("status"), "ok")
# test that the perms we just removed saved correctly
uperms, perms = org_admin.load_user_permissions(self.org, self.user_a)
self.assertEqual(perms, {})
# Test #5 - should not be allowed remove user b's permissions as he
# is not a member of the org
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
self.org.id, self.user_b.id)
request = self.factory.post(url, data={
"entity": "net.%d" % self.net.id
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})
# Test #6 - should not be allowed to remove user b's permissions as we
# are not the admin of his org
url = "/org-admin/user_permissions/remove?org_id=%d&user_id=%d" % (
self.org_other.id, self.user_b.id)
request = self.factory.post(url, data={
"entity": "net.%d" % self.net.id
})
request._dont_enforce_csrf_checks = True
request.user = self.org_admin
resp = org_admin.user_permission_remove(request)
self.assertEqual(resp.status_code, 403)
self.assertEqual(json.loads(resp.content), {})