def test_from_start_model(self, role_model_instances): d1, s1, c1 = role_model_instances() district_admin_role = Role.from_start_model(d1) assert str(district_admin_role) == f'District-{d1.id}/perms=[]' school_admin_role = Role.from_start_model(s1) assert str( school_admin_role) == f'District-{d1.id}/School-{s1.id}/perms=[]' club_admin_role = Role.from_start_model(c1) assert str( club_admin_role) == f'District-{d1.id}/School-{s1.id}/Club-{c1.id}/perms=[]'
def test_create(self, db, role_model_instances): d1, s1, c1 = role_model_instances() r1 = Role.from_start_model(c1) r1_model = RoleModel.from_role(r1) invited = InvitedUser.create("*****@*****.**", roles=[r1]) assert invited.email == "*****@*****.**" assert list(invited.roles.all()) == [r1_model]
def test_get_admins(self, role_model_instances, create_test_prof): d1, s1, c1 = role_model_instances() profiles = [create_test_prof(i) for i in range(2)] role = Role.from_start_model(s1) role.permissions.add('modify-school') for prof in profiles: role.give_role(prof) role2 = Role.from_start_model(s1) role2.permissions.add('hide-club') other_prof = create_test_prof(3) role2.give_role(other_prof) assert list(role.get_admins()) == profiles assert role.get_admins(perms=['create-club']) == None assert set(role.get_admins(perms=['__any__'])) == set( [other_prof, *profiles])
def test_user_create_from_invited(self, role_model_instances): d1, s1, c1 = role_model_instances() d2, s2, c2 = role_model_instances() r1 = Role.from_start_model(c1) r2 = Role.from_start_model(c2) r1_model = RoleModel.from_role(r1) r2_model = RoleModel.from_role(r2) invited = InvitedUser.create(email="*****@*****.**", roles=[r1, r2]) invited_roles = list(invited.roles.all()) user = Profile.create_profile(email="*****@*****.**", password="******", first="a", last="b") assert invited_roles == list(user.roles.all()) # Make sure the invited user model is deleted assert not InvitedUser.objects.filter(email="*****@*****.**").exists()
def test_get_editors(db, role_model_instances, create_test_prof, perm_const_override): d1, s1, c1 = role_model_instances() profiles = [create_test_prof(i) for i in range(3)] role = Role.from_start_model(c1) role.permissions.add('hide-club') for prof in profiles: role.give_role(prof) # Tests what happens if there are multiple RoleModel instances with the same role_name role2 = Role.from_start_model(c1) role2.permissions.add('add-admin') profiles.append(create_test_prof(4)) role2.give_role(profiles[-1]) for prof in profiles: assert prof in list(c1.editors)
def test_highest_level_str(self, perm_const_override, create_test_prof, role_model_instances): prof = create_test_prof(1) district1, school1, club1 = role_model_instances() role = Role.from_start_model(school1) role.permissions.add('create-club') role.give_role(prof) hier_perm = RoleModel.get_role(role) assert hier_perm.highest_level_str == f'School-{school1.id}/perms=[create-club]'
def test_get_admin_invited_users(self, role_model_instances): d1, s1, c1 = role_model_instances() role = Role.from_start_model(s1) role.permissions.add('modify-school') inv1 = InvitedUser.create(email="*****@*****.**", roles=[role]) inv2 = InvitedUser.create(email="*****@*****.**", roles=[role]) inv3 = InvitedUser.create(email="*****@*****.**", roles=[role]) invited = [inv1, inv2, inv3] assert list(role.get_admins(invited=True)) == invited
def test_higher_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 5 -- Higher level access same school district_admin = create_test_prof(num=1) valid_role = Role.create(district1) valid_role.give_role(district_admin) assert min_role.is_allowed(user=district_admin) is True
def test_same_access_level_diff_perms(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 3 -- Same level access but does not have right permission school_admin = create_test_prof(num=1) invalid_role = Role.create(district1, school1) invalid_role.permissions.add('hide-school') assert min_role.is_allowed(user=school_admin) is False
def test_profile_serialize_permissions(self, db, role_model_instances, perm_const_override, create_test_prof): d1, s1, c1 = role_model_instances() prof = create_test_prof(1) role = Role.from_start_model(c1) role.permissions.add('modify-club', 'add-admin') role.give_role(prof) role = Role.from_start_model(s1) role.permissions.allow_all_perms() role.give_role(prof) expected = { 'id': prof.id, 'email': prof.email, 'first_name': prof.first_name, 'last_name': prof.last_name, 'school': None, 'district': None, 'is_anon': prof.is_anon, 'permissions': [ f'Club-{c1.id}/perms=[add-admin, modify-club]', f'School-{s1.id}/perms=[__all__]', ], 'joined_clubs': [], } assert ProfileSerializer(prof).data == expected
def test_same_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 2 -- Same level access with correct permission tries to access resource school_admin = create_test_prof(num=1) valid_role = Role.create(district1, school1) valid_role.permissions.add('modify-school', 'hide-school') valid_role.give_role(school_admin) assert min_role.is_allowed(user=school_admin) is True
def test_low_access_level(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_hier, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 1 -- Lower access user tries to access higher permission level resource club_editor = create_test_prof(num=1) invalid_role = Role.create(district1, school1, club1) invalid_role.permissions.add('modify-club') invalid_role.give_role(club_editor) assert min_role.is_allowed(user=club_editor) is False
def test_same_access_level_diff_inst(self, perm_const_override, create_test_prof, role_model_instances, role_test_data): min_role, min_perms = role_test_data district1, school1, club1 = role_model_instances() start_model = school1 min_role = Role.from_start_model(start_model) min_role.permissions.add(*min_perms) # Case 4 -- Same level access but on a different school instance school_admin = create_test_prof(num=1) district2, school2, club2 = role_model_instances() invalid_role = Role.create(district2, school2) invalid_role.permissions.add('modify-school') invalid_role.give_role(school_admin) assert min_role.is_allowed(user=school_admin) is False
def test_valid_data(self, perm_const_override, create_test_prof, role_model_instances): d1, s1, c1 = role_model_instances() role = Role.from_start_model(c1) role.permissions.add('hide-club') prof = create_test_prof(1) role.give_role(prof) serializer = EditorSerializer(prof, context={'role': role}) expected_data = { 'profile': { 'id': prof.id, 'email': prof.email, 'first_name': prof.first_name, 'last_name': prof.last_name, }, 'perms': ['hide-club'] } assert serializer.data == expected_data
def setup(model, prof_num=1, perms=[]): prof, client = setup_client_auth(prof_num) role = Role.from_start_model(model) role.permissions.add(*perms) role.give_role(prof) return prof, client